Ron Gula

This blog entry describes a basic worm detection that triggers multiple types of correlation rules. All detections were done passively using the Passive Vulnerability Scanner (PVS) and by observing network session traffic using the Log Correlation Engine (LCE). The principals in this blog entry and others in our ‘Event Analysis Training’ blog series can be used with a variety of NBAD, IDS and SIM solutions.

Tenable Network Security will shortly release SecurityCenter 4. It embodies our entire Unified Security MonitoringTM strategy. SecurityCenter 4 places everything you need to know about vulnerabilities, missing patches, intrusion events, anomalies, log searches, configuration audits, file integrity auditing and much more right at your fingertips. It centralizes all system and event alerting for any type of security, IT or compliance regulations. But most of all, it makes your job as an auditor, a “risk mitigator”, a compliance monitor, a security analyst or even an IT executive, much easier. This blog post discusses the major functions of SecurityCenter 4 and provides several screen captures to illustrate them.

Recently, I had the chance to be interviewed for two different podcasts. 

Previously, we’ve blogged about the various advantages and disadvantages of using reputation based analysis of NetFlow, firewall and network sessions for event analysis. The basic concept is to use an external source of “badguy” IP addresses from commercial providers or free providers such as the SANS Internet Storm Center and see if any of your network IP addresses communicate with them.

Recently, the State Department Deputy CIO and CISO John Streufert participated in a podcast where he talked about moving past the Federal Information Security Management Act (FISMA) to a metrics based security program. Performing routine vulnerability scans is a key metric to his strategy and he referenced the State Department’s Tenable solution for accomplishing this. After this podcast, Tenable received several inbound requests for more information on very large-scale network scanning from a variety of federal and commercial organizations. This blog entry summarizes some of the political and deployment strategies our customers use to scan hundreds of thousands of hosts on an ongoing basis with multiple Nessus scanners and the Security Center.