Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable SecurityCenter Continuous View Sheds Light On Shadow IT Usage

Note: Tenable SecurityCenter is now Tenable.sc. To learn more about this application and its latest capabilities, visit the Tenable.sc web page.

Tenable’s SecurityCenter Continuous View makes it easy for companies to detect the use of cloud services and identify data stored in the cloud

While the exact extent of cloud services in companies can be debated with figures from 40% penetration to close to 90% penetration, the fact is hardly arguable that cloud applications with sensitive data stored in the cloud is widely prevalent. “Shadow IT”, including Gmail, Salesforce.com, DropBox, Webex and many other cloud services are used both formally and covertly in most organizations today, introducing a serious security concern for IT and compliance professionals. These services expose corporate data via insecure mechanisms like web-mail or by allowing external parties access past perimeter defenses via tools like GotoMyPC. They also offer hackers a single, high value target that invites watering-hole type attacks, and which once compromised, provides a treasure trove of data from millions of customers.

Cloud services accessed by your users can now be detected in Tenable SecurityCenter CV via our Passive Vulnerability Scanner and logs from on-premises web proxies, firewalls and DNS servers, helping IT security analysts improve their understanding of cloud service adoption and use in their environments.

What Can I Discover?

The plugins are consolidated in the “Cloud Services” LCE plugin, and focus on detecting services that can use and store sensitive corporate data including:

  • cloud based email,
  • SaaS CRM, ERP systems
  • online notes services
  • file storage/sharing applications
Cloud Services Dashboard
Overall View of Cloud Services by Application and Device

Report Cloud Usage, Mitigate Cloud Application Risk

The cloud services and applications are also reported within the Tenable SecurityCenter CV system in the form of actionable dashboards. By running these detections, analysts can uncover crucial information about cloud service usage, including the number of devices accessing specific services (e.g. how many devices use DropBox?) and specific devices/users relying heavily on cloud services. This allows analysts to understand not only cloud usage in their environment, but also the corresponding risk associated with the devices and cloud applications.

Continuous Monitoring Must Cover Cloud Usage

Sophisticated IT departments are realizing the importance of adopting a continuous monitoring approach to security and understand the need for visibility into cloud usage by their users.

Cloud Services Are A Crucial Risk Factor

By using Tenable SecurityCenter CV, security analysts can:

  • discover the devices in their environment that are communicating with cloud applications
  • prioritize their response to cloud usage based on the risk posed (if any) by such usage, including classifying devices and analyzing any associated attack-paths
  • integrate the cloud services usage information Tenable provides with other Tenable sensors like vulnerability assessment and log collection in real-time
  • take action to prevent the use of unauthorized cloud services

In addition to the cloud services Tenable SecurityCenter CV already detects, Tenable is adding more cloud service discovery and assessments continuously as new applications move to the cloud. For more information please refer to the SecurityCenter Continuous View product page.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training