Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

VMware Threat Management

by Cody Dumont
January 13, 2015

VMware Threat Management Report

Managing workstation vulnerabilities is often so time intensive that infrastructure vulnerabilities may be overlooked.  Tenable’s SecurityCenter Continuous View (CV) provides the ability to track vulnerabilities and logs from VMware solutions.  This report provides a summary and detailed view of the current threats to virtual infrastructure. When analyzing threats to the virtual infrastructure, the security professional should include active, passive, and event-based detection methods.  Additionally, Nessus provides the ability to perform configuration audits by using the API in vCenter or by directly querying the hypervisors.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

  • SecurityCenter 4.8.1
  • Nessus 6.1.1
  • PVS 4.0.3
  • LCE 4.4.1

The analysis of the virtual infrastructure begins with configuring the hypervisors and vCenter to send log data to Tenable’s Log Correlation Engine (LCE) for event normalization and vulnerability analysis.  LCE currently supports over 20 normalized events.  The normalized events are grouped by event type.  The VMware normalized events are part of the application, login, detected-change, and login-failure event types.  These events detect such things as admin logins, VM movements (such as VMotion), defragmentation, and power changes.

 After log data is collected, the detection of hypervisors and virtual machines is possible by combining event-based detections with passive and active detection methods.  The event-based detections use signatures in the logs to identify the servers running hypervisor software.  Using active and passive detection, both hypervisors and virtual machines can be identified.

 Once the hypervisors are properly identified, they can be scanned and their configurations audited using Nessus.  When performing active scans of the hypervisors, SecurityCenter CV uses the API in vCenter or the ESXi API to analyze the configuration and detect vulnerabilities.  The VMSA number identifies vulnerabilities found.  VMware publishes VMware Security Advisories (VMSAs) to document remediations for security vulnerabilities identified in VMware products.

 SecurityCenter CV supports tight integration and API extensibility with virtualization systems, SIEMs, malware defenses, patch management tools, BYOD, and firewalls.  LCE has the ability to scale to meet the future demand of monitoring virtualized systems, cloud services, and the proliferation of devices. Tenable’s Passive Vulnerability Scanner (PVS) provides deep packet inspection to continuously discover and track users, applications, cloud infrastructure, trust relationships, and vulnerabilities.  When combined, all of these features provide a more complete view into threat detection and vulnerability management.

Chapters

Executive Summary - This chapter provides an executive summary view of VMware related threats.  There are serval components showing vulnerability trending, current vulnerabilities by VMSA, and events related to VMware hypervisors. 

VMware Detection Details - This chapter provides a list of hosts identified as VMware vCenter/vShere servers and a list of the virtual hosts running on each system. 

Vulnerability and Event Summary - This chapter provides bar charts and tables summarizing the vulnerabilities identified by Nessus and PVS, along with a summary of normalized events identified by LCE and reported to SecurityCenter.

Vulnerability Details - The chapter provides a detailed summary of all vulnerabilities.  

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training