Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

12/13/2011
02:03 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tenable Network Security Offers Unique Integration With Top Patch Management Solutions

Nessus Vulnerability Scanner and SecurityCenter now integrate with top patch management solutions

Columbia, MD., December 6, 2011— Tenable Network Security, Inc., the leader in Unified Security Monitoring (USM), announced today its Nessus Vulnerability Scanner, the industry’s most widely deployed vulnerability assessment solution, and SecurityCenter now integrate with top patch management solutions. The new support spans Red Hat Network Satellite Server, Microsoft Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager (SCCM), and VMware Go (formerly Shavlik). The integration, unique to Tenable, bridges the gap between vulnerability management and patch management solutions – providing broader vulnerability assessments, helping eliminate the possibility of false positive reports of missing patches, and saving time and reducing costs through streamlined reporting, stronger security, and improved compliance.

“Tenable’s solutions are now capable of extracting patch status information from the industry’s most popular patch management solutions, complementing the strong active and passive scanning capabilities we already deliver,” said Ron Gula, CEO of Tenable Network Security. “It’s essential to have a strong vulnerability management and patch management strategy – especially for large enterprises – and this tight integration will help businesses get better value from both systems.”

Patch Management Integration Benefits for Nessus and SecurityCenter Users: Tight integration allows Tenable solutions to quickly and reliably retrieve patch status from market-leading patch management systems. This capability delivers:

• Automated unified patch status reports, incorporating both the results of Nessus credentialed scans and data from patch management systems – leveraging Tenable’s familiar and trusted reporting format, significantly streamlining audits. • Patch status information for hosts where appropriate system credentials are unavailable or there is limited networking capability – expanding the scope of vulnerability assessment to additional systems. • Permits special handling of backported patches in systems like Red Hat. Backported patches are code updates from current software releases applied retroactively to older, deployed software to prevent exploit. The practice can lead to inaccurate reports of vulnerabilities. • Flexible scanning policies can avoid scanning sensitive systems.. • Identification of hosts not being managed by patching systems, helping to avoid exploits from fast-spreading attacks. • Correlation with log, event, and threat and exploit intelligence – helping prioritize responses and ensuring the most critical issues are addressed first.

Nessus plugins supporting VMware and Microsoft patch management systems are available in the Nessus ProfessionalFeed immediately. Red Hat support will be distributed in the ProfessionalFeed by Friday, December 9.

Tenable Network Security’s continued success comes from its unique approach to helping enterprises and government agencies secure their networks from targeted attacks, internal misuse and compliance violations. The company’s Unified Security Monitoring platform is the only solution which provides continuous assessment and monitoring of vulnerability, patch, configuration, log, event, network and threat intelligence across virtual, cloud and mobile assets into a single database. Live dashboards, standardized reports and 3D visualization automate analysis and reporting for executive management, for auditors and security practitioners.

For more information on Tenable’s Nessus Vulnerability Scanner, the USM platform and its integration with third-party patch management solutions, please visit: www.tenable.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security Compass,  1/13/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).