System Misconfigurations Leave Your Data at Risk
Using Nessus Agents for continuous configuration visibility
While many organizations focus on their vulnerability management program to find critical vulnerabilities like the highly-publicized Shellshock, Poodle and Ghost, it’s equally important to validate system build and configuration change management processes, as these activities can also leave your systems and data at risk. A good example is last year's data breach at bond insurer MBIA, where because of a misconfigured database server, data such as admin credentials and specific account information was exposed to search engine indexes like Google.
Commonly overlooked configuration build steps, including not updating the default settings on systems, databases and applications can be dangerous. Swiss Security Firm BinaryEdge recently showed that Terabytes of data were easily available to them from scanning four commonly used enterprise systems: Redis, MongoDB, Memcache and ElasticSearch. But even if your organization is assessing systems prior to being launched into production, how do you know when a change in configuration has left you vulnerable?
Nessus configuration audits are designed to help you avoid system misconfigurations. They utilize well-known configuration benchmarks such as Center for Internet Security (CIS) or DISA STIG to assess systems, databases and applications. Tenable provides configuration audits for more than 450 technologies. In this webcast, we’ll
- Share examples of how systems become misconfigured
- Discuss configuration benchmarks supported by Nessus
- Outline how you can achieve continuous configuration visibility using Nessus configuration audits during
- both active credentialed network scans, and
- scheduled local scans using Nessus Agents.
Nessus Product Marketing Manager
Product Manager for Security Research