Tenable and Cisco Integration
Cisco and Tenable Network Security have partnered to offer the first integration that binds user and device context from Cisco’s Identity Services Engine (ISE) with Tenable’s Nessus vulnerability assessment results.
Cisco ISE is the security policy management platform that unifies and automates access control to enforce role-based access to enterprises. Cisco ISE offers consistent network access policy for end users whether they connect via a wired or wireless networks or VPN.
Tenable’s Nessus® Manager now integrates with the Cisco® Identity Services Engine (ISE) to deliver in-depth vulnerability, assessment along with relevant user identity and device data.
Modern IT architectures include multiple platforms that consist of network, security, and identity solutions. Each of these may be owned, operated, and managed by different teams within the organization leading to operational silos.
To perform risk assessment across these requires each team to piece together relevant device and user data with vulnerability assessment, analyze and prioritize impact, and initiate a response to mitigate the security and compliance issues. In light of this, organizations are left with key challenges in answering questions such as:
- What systems in my network are at risk or out of compliance?
- Who are the users associated with those systems? What risk do they pose?
- What are the risks that require immediate action?
Tenable’s Nessus® Manager now integrates with the Cisco® Identity Services Engine (ISE) to deliver in-depth vulnerability, assessment along with relevant user identity and device data. This integration provides security analysts with the context they need to quickly assess and prioritize the severity of vulnerabilities by answering questions such as “Who is this vulnerability associated with?” and “What level of access do they have on the network?” Administrators can then quickly initiate actions from within the Nessus management console on offending devices within the Cisco network infrastructure.The solution includes Tenable’s Nessus Manager and the Cisco ISE (with ISE Plus or Advanced Feature License) for context exchange. ISE is part of Cisco’s pxGrid unified framework that enables multi-vendor, cross-platform network system collaboration; it integrates security monitoring and detection systems, network policy platforms, identity and access management platforms, and virtually any other IT platform.
By using the Cisco ISE context, Nessus administrators enhance their traditional vulnerability assessments results with user identity and security posture information. This brings back a “single-pane-of-glass” view of the vulnerability from the Nessus management console. Nessus users can take advantage of ISE integration by investigating the event, then executing network mitigation actions and setting device/user policies directly from the Nessus management console.
The integration between Cisco ISE and Tenable Nessus offers several benefits to customers including:
- Decreases time and increases granularity of risk analysis by joining user identity and device context with vulnerability scan results
- Facilitates faster response by prioritizing critical issues based on device and user context
- Allows immediate response to vulnerable or out-of-compliance systems directly from within Nessus
- Enables Nessus to isolate systems and users that pose risk by requesting a quarantine action
- Enables fast, closed loop management of the issue or event
Nessus also offers compliance and system hardening policies (“audit” files) via the plugin feed. Users can access out-of-the-box policies for Cisco routers, switches, and firewalls as well as others including storage devices, virtualization and cloud platforms, and a wide variety of major operating system platforms (including UNIX, Linux and Windows), and much more!
Nessus uses multiple malware feeds including Cisco's ThreatGRID malware feed to identify malicous processes and botnet communications as part of vulnerabiity scanning. ThreatGRID, in conjunction with other malware feeds, helps detect known and rapidly changing malware and provides swift and early detection of malware actitivies often undetected by single AV vendor limitations.
Nessus vulnerability scan results are used by many organizations to provide endpoint context to network security products such as the Cisco Sourcefire IPS and NGFW products. This helps Cisco administrators tune signatures and policies as well as reduce false positivies by identifying whether the generated alert matches and is relevant to the target endpoint.
Nessus Vulnerability Scanner
Nessus is the industry’s most widely-deployed vulnerability, configuration, and compliance scanner. Nessus features high-speed discovery, configuration auditing, asset profiling, malware detection, sensitive data discovery, patch management integration and vulnerability analysis. With the world’s largest continuously-updated library of vulnerability and configuration checks and the support of Tenable’s expert vulnerability research team, Nessus sets the standard for speed and accuracy.
SecurityCenter Continuous View
SecurityCenter Continuous View™ is the only integrated vulnerability, threat and compliance management solution on the market that combines data from vulnerability assessments, asset information, network sniffing and activity event logs. This capability provides crucial context that no other solution can provide, improving vulnerability management, threat detection, incident response time and accelerating forensic analysis.