Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/9/2015
10:10 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tenable Network Security Extends Capabilities of Nessus Agents

Additional coverage for Mac OS X and Linux helps Tenable customers further reduce the attack surface and strengthen system visibility on portable devices and other hard-to-scan assets

COLUMBIA, Md. — June 8, 2015 –– Tenable Network Security®, Inc., the leader in continuous network monitoring, today announced extended OS support for Nessus® Agents to help IT security architects, analysts and system administrators reduce the attack surface and gain visibility into systems that are off-limits or challenging for vulnerability assessments.

Nessus Agents, now with support for Mac OS X and Red Hat/CentOS Linux, address key challenges of traditional network-based scanning, and reduce an organization’s attack surface by scanning assets that are off the network or powered-down during scheduled assessments. They close the scanning gap for laptops and other portable devices that come and go from the network, and remove the need for password updates and ongoing credential management for network assets during vulnerability assessments.

“There are plenty of ways to reduce a company’s attack surface, but with the growing mobile workforce, many organizations still have certain assets that are challenging to include in their vulnerability management program,” said Ron Gula, CEO, Tenable Network Security. “With the expanded coverage of Nessus Agents to systems running Mac and Linux, customers are better equipped to address these hard-to-reach assets, thereby reducing risk and ensuring compliance for customers.”

Once installed on servers, portable devices and other assets found in today’s complex IT environments, Nessus Agents identify vulnerabilities, policy-violating configurations and malware on the hosts where they are installed and report results back to the Nessus server.

"Traditionally, vulnerability assessment technology has relied on a simple ‘best effort’ to use network scanning to assess as many assets as possible,” said Adrian Sanabria, senior security analyst, 451 Research. “Leveraging agent technology enables Tenable to fill this gap and assess systems that don’t respond well to network scans, or are simply not present when network scans occur. An agent approach also scales better than network scans, allowing security analysts to see results much more quickly than would be possible with network-based scanning, even when leveraging multiple distributed scanners."

These rich vulnerability assessment capabilities, combined with the fact that agents are running local on hosts and only sending results across the network, helps companies like Dignity PLC, the UK’s largest provider of funeral-related services, run vulnerability assessments and maintain compliance without overtaxing system resources.

“One of the main reasons we’ve deployed Nessus Agents is to improve scan performance,” said Mandeep Baidwan, security officer, Dignity PLC. “Agents run locally on hosts, which means we can scan more assets, more frequently without adding a load on our network.”

Additional enhancement features of Nessus include:

·         The ability to perform configuration audits in the Rackspace public cloud to ensure systems, networks and accounts are correctly configured.

·         Deeper integration with MobileIron and AirWatch MDM systems. Nessus now provides more in-depth MDM data so customers can better protect mobile assets.

 

For more information on Nessus Agents, please visit the Nessus Agents product page.

 

About Tenable Network Security

Tenable Network Security provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View™, which provides the most comprehensive and integrated view of network health, and Nessus®, the global standard in detecting and assessing network data. Tenable is relied upon by many of the world’s largest corporations, not-for-profit organizations and public sector agencies, including the entire U.S. Department of Defense. For more information, please visit tenable.com.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.