Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Passive Vulnerability Scanner 3.0 Released

Tenable Network Security has released version 3.0 of the Passive Vulnerability Scanner (PVS). This version supports realtime vulnerability alerting, enables monitoring of corporate networks for data leakage and completes the re-branding from "NeVO".

A major new feature of the PVS is the ability to stream new vulnerability information in realtime to the Security Center and to the Log Correlation Engine. As the PVS finds new data about the network, it is sent in realtime in logs such as this:

Apr 20 19:58:21 pvs: 192.168.20.22:0|0.0.0.0:0|17|13|new-host-alert|00:11:95:89:d4:8a
Dec 21 10:56:04 pvs: 162.21.99.99:53|192.164.141.12:36788|17|1016|DNS server detection|||INFO
Dec 21 10:56:04 pvs: 169.31.24.219:80|0.0.0.0:0|6|0|new-open-port|INFO

The PVS realtime alerts include:

  • new vulnerability and network data with low, medium and high severity levels
  • new hosts, new open ports, new "browsed" ports, new systems that perform
    Internet browsing and new trust relationships between internal devices
  • evidence of compromised systems and serious attacks, such as against SCADA devices
  • detection of internal hosts performing port scans
  • support for detecting a variety of sensitive data in motion and at rest

Example Screen Shots

Below is a screen shot of PVS events on a large enterprise network under the Security Center:

Pvs3newvulns

Each of the "events" listed above occurred when the PVS encountered new vulnerability data that it wasn't previously aware of. The LCE normalizes the 1000s of potential PVS vulnerabilities based on their severity levels. In the above screen shot, 26 new vulnerabilities with "HIGH" severity levels have been discovered.

Although not a network IDS, the PVS does discover very useful events which can be fed into the Security Center, the Log Correlation Engine or most SIM products. Below is a screen shot of several PVS events intermixed with IDS events from an Intrusheild IPS. There are several different port scan events as well as two Windows error event detections.

Pvs3idsevents

Log Correlation Engine Support

With this release, a separate Log Correlation Engine library for PVS events has been produced, and several of the existing correlation scripts have been updated to take advantage of the new events. These include:

  • tenable_pvs.prm log normalization library for PVS events
  • botnet_with_scan.tasl correlates detected IDS Botnet events with the same host performing a port scan
  • detect_change.tasl now also processes new host and new open port events from the PVS (Note: this script can be extended to alert on new trust relationships, new Internet browsing and new client side port browsing if desired.)
  • ids_event_followed_by_change.tasl considers changes in host configurations or behavior after being attacked. Now supports detected attack events from the PVS.
  • new_host_portscanning.tasl uses PVS events which identify new hosts and port scan events to discover when a new device immediately begins port scanning.
  • portscan_spike.tasl now uses port scan and host scan logs from the PVS, along with any portscan log from supported IDS and firewall devices to look for short term spikes in scanning activity.
  • windows_crashes_and_restarts.tasl now makes use of PVS ID #4722 which sniffs Windows error messages being sent back to Microsoft. The script considers this event along with Windows OS events such as crashing applications and system restarts to look for failed worm attacks and even failed compromise attempts.
  • lce_tasl.prm is the LCE PRM library which normalizes events from the TASL scrips. This file should be updated on your LCE if any of these modified TASL scripts are implemented.

Obtaining PVS 3.0

Versions for UNIX and Windows are both currently available. Tenable recommends that both products are recommended to be managed with the Security Center. Existing NeVO 2.2 customers can upgrade to PVS 3.0 as long as their maintenance is up to date. New customers should contact Tenable's sales staff.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.