Tenable Network Security recently received a patent for monitoring network traffic and analyzing it to perform discovery of systems, applications and vulnerabilities. This is the core function of Tenable's Passive Vulnerability Scanner and also a core component of our Unified Security Monitoring strategy.
Passive network monitoring compliments network scans and credentialed system audits. It provides continuous discovery in real time. 24x7 monitoring is also a deterrent against unauthorized change. Client-side vulnerabilities can be found without the need for agents or credentialed scans, and in some cases such as enumerating multiple web sites hosted on a web server, passive monitoring does things that active scanning can't do.
Passive network monitoring also compliments any SIEM deployment, including Tenable's SecurityCenter and Log Correlation Engine. Real-time logs from the PVS that record all SQL, SMB, HTTP, DNS and other protocols are an excellent log source for alerting and forensics analysis. Real-time vulnerability data passively obtained can ensure your SIEM has the latest asset inventory and risk metrics for correlation.
Tenable has many plans in store for the Passive Vulnerability Scanner and we continuously add new detection rules to it. For example, we added rules this past month that passively identify SSL certificates that are expired. If you are interested in learning more about what passive network monitoring can do for your logging or vulnerability management program, please feel free to watch these demo videos, or contact our sales team.