Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.
Today we are pleased to announce the availability of Passive Vulnerability Scanner™ (PVS) 5.0. PVS™ continuously monitors the network – detecting usage of cloud services; identifying new assets as they become active on the network; and profiling an asset’s operating system, active applications, services, network connections, and associated vulnerabilities. Its latest capabilities give you a complete view of assets and activities across your computing environments, helping you identify and prioritize weaknesses that need attention.
PVS 5.0 includes the following new capabilities.
Identifying selected TLS-encrypted application traffic
Internet application traffic is often encrypted with Transport Layer Security (TLS). Unless organizations deploy relatively expensive network devices designed to decrypt TLS, they will be blind to the applications associated with the traffic. PVS 5.0 can identify a number of applications whose traffic is TLS encrypted. This enables users to identify applications in TLS without deploying additional network devices. PVS can detect applications such as Dropbox, Pidgin, Skype, Metasploit Heartbleed Scanner, Metasploit CCS Scanner, Windows Java, Opera v9.80, Mail app iOS, Thunderbird v38.0.1 OS X, Thunderbird v17.0 OS X, Adium 1.5.10, Tor uplink, Aviator, Firefox (v26, 27, 33, 34, 37), Blackberry Messenger, and Golang.
Improved PVS user interface
PVS 5.0 puts important information at users’ fingertips and enables them to easily drill into the details. The enhanced user interface presents summary information on the default login page. From there users can quickly drill into detailed data as desired. The new UI also provides a detailed host view that includes all applications and the DNS name associated with the host. Additionally, as shown below, the new UI displays bandwidth and new connections.
Recording VLAN IDs
Enterprise networks are increasingly being segmented into Virtual Local Area Networks (VLANS) to increase performance and security. By limiting access to a single network segment, VLANs, along with corresponding user controls, reduce potential damage from insider and external threat agents/actors who could otherwise pivot to additional systems. PVS 5.0 shows VLAN tags on a host basis when displaying host details so users can see if VLAN traffic is being controlled as expected.
Processing IPv6 extension headers
PVS 5.0 processes IPv6 traffic containing extension headers to analyze the network traffic, providing visibility into that traffic.
Improved tunneling support for increased network visibility
Some IPv4 networks support IPv6 traffic by tunneling it in IPv4 traffic. PVS 5.0 alerts on the use of such tunneling (Teredo tunneling) and analyzes this traffic to identify related devices, services, applications, and vulnerabilities.
With the release of PVS 5.0, Tenable is announcing the End of Support and End of Life for PVS 4.0, effective Thursday, August 18, 2016. Additional information will be provided closer to that date.
For more information
The following PVS 5.0 materials are available: