Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Integrating Vulnerability Data with an Identity Services Framework

With Tenable’s Nessus, security and compliance teams can audit and inventory devices and software to identify what is malicious, abnormal or out-of-compliance. However, do you ever need to pinpoint the offending system or software to its user?

At Tenable, we’ve heard from customers who are looking for a unified framework that enables multi-vendor, cross-platform network system collaboration among IT infrastructure, network policy, identity and access management, and other IT operations.

For example, once a vulnerable system is identified, possible next steps are to:

  1. Track the offending users and inform them to fix/update the device.
  2. Initiate action to modify user behavior to avoid future security issues.
  3. Update corporate security policies to prevent future occurrences.

This is made possible by implementing an identity services framework that a) Adds user context to Nessus to get more granularity to scan data, b) Provides a consolidated view of vulnerability event, identity, and device data for prioritization of vulnerability, and c) Identifies which vulnerabilities require immediate action and provide this context to deployed devices.

Such an identity services framework can offer the following benefits:

  • Reduce time to isolate issues across multiple technologies
  • Obtain accurate results by obtaining additional context from other devices
  • Expedite response and remediation to security and compliance issues

We believe this is just one example of what is needed in the industry and are planning on integrating with a leading platform in the network policy space, Cisco Identity Services Engine (ISE), to serve these use cases.

What about you? Forward your thoughts to me at [email protected] on the following:

  • Do you have any need to pinpoint the device or software vulnerability back to its user or owner?
  • Does integrating with a product like Cisco ISE make sense for your systems?
  • What other identity services products do you use? What would you like Nessus to integrate with?

We’d love to hear from you on your thoughts, challenges and recommendations…

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io Vulnerability Management


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.