April 26, 2010
Tenable Releases SecurityCenter 4 – An Enterprise-Class Solution that Supports Vulnerability Management, Security Event and Log Management and Compliance Management in a Single Console
Tenable Network Security, Inc., the leader in Unified Security Monitoring™ and creator of the popular and award-winning Nessus® vulnerability scanner, today announced the release of SecurityCenter 4. Tenable’s SecurityCenter 4 is the enterprise-class management console for Tenable’s Unified Security Monitoring suite of products. The latest release represents a product milestone for Tenable’s strategic vision and delivers significant advances in functionality designed to enhance the efficiency and efficacy of security operations. In conjunction with the recently announced enhancements to the Nessus vulnerability scanner and Passive Vulnerability Scanner (PVS), SecurityCenter 4 provides the ability to monitor network, web and host activity in relation to vulnerabilities, missing patches, intrusion events, anomalies, log searches, configuration audits, file integrity auditing and database queries. By centralizing system and event alerting across security, IT or compliance regulation parameters, SecurityCenter 4 enables a unified operating model through a set of rich graphical dashboards and customizable real-time event feeds. The product’s underlying Log Correlation Engine (LCE) module normalization capabilities combined with the flexibility to customize data feeds exposed through a live dashboard are designed to foster productivity – whether the user is an auditor, a “risk officer”, a compliance monitor, a security analyst or even an IT executive.
Executing on Unified Security Monitoring Vision
The SecurityCenter 4 release is a major release from Tenable and incorporates a brand-new web-based interface that improves ease of use and presentation of data. The new release supports enterprise-class functionality required by large enterprises such as tiered consoles, interactive dashboards, flexible alerting and report generation.
“Tenable’s Unified Security Monitoring pitch revolves around making sense of real-time and historical data through a hybridized approach that builds on its vulnerability management legacy and deep understanding of the role of the security professional,” said Steve Coplan, senior analyst with The 451 Group’s Enterprise Security Practice. “While PCI-compliance requirements are the foot in the door, Tenable’s ‘situational awareness’ is intended to advance beyond the need to log and expose events to satisfy compliance into more proactive and informed management of security.”
Dashboards and Alerting
Any type of data managed by SecurityCenter 4 can be used for a live dashboard. This includes vulnerability trending, open port counts, events such as USB device inserts, system status with compliance regulations such as PCI or FDCC and much more. Every element and filter on the dashboard is also available as a report. In addition to the dashboards, each SecurityCenter 4 user can schedule a query for any type of event or vulnerability condition and specify if an alert should be generated if the value returned is more than, less than or equal to a certain value. Actions to be taken include sending email alerts, sending a syslog message, opening a ticket, open an in-system SecurityCenter notification message and even launching a Nessus scan.
Users of SecurityCenter 4 can quickly upload lists of known static IP addresses and categorize them as assets. These could be a list of routers, the hosts in the DMZ, a list of Class C networks that make up the network and many other scenarios. If a list of devices or networks is not known, Tenable’s SecurityCenter can be programmed to build its own list dynamically based on any of the returned data from a Nessus scan or a real-time vulnerability report from Tenable’s PVS. Dynamic asset lists can be used to create lists of IP addresses based on an operating system, open port, MAC address, service, missing patch level and much more. Finally, when analyzing any type of log or event data, the matching IP addresses can also be quickly saved as a static asset list. Asset lists can be used for access control, to target scans, for reporting, for alerting and to drive dashboards.
Compliance Reporting and Monitoring Security Metrics
SecurityCenter 4 includes pre-configured report templates for relevant compliance requirements such as PCI and FISMA. All vulnerability, compliance and log data that is collected and managed by SecurityCenter is available for reporting. SecurityCenter 4 also includes a variety of IT auditing and security reports. These reports combine a variety of unique templates that feature core functions of Tenable’s products.
With the wide breadth of data that can be managed by SecurityCenter, Tenable Network Security customers can employ a variety of different types of metrics to be tracked and reported. Following are several examples of how SecurityCenter 4 can be used to monitor metrics over time:
- Users with the most antivirus activity
- Servers that transfer large files
- Servers with the most statistical anomalies
- Systems most targeted by attackers
- Attacks that specifically target known vulnerabilities
- Changes proceeded by valid logins and changes proceeded by attacks
- Asset groups or servers that produce logs that have never been seen before
“I am very pleased to announce the release of SecurityCenter 4. This major release delivers on our vision of Unified Security Monitoring,” said Ron Gula, CEO of Tenable Network Security, “The ability to unify real-time knowledge of the network from active and passive audits of the network side by side with logs and events captured from activity on the network provides a powerful, productive and pragmatic way to identify, measure and take actions to meet compliance and security goals as required by an organization.”
Tenable’s SecurityCenter 4 upgrade is available to current Tenable SecurityCenter 3 customers by visiting https://support.tenablesecurity.com. For more information on evaluating SecurityCenter 4 in your organization, please contact [email protected].