Tenable blog
Cybersecurity Snapshot: CISA Lists Security Features OT Products Should Have and Publishes AI Collaboration Playbook
Using Nessus Configuration Audits To Test FDCC Compliance
Tenable has recently announced FDCC audit policies for Nessus ProfessionalFeed and Security Center users. These policies help government organizations test Windows XP Pro and Vista desktops against OMB's required configuration settings. This blog entry describes how this testing can be performed wit...
Digital Bond OPC Hardening Guide
If you are using Nessus to audit a control system network, Digital Bond has recently released a set of guidelines (part 1, 2 and 3) for securing OPC servers. These guidelines include three Nessus configuration audit policies (for use with Direct Feed subscriptions) to test OPC servers running under ...
Finding Sensitive Data as a Consultant with Nessus
There are many consultants that use Nessus to scan a customer network for vulnerabilities and report a laundry list of security issues which need to be fixed. Another valuable service that can be performed by a consultant is to audit where sensitive data resides in an organization and what sort of a...
CIS Certified Windows 2003 Member Server Audits
Tenable Network Security was recently awarded Center for Internet Security (CIS) certification to perform audits of Windows 2003 Member Servers through Nessus Direct Feed and/or Security Center agent-less scans. Windows 2003 Member Servers are Windows 2003 operating systems which host applications ...
Federally Mandated Configuration Settings for XP and Vista
The Office of Management and Budget recently released new configuration guidelines for Windows XP and Vista that all Federal agencies need to adopt by February 1, 2008. The guidelines are known as the "Federal Desktop Core Configurations" (FDCC) and have been published as part of the NIST Security C...
Finding Low Frequency Events
Very often when I speak with Tenable customers about performing IDS or Event analysis, I ask them if they use the Time Distribution tool under the Security Center. This tool is used to identify any combination of low frequency events for any query or time period it works with raw IDS events under th...
Dragon Intrusion Defense System support for Nessus and the PVS
Today Tenable announced a partnership with Enterasys Networks that enables customers of both companies to operate Nessus and/or the Passive Vulnerability Scanner (PVS) directly on the Dragon sensor. Customers who have existent or planned Tenable and Enterasys security solutions should consider this ...
Creating "Gold Build" Audit Policies
Security Center users and the Direct Feed subscribers have the ability to audit the host-based configuration of their UNIX and Windows servers. Tenable has produced several audit polices based on our own research, public guidance from CERT, NSA, NIST and the Center for Internet Security. For the Win...
3D Tool Video
Tenable has made the "3D Tool" for the Security Center available. A web-based video of it can be viewed here. The video shows a three dimensional topology graph of some different networks, as well as port to IP and vulnerability to IP graphs. Videos of all of our products can be view here....