Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Dragon Intrusion Defense System support for Nessus and the PVS

Today Tenable announced a partnership with Enterasys Networks that enables customers of both companies to operate Nessus and/or the Passive Vulnerability Scanner (PVS) directly on the Dragon sensor. Customers who have existent or planned Tenable and Enterasys security solutions should consider this deployment option. This blog entry discusses several deployment scenarios as well as interaction between Tenable and Enterasys security solutions.

Ease of Deployment and Integration

If your organization has multiple Dragon sensors in place, both Nessus and the PVS can be deployed on these devices. Typically, a Dragon IDS sensor is optimally deployed for passive network monitoring with a PVS as well as active vulnerability scanning with Nessus.

If your organization has a Tenable Security Center, Nessus scanners and Dragon sensors, but has not deployed the Passive Vulnerability Scanner, deploying them on the Dragon sensors can provide immediate benefits. Adding passive vulnerability data to your Security Center will increase the accuracy of your discovered assets and vulnerabilities. It will also increase the accuracy of the correlation between the IDS events detected by Dragon and the vulnerabilities on your network.

If you organization is engineering a network monitoring solution, deploying Dragon, Nessus and the PVS on one platform simplifies the architecture and maximizes your resources.

Tenable engineers have developed unique installation packages for Nessus and the PVS which install directly onto the Dragon IDS appliance. Enterasys customers should contact Tenable's sales staff to obtain download information for these packages.

Performance

The ideal use case is to deploy the PVS and/or Nessus on a Dragon sensor in passive mode which isn't currently reaching maximum CPU usage. If your Dragon sensor is inline in "prevention" mode, adding on Nessus and/or the PVS is not advised. Neither Nessus or the PVS were designed for inline analysis.   
Enterasys and Tenable Product Interaction

The Security Center receives IDS events from the Dragon management console. These events undergo realtime vulnerability correlation such that real attacks that are likely to succeed are immediately highlighted. The accuracy of this correlation is greatly enhanced with realtime network vulnerability monitoring by the PVS.

The Security Center can also extend the information discovered by Dragon securely to different political or business groups within your organization. This allows groups to gain access to IDS events targeting just their network or assets without the need to deploy a dedicated sensor. Each group can view their security data through a web interface, create custom reports and produce animations and visualizations in a three dimensional user interface. 

For even greater event correlation, the Tenable Log Correlation Engine (LCE) accepts IDS events from Dragon sensors and can correlate these with netflow, system logs, firewalls and many other devices. The LCE has many specific TASL correlation scripts which correlate IDS events with network change, new device behaviors, known hacker compromise techniques and worms/botnet communication patterns.

For More Information

Tenable has several webinars and white papers available online which discuss VA/IDS correlation and well as event correlation in general.

  • Correlating IDS events with Vulnerabilities Webinar
  • Good and Bad uses of Vulnerability Data for IDS Event Correlation Blog
  • Network Based Anomaly Detection Webinar
  • VA/IDS Correlation White Paper
  • Event Correlation White Paper

Please contact Tenable's sales and support groups for more information on obtaining the Nessus and PVS builds for the Dragon appliances.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training