Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mobile Device App Inventory Auditing with Nessus 6.5

In the world of mobile apps, if you are looking for malware, there are apps (yes, plural) for that. How about one that leaks sensitive content? There are apps for that, too. Pick any other mobile attack vector; chances are there is an app for that as well. Regardless of how well your Mobile Device Management (MDM) policies are set up, if mobile apps are not part of your equation, then you are missing a big piece of the problem. After all, a smartphone is only as secure as the most insecure app on it.

A smartphone is only as secure as the most insecure app on it

And with millions of mobile apps to choose from, it seems that the next big opening into your network might just be an app away. To get a sense of how bad this problem is, all you have to do is look around for mobile app reputation services. There is literally a cottage industry built around recommending whether a mobile app is good, bad or ugly.

It’s only natural for our customers to look for a solution to solve this problem. With the release of Nessus® 6.5, we are expanding our MDM auditing capabilities to audit mobile apps installed on mobile devices.

When we set out to tackle this problem, we identified four areas where Nessus could add value. First, provide a way to review which mobile apps were installed on which mobile devices. Second, provide a way to determine whether all required apps are installed. Third, provide a way to verify that only whitelisted apps are installed. And finally flag any non-approved or blacklisted apps. Nessus 6.5 meets all these requirements.

Setup

To use this feature, simply upgrade to Nessus 6.5, use the MDM Config template, and follow the wizard to set up the scan. The existing MDM .audit policies were updated to audit mobile apps to do the job for you.

Scanner templates

Installed apps

The Nessus MDM audit policies are updated in version 6.5 to report on all installed apps.

Before you can start creating a policy around mobile apps, you first need to know what kinds of apps are installed on the mobile devices. The Nessus MDM audit policies are updated in version 6.5 to report on all installed apps.

Installed apps

Required apps

As you start tightening your mobile app policy, you may want to make sure that certain apps are installed on all mobile devices managed by your organization. For example, you may have a requirement to have an anti-virus app or a VPN app installed on all devices. The updated audit policies will help you do that.

Whitelisted apps

Another variant of the required apps feature is the whitelisted apps feature. For example, your organization might decide to approve any app from Google. Therefore instead of approving each individual app, you could have a blanket approval for all apps from Google with a filter such as Google .+. Any app that is not part of the whitelisted pool of apps will be flagged.

Blacklisted apps

And finally, there are certain apps which shouldn’t be installed on mobile devices under any circumstance. This could be due to concerns around malware, privacy or even network bandwidth consumption. Any app that is part of a blacklisted pool of apps will be flagged.

Blacklisted apps

XcodeGhost affected apps

The updated audit policies will also help you look for XcodeGhost affected apps.

Sometimes the best features write themselves and the use cases for them just drop out of the sky. When we set out to implement the blacklisted apps feature in 6.5, XcodeGhost was not even on our minds, and yet when Nessus 6.5 ships, this might be the most important use case for this new feature. The updated audit policies will also help you look for XcodeGhost affected apps.

How are whitelist/blacklisted apps defined?

Now that you know it’s possible to create a blacklisted/whitelisted pool of apps in Nesssus 6.5, the next question you may have is how does one go about configuring these apps? The answer is pretty straightforward. The list is essentially a comma-separated list of apps configurable through the Nessus UI for that specific .audit.

Here’s an example:

Configuring example

Note that it also accepts and regexes version numbers, which is a very powerful way to blanket approve/disapprove apps either by app name or version number. By default, the lists are not defined (.*) and will report a PASS result.

Which MDMs are supported?

Nessus 6.4 includes MDM auditing capabilities for MobileIron and AirWatch, and Nessus 6.5 extends those capabilities to audit Mobile Apps. Nessus 6.5 also includes the ability to audit mobile apps with Apple Profile Manager.

Sample

Sample

Final thoughts

If you watch Nessus releases closely, you may have noticed that Tenable’s mobile story is steadily growing. We first released the capability to detect mobile device vulnerabilities including jailbroken devices; we then followed it up by integrating Nessus with MDM platforms such as MobileIron. And just last quarter we took our integrations to the next level by auditing the MDM policies themselves. Now we are adding the ability to audit mobile apps installed on mobile devices. We’re not done! When it comes to auditing mobile devices, we are just getting started.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security