Putting a Virus under the SIEM Microscope Webinar
January 13, 2011 When a virus infected one of my Nessus scan targets, I did what any sensible CEO of a SIEM company would do - let it run and see what types of logs and alerts it generated!Over the 30...
SSL Certificate Authority Auditing with Nessus
December 28, 2010<p>Do you know where all of your organization’s SSL certificates are and if they are providing enough protection to you and your customers? Nessus can be used to identify all SSL certificates in use, test if they are expired and with the advent of plugin # <a href="http://www.tenable.com/plugins/index.php?view=single&id=51192">51192</a>, test that they have been securely signed by a valid certificate authority. This blog entry will review Nessus’s SSL certificate auditing ability and describe how plugin #51192 can help monitor your network for untrustworthy SSL certificates.</p>
SecurityCenter 4 Receives FDCC and SCAP Validated Tool Certification
December 22, 2010Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page. Tenable Network Security is pleased to announce ...
Introducing the Nessus Perimeter Service : redefining the cost of online scanning
December 7, 2010 Have you ever wanted to run an external Nessus vulnerability audit of your DMZ but didn’t have access to a Nessus scanner located on the outside of your network? Tenable Network Security now off...
Nessus and SecurityCenter APIs and Data Internals Published
October 6, 2010Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page. Tenable has published API reference guides for t...
Unlimited Discovery Scanning with SecurityCenter and Nessus
July 16, 2010<p class="MsoNormal"></p><p class="MsoNormal">With the recent release of <a href="http://www.nessus.org/products/sc/">SecurityCenter</a> 4.0.1, Tenable has modified the IP-based licensing to include unlimited discovery scanning. This means organizations that make use of SecurityCenter can perform routine ping sweeps of their backbones and network blocks without it counting against their licensed IPs.</p>
SecurityCenter Webinar in French!
June 1, 2010Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page. I invite you to join Renaud Deraison, author of ...
SecurityCenter 4 Released - Taking Unified Security Monitoring to a higher level
April 26, 2010Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page. Tenable Network Security is very pleased to anno...
SecurityCenter 4 Introduction – Pushing the envelope for scanning and event management products
February 23, 2010<p class="MsoNormal" style="font-family: Arial; ">Tenable Network Security will shortly release SecurityCenter 4. It embodies our entire <a href="http://www.nessus.org/whitepapers/unified_security_monitoring.pdf">Unified Security Monitoring</a><sup>TM</sup> strategy. SecurityCenter 4 places everything you need to know about vulnerabilities, missing patches, intrusion events, anomalies, log searches, configuration audits, file integrity auditing and much more right at your fingertips. It centralizes all system and event alerting for any type of security, IT or compliance regulations. But most of all, it makes your job as an auditor, a “risk mitigator”, a compliance monitor, a security analyst or even an IT executive, much easier. This blog post discusses the major functions of SecurityCenter 4 and provides several screen captures to illustrate them.</p><p class="MsoNormal"></p>
See SecurityCenter 4 at RSA 2010 - Booth 956
February 22, 2010Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page. Tenable will be participating in a variety of ev...
Auditing PHP Settings to OWASP Recommendations with Nessus
March 16, 2009<p>Tenable recently released an audit policy for Linux servers running PHP which tests for hardening recommendations from the Open Web Application Security Project (<a href="http://www.owasp.org/index.php/Main_Page">OWASP</a>). OWASP maintains a set of guidelines for hardening web servers, with specific attention given to <a href="http://www.owasp.org/index.php/Configuration#PHP_Configuration">PHP</a> and Cold Fusion technologies.</p><p> </p>
What BIOS does that PCI compliant server have?
September 16, 2008<p>Tenable’s research group recently added a Nessus <a href="http://www.nessus.org/plugins/index.php?view=single&id=34096">plugin</a> that makes use of a credentialed WMI query to determine the type of BIOS that has been installed on the audited computer. Similar plugins were added to perform the same task on UNIX systems via <a href="http://www.nessus.org/plugins/index.php?view=single&id=34098">SSH</a> as well as over <a href="http://www.nessus.org/plugins/index.php?view=single&id=34097">SMB</a>. The WMI and SMB plugins reside in the <a href="http://www.nessus.org/plugins/index.php?view=all&family=Windows">Windows plugin family</a> and the SSH plugin belongs to the <a href="http://www.nessus.org/plugins/index.php?view=all&family=General">General plugin family</a>. </p><p> </p>