Tenable Blog

It’s the Small Things

Embedded systems continue to be overlooked in many environments, but often can present as much risk, if not more, than other systems on your network. Every enterprise has some form of an embedded device, from printers to routers and switches, that exists on the network and exposes services that could be exploited. Some recent examples include:

Setting up the Log Correlation Engine & Splunk

Tenable has recently released a new Log Correlation Engine (LCE) client that allows you to collect log data from Splunk installations to send to LCE, Tenable’s solution for log storage, normalization and correlation. If you have instances of Splunk in your environment, it’s a simple process to configure the integration. Below is an overview of the traffic flow:

Tenable CEO, Ron Gula, Tenable CSO, Marcus Ranum and 451 Group Vice President Nick Selby will discuss the recent 451 study which concluded that log management was more valuable to organizations than correlation. The webinar will discuss the 451 research, Mr. Selby will answer questions from Mr. Gula, Mr. Ranum and the webinar attendees, and then Tenable will demonstrate how their Log Correlation Engine can meet the needs of organizations who want to perform both log management and event correlation.

Recently I gave a presentation at the “SANS Penetration Testing Summit ” titled "Zen and The Art Of An Internal Penetration Testing Program". This presentation outlines the steps required to create a successful program and perform internal penetration testing. There are several key components that must exist to create a successful program:

• Getting Management Buy-In - This is the first and most important step. Management must understand the testing strategy and be kept in the loop on the results and remediation. Business units must also be consulted to determine the impact scanning will have on their environment to establish a schedule for scanning. It does not matter what kind of testing you plan to perform, from vulnerability scans with Nessus to full-blown penetration testing, you must get the approval from management.

Over the past few months, I’ve had the chance to speak with many different federal government customers who have rolled out FDCC compliance programs. These programs feature central management and auditing of large numbers of desktop configurations. A few years ago, I heard a government administrator proclaim that “satellites would fall out of the sky” when these settings went in place, but recently, I hear federal executives speak about a reduction in volume of help-desk calls and fewer virus outbreaks. So how do you know if FDCC is working for your organization?

This blog discusses some key issues to consider when looking at FDCC or any other type of configuration auditing guidelines. I often ask potential customers, conference speakers and federal CIOs the following questions. The answers I receive often provide clues into how effective the overall FDCC program is.