With the release of Security Center 3.4.3 as well as Log Correlation Engine 3.0.1, we've updated the main Unified Security Monitoring videos at nessus.org. These videos are free to use and do not require registration. The following new videos are now available:
Unified Security Monitoring
This is a five minute introduction to the concept of performing vulnerability and configuration analysis on the same vendor solution that can perform log correlation and anomaly detection. Unifying this information into one spot allows you to spot security risks and compliance issues early and often.
PCI Enterprise Auditing
This twelve minute video discusses how unifying system and event analysis into one platform can address all 12 requirements of PCI. Demo includes enterprise PCI DSS scanning, auditing anti-virus configurations, scanning for documents which contain credit cards, finding wireless access points, tracking user access to systems with card holder data and much more.
Configuration And Vulnerabiltiy Scanning
This five minute video provides a more in-depth look at how to analyze vulnerabilties and configuration issues that have been obtained from the Nessus vulnerability scanner and Passive Vulnerability Scanner. Many aspects of the Security Center's ability to filter and sort on the security data collected are demonstrated.
Log Normalization And Search
This video shows how syslog, windows events, firewall logs, network session data and much more is aggregated and normalized by the Log Correlation Engine. Multiple examples of event analysis are performed, including searching logs of a firewall for specific patterns.
The Log Correlation Engine will perform a variety of event correlation types. This video demonstrates detection of some simple behaviors such as brute force password guessing, continuous scanning detection and statistical changes in network traffic and login events.
Change occurs on your network all the time. With this video, you can see how Nessus, the Security Center, Passive Vulnerability Scanner and the Log Correlation Engine can detect changes from scan to scan, through log analysis and through direct network monitoring. More importantly, this video shows how vulnerability data can be filtered by time so you can easily see when a vulnerability was first discovered.
A new feature of version 3.0 of the Log Correlation Engine is to dynamically associate usernames with IP addresses and tag every event with a user name. This makes sorting on firewall logs, netflow and any other type of event by user very easy. This video demonstrates how to use user login events from a popular NAC to then correlate other types of network and system activity.