Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Enterprise Sensitive Data Monitoring

Note: This blog entry was originally posted in April, 2007 and was updated on May 28, 2009

The SecurityCenter can be used to manage multiple Nessus scanners and Passive Vulnerability Scanners for continuous monitoring of sensitive data at rest and data in motion. This blog entry discusses various deployment scenarios that can be used to effectively perform data leakage detection.

Active and Passive Detection Methods

In March 2007, Tenable released the ability for Nessus ProfessionalFeed and SecurityCenter users to scan Windows hosts for sensitive data such as credit cards, employee information and even things like source code. This technology works as part of the regular vulnerability or configuration auditing scans.

Previously, Tenable also released policy libraries for the Passive Vulnerability Scanner (PVS) to identify servers and users transmitting sensitive data in motion. The PVS can not only identify hosted Adobe, PowerPoint, Word and Excel files as Nessus can, it can look into the traffic in email, chat and web browsing to look for specific types of data such as social security numbers and credit cards.

When managed by the SecurityCenter, the combination of active and passive data leakage monitoring is an effective method to discover where sensitive data is and when it leaves the networks.

Why Find Sensitive Data?

When sensitive data is identified through the SecurityCenter, several courses of action can be taken:

  • A list of all systems with sensitive data can be obtained by IP address, MAC address, DNS name or Windows name. This list is available as a spreadsheet or can be created as a PDF report.
  • A list of all corporate assets with sensitive data can similarly be created, allowing users to see if any systems unauthorized to hold data actually have any.
  • The SecurityCenter's ability to combine qualities of vulnerability detection with asset identification also allows it to find hosts with sensitive data that are unmanaged or have vulnerabilities.
  • If necessary, different types of sensitive data records can be classified into different asset groups. For example, all systems holding credit card data could be placed into a PCI asset list while all records holding patient health data could be placed into a HIPAA list.
  • If the SecurityCenter is able to detect a system compromise, the incident response process can immediately take into account if this was or was not a server or system with sensitive data.

All of these capabilities allow an organization to combine information about system vulnerabilities, system configurations and systems holding sensitive data to identify and manage potential compliance, security and data leakage issues.

Creating Dynamic Asset Lists based on Sensitive Content

Information about sensitive data found by Nessus or the PVS can be used to create a SecurityCenter dynamic asset list. This data can be combined with other attributes such as IP address, system usage, open ports, domain name, system asset information and so on to create unique asset lists.

If we wanted to write a dynamic asset rule for all systems that had this data on it, we'd target ID #60186 and also had the content of "[FAILED]". This second step is required because if a systems did not have any .doc files that had the word "Tenable" in it, it would also have an active ID #60186 but would have the content "[PASSED] in it.

For More Information

For information on purchasing SecurityCenter or the Passive Vulnerability Scanner, please contact [email protected] To purchase Nessus ProfessionalFeed, visit the Tenable Store.

Readers who are interested in compliance can request a copy of Tenable's "Real Time Compliance Monitoring" paper, as well as any of our application notes on PCI, or HIPAA compliance monitoring.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Tenable Vulnerability Management

Formerly Tenable.io


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin, Tenable Web App Scanning and Tenable Cloud Security.

Tenable Vulnerability Management

Formerly Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin, Tenable Web App Scanning and Tenable Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management, Tenable Lumin and Tenable Cloud Security.

Buy Tenable Web App Scanning

Formerly Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management, Tenable Web App Scanning and Tenable Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Cloud Security

Formerly Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now. To learn more about the trial process click here.

Your Tenable Cloud Security trial also includes Tenable Vulnerability Management, Tenable Lumin and Tenable Web App Scanning.

Contact a Sales Rep to Buy Tenable Cloud Security

Contact a Sales Representative to learn more about Tenable Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training