Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics //

Security Monitoring

6/9/2015
10:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tenable Extends Capabilities to Assure Security Across Complex IT Environments

Additional coverage for Mac OS X and Linux helps Tenable customers further reduce the attack surface and strengthen system visibility on portable devices and other hard-to-scan assets.

COLUMBIA, Md. — June 8, 2015 –– Tenable Network Security®, Inc., the leader in continuous network monitoring, today announced extended OS support for Nessus® Agents to help IT security architects, analysts and system administrators reduce the attack surface and gain visibility into systems that are off-limits or challenging for vulnerability assessments.

Nessus Agents, now with support for Mac OS X and Red Hat/CentOS Linux, address key challenges of traditional network-based scanning, and reduce an organization’s attack surface by scanning assets that are off the network or powered-down during scheduled assessments. They close the scanning gap for laptops and other portable devices that come and go from the network, and remove the need for password updates and ongoing credential management for network assets during vulnerability assessments.

“There are plenty of ways to reduce a company’s attack surface, but with the growing mobile workforce, many organizations still have certain assets that are challenging to include in their vulnerability management program,” said Ron Gula, CEO, Tenable Network Security. “With the expanded coverage of Nessus Agents to systems running Mac and Linux, customers are better equipped to address these hard-to-reach assets, thereby reducing risk and ensuring compliance for customers.”

Once installed on servers, portable devices and other assets found in today’s complex IT environments, Nessus Agents identify vulnerabilities, policy-violating configurations and malware on the hosts where they are installed and report results back to the Nessus server.

"Traditionally, vulnerability assessment technology has relied on a simple ‘best effort’ to use network scanning to assess as many assets as possible,” said Adrian Sanabria, senior security analyst, 451 Research. “Leveraging agent technology enables Tenable to fill this gap and assess systems that don’t respond well to network scans, or are simply not present when network scans occur. An agent approach also scales better than network scans, allowing security analysts to see results much more quickly than would be possible with network-based scanning, even when leveraging multiple distributed scanners."

These rich vulnerability assessment capabilities, combined with the fact that agents are running local on hosts and only sending results across the network, helps companies like Dignity PLC, the UK’s largest provider of funeral-related services, run vulnerability assessments and maintain compliance without overtaxing system resources.

“One of the main reasons we’ve deployed Nessus Agents is to improve scan performance,” said Mandeep Baidwan, security officer, Dignity PLC. “Agents run locally on hosts, which means we can scan more assets, more frequently without adding a load on our network.”

Additional enhancement features of Nessus include:

·         The ability to perform configuration audits in the Rackspace public cloud to ensure systems, networks and accounts are correctly configured.

·         Deeper integration with MobileIron and AirWatch MDM systems. Nessus now provides more in-depth MDM data so customers can better protect mobile assets.

For more information on Nessus Agents, please visit the Nessus Agents product page.

About Tenable Network Security

Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data. Tenable is relied upon by many of the world’s largest corporations, not-for-profit organizations and public sector agencies, including the entire U.S. Department of Defense. For more information, please visit tenable.com.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security Compass,  1/13/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).