Tenable Blog

Example Network Behavior Analysis Detection (NBAD) with the Log Correlation Engine

by Ron Gula on October 10, 2006

All Log Correlation Engine licenses include the stats daemon. This daemon reads any log source, including netflow or sniffed TCP sessions, builds a baseline of normal activity and then creates alerts when there is activity which is statistically significant. This blog entry will explain in greater detail how the stats daemon accomplishes this, and discusses several example "anomaly" detections.

Tenable's Correlation Model in General

Automatic User MAC Address Tracking

by Ron Gula on October 9, 2006

The Log Correlation Engine can be used to track DHCP leases and Active Directory authentication logs to automatically learn each user's Ethernet address and then alert when this relationship changes. Tenable has released a TASL script named user_to_mac.tasl which can perform this function with a variety of DHCP sources and Active Directory "successful login" events. This script is useful for several reasons:

Proxy/Firewall Detection with PVS

by John Lampe on October 8, 2006

During the past year, the Passive Vulnerability Scanner's rules were modified to detect network proxies and firewalls. This process also involved the reduction of reporting multiple browser types for different hosts running behind a NAT device or proxy.

As an example, what happens if PVS (or any sniffer, IDS, etc.) see's the following string in a packet leaving the network?

Additional Webinars for Compliance, NBAD and SCADA Security

by Ron Gula on October 4, 2006

We've gotten requests for more webinars on a variety of topics. Below is the current schedule of webinars presented by Tenable in the month of October. These include an additional "Future of Vulnerability Management" talk, as well as sessions on the Nessus 3 compliance audit capabilities, network behavioral anomaly detection and passive SCADA network monitoring. Each session requires registration and completion of a short survey.

What are the advantages of Distributed Vulnerability Scanning?

by Ron Gula on October 3, 2006

Organizations with large networks can enhance their vulnerability scanning efforts by deploying multiple Nessus vulnerability scanners. This blog entry discusses the advantages of using multiple scanners for both Nessus users and Security Center operators.

Scanning Very Large Networks

Using Honeypots to enhance Log Analysis

by Ron Gula on September 30, 2006

If you are faced with the task of finding network probes and attacks in an endless stream of IDS, firewall, netflow and application events, then using one or more honeypots to help find low-and-slow probes, stealthy attacks and internal abusers may be for you. This blog entry will discuss several different types of honeypot types, monitoring techniques, and how this can be implemented with the Tenable Security Center and Log Correlation Engine.

Rollout: Tenable's Nessus 3.0

by Ron Gula on September 27, 2006

Nessus 3 was recently tested by Network Computing Magazine.

Testing the Effectiveness of your Patch Management System

by Ron Gula on September 27, 2006

If you've invested a lot of money into a commercial patch management system or perhaps you've grown your own, how do you know how effective it is? With Nessus's agent-less host based patch audits, it can effectively be used to understand how effective your patching solution has been. It can also be used to identify hosts which are not being patched or are under management. Lastly, we will discuss how to determine how effective your patch management system has been.

Detecting Vector Markup Language (VML) issues on Windows Systems

by Ron Gula on September 27, 2006

Yesterday, Tenable's research group released Nessus plugin #22449 which can detect Windows systems that are missing a set of patches covered in Microsoft bulletin MS06-055. This patch fixes security issues related to Outlook and Internet Explorer's use of the Vector Markup Language APIs.

Limiting the Ports Probed by Nessus Scans

by Ron Gula on September 25, 2006

A common question our support group receives from

Tenable One Exposure Management Platform

Platform categories

Platform capabilities

Cloud Exposure

Vulnerability Exposure

OT/IoT Exposure

Identity Exposure

Business needs

Industries

Compliance

Public Sector

The Tenable difference

Compare Tenable to:

Resources

Research

Tenable Assure partners

Other partner opportunities

Support

Services

Tenable Trust

About us

Media

Connect

Join us

Tenable Blog

Example Network Behavior Analysis Detection (NBAD) with the Log Correlation Engine

Automatic User MAC Address Tracking

Proxy/Firewall Detection with PVS

Additional Webinars for Compliance, NBAD and SCADA Security

What are the advantages of Distributed Vulnerability Scanning?

Using Honeypots to enhance Log Analysis

Rollout: Tenable's Nessus 3.0

Testing the Effectiveness of your Patch Management System

Detecting Vector Markup Language (VML) issues on Windows Systems

Limiting the Ports Probed by Nessus Scans

Tenable Blog

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank You

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Tenable Vulnerability Management

Tenable Vulnerability Management

Thank you

Try Tenable Web App Scanning

Buy Tenable Web App Scanning

Thank you

Request a demo of Tenable Security Center

Request a demo of Tenable OT Security

Request a demo

Request a demo of Tenable Cloud Security

See Tenable One in action

See Tenable Attack Surface Management in action

Get a demo of Tenable Enclave Security

Thank You

Try Tenable Nessus Professional free

NEW - Tenable Nessus Expert now available

Buy Tenable Nessus Professional

Try Tenable Nessus Expert free

Buy Tenable Nessus Expert

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Get a demo of Tenable Patch Management

See
Tenable One
in action

NEW - Tenable Nessus Expert
now available