Today I have a great opportunity to write about MaxPatrol 8. For me it is a very nostalgic experience. I worked for many year in Positive Technologies developing this product. And now I can write about it from the customer side.
MaxPatrol is still not very well known outside Russia and CIS, although this product available in English, and has even a Korean localization. So, why not to introduce this product to the readers of my blog? The other reason to write this post is a pretty common opinion, that MaxPatrol is very hard to install and use, and it is the main disadvantage of the product. In fact it is not true.
MaxPatrol is not perfect like any other product. But it’s no more complex than any other enterprise level Vulnerability Management product. It’s my considered opinion after working with a number of other vulnerability and compliance assessment products. GUI may look unfamiliar from the first look, but you can quickly get used to it.
As for the functional capabilities, in some cases it is even difficult to compete with MaxPatrol. Here are the most interesting features:
Advanced White Box assessment:
Extended OS inventory
Software license control
Password recovery (hash brute-force)
Security checks for running services
Advanced Compliance scanning capabilities
Special assessment modules:
Core telecom networks
Forensic mode – security incidents detection based on event logs analysis
The first blog post will be about MaxPatrol installation.
Tenable.io VM is obviously based on Nessus Cloud, which in its turn had features similar to Nessus Manager briefly reviewed earlier. So, today I want to concentrate only on new features.
According to the public interface screenshots and Tenable.io datasheets, it will have some new dashboards and reports, free integration with PVS and Nessus deployed on-premise, and something very new in asset management.
Tenable Network Security has announced today a new cloud platform – Tenable.io. Let’s see what it’s all about.
As you can see on this figure there will be three applications available for the platform: familiar Vulnerability Management (the new name of Nessus Cloud), new Container Security (Tenable bought FlawCheck service last October) and the long-awaited Web Application Security (not available yet).
It’s not clear yet how closely these services will be integrated with each other. But now even trial versions of Container Security and Vulnerability Management should be requested separately.
In this post I will briefly describe how Nessus .audit-based Compliance Management works, why I like it, what could be improved and why I suppose Tenable won’t do it soon. 😉
Nessus compliance checks are mainly presented in a form of special .audit scripts. This scripting language is very different from familiar NASL (Nessus Attack Scripting Language).
Basically, it is a collection of universal checks for various objects (e.g. existence of the line or parameter in the file, access permissions of the file, service status, etc.). Of course, nowadays Сompliance Management is not only about Operating System and software (mis)configuration. We have different network devices, databases, cloud services, etc. but originally it was the main case.
By combining the universal checks any requirement of low-level configuration standard (CIS, DISA, etc.) can be implemented. The similar principles are used in OVAL/SCAP content.
The great thing about Tenable SecurityCenter: when you buy it you also get hundreds of licenses for Nessus. You can google different types of SecurityCenter bundles with “SecurityCenter Continuous View – On Premise” request. “Scanners” here mean SC scanners:
You will need these scanner licenses to deploy Nessus hosts on your network, connect them to your Tenable SecurityCenter and manage scan process using SecurityCenter via graphical user interface or API. Of course, with all the restrictions on amount of IP addresses that you can scan.
At the same time, these Nessus for SecurityCenter servers are fully functional. Technically this servers are the same as Nessus Professional. Nessus for SecurityCenter has the same web interface, where you can create multiple user accounts, manage the scans in GUI and API, scan any amount of IP addresses. Scan data will be stored locally on your Nessus server and your SecurityCenter will not see it or use it in any way. This is really great. And I hope it is a feature and not a bug.
However, there are some differences. Nessus Professional downloads security plugins and makes activation using remote Tenable severs. Nessus for SecurityCenter does these things using SecurityCenter in your network.
So, when you have such a great amount of Nessus licenses you may want to install one on your own laptop. It might be really useful for debugging. For example, when you are developing your own nasl scripts, to enable them in Nessus, you will need to restart it. And you will not probably want to do it on the Nessus server where dozens of scanning jobs are running.
In this post I will try to install Nessus on Centos 7 in VirtualBox, configure port forwarding, activate and update Nessus plugins with SecurityCenter.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at firstname.lastname@example.org or contact me any other way.