Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

NNM Detections

by Ethan Pedoeim
December 5, 2016

NNM Detections Dashboard Screen Shot

An organization collects vast amounts of log and event data on a daily basis, which must be sifted through in search of potential vulnerabilities. Given the size of the data, the passively detected vulnerability data can be difficult to manage. The NNM Detections Dashboard provides a complete look at passively detected vulnerabilities and events, which can allow an analyst to better manage and address vulnerabilities detected on the network.

With increasing mobile and transient network devices, it is important to have a system in place that continuously monitors traffic, devices, and applications across environments. Using Nessus Network Monitor (NNM) enables powerful, yet non-disruptive, continuous monitoring of a network. Through continuous monitoring and deep packet analysis of an organization’s network traffic, NNM is able to detect potentially suspicious activity within the network. This information will provide organizations with actionable data by knowing what and when hosts come online. The event data detected by NNM can be further sent to the Log Correlation Engine (LCE) to be processed. LCE obtains data from various sources, including NNM, and normalizes the events, which will provide an analyst with a better understanding of the observed activity.

The NNM Detections Dashboard presents organizations with an overview of vulnerabilities, events, and information detected by NNM in a clear and organized manner. The data presented in the dashboard represents areas of a network that are most prone to being exploited as well as indicators of suspicious network activity. The indicators are determined using various methods, such as filtering by passive plugin families, filtering by normalized events, and filtering by keywords in the plugin output text. By forming the indicators using these methods, the indicators can alert an analyst to a wide range of potential security threats.

In addition to highlighting network vulnerabilities, the indicators promote awareness and a clearer understanding of the network traffic. Through analysis of the network traffic, an analyst can more closely monitor the communication between devices for any anomalies and better identify suspicious activity. Using this information the analyst can more effectively discover and prevent potentially malicious activities within the network.

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments. The dashboard requirements are: 

  • Tenable.sc 5.4.1
  • NNM 5.1.0

Through real-time, continuous monitoring, NNM performs automatic discovery of users, infrastructure, and vulnerabilities across more technologies than any other vendor including operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure. Tenable.sc Continuous View (CV) allows hosts to play a part in their own security hygiene, reporting on changes in their state and security posture. Using a unique combination of detection, reporting, and pattern recognition, Tenable.sc CV is able to identify the biggest risks across an organization’s entire enterprise, enabling an organization to react to advanced threats, zero-day vulnerabilities, and new forms of regulatory compliance. Tenable.sc CV allows for the most comprehensive and integrated view of network health.

The following components are included in this dashboard:

  • NNM Detections - Traffic: This matrix presents indicators for network traffic detected by NNM.
  • NNM Detections - Devices/Services: This matrix displays indicators for devices and services detected by NNM.
  • NNM Detections - Events: This component lists the most commonly occurring events observed by NNM.
  • NNM Detections - Non-Standard Traffic: This matrix displays indicators for non-standard traffic detected by NNM.
  • NNM Detections - Vulnerabilities/Attacks: This matrix displays indicators for vulnerabilities and attacks detected by NNM.
  • NNM Detections - Top 50 Exploitable Vulnerabilities: This table displays the top 50 exploitable vulnerabilities detected by NNM.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training