Tag Archives: PVS

Rapid7 Nexpose in 2017

Last year I tested Rapid7 Nexpose and wrote two posts about installation and use of Nexpose Community Edition and Nexpose API. I didn’t follow news of this vendor for a about year. Today I watched live demo of Nexpose latest version. It has some new interesting features, improvements and ideas, that I would like to mention.

Rapid7 Nexpose in 2017

And of course, things that sales people say to you should be always taken with some skepticism. Only concrete implementation tested in your environment matters. But they usually mention some useful ideas that can be perceived independently from the products they promote.
Continue reading

What’s actually new in Tenable.io VM application

My last post was about the structure of a new Tenable.io cloud platform. Now, let’s see what is actually new in Tenable.io Vulnerability Management application.

Tenable.io VM is obviously based on Nessus Cloud, which in its turn had features similar to Nessus Manager briefly reviewed earlier. So, today I want to concentrate only on new features.

Tenable.io VM

According to the public interface screenshots and Tenable.io datasheets, it will have some new dashboards and reports, free integration with PVS and Nessus deployed on-premise, and something very new in asset management.

Continue reading

Bye-bye Nessus Cloud, hello Tenable.io

Tenable Network Security has announced today a new cloud platform – Tenable.io. Let’s see what it’s all about.

Applications

As you can see on this figure there will be three applications available for the platform: familiar Vulnerability Management (the new name of Nessus Cloud), new Container Security (Tenable bought FlawCheck service last October) and the long-awaited Web Application Security (not available yet).

It’s not clear yet how closely these services will be integrated with each other. But now evenĀ  trial versions of Container Security and Vulnerability Management should be requested separately.

Continue reading

Vulnerability scanners: a view from the vendor and end user side

Original article was published in Information Security Magazine #2, 2016 (in Russian)

Vulnerability scanner is a computer program or hardware appliance designed to detect security problems on hosts in computer network. What kind of problems? Well, problems that may occur if some critical security updates were not installed on time or the system was not configured securely. In practice, this situation often occurs and it makes hacking the systems easy even for inexperienced attacker.

If it is all about checking, maybe it’s possible to do it manually? Yes, sure, but it requires a lot of specific expertise, accuracy and time. That’s why vulnerability scanners, which can automate network audit, have become standard tools in the arsenal of information security experts.

I worked for a long time in the development department of well-known vulnerability scanning vendor and was making a lot of competitive analysis as well. At current time, I use vulnerability scanners as an end user. So, in this article I will try to look at the main problems of this class of products from the vendor and from the end user side.

how-users-see-the-vm-vendors-how-vm-vendors-see-the-users

How vulnerability scanner detects vulnerabilities?

Detection methods are usually well known and uncomplicated: vulnerability scanner somehow detects software version installed on a host. If version is less then secure version of this software (known from the public bulletin) – vulnerability exists and the software should be updated. If not – everything is ok. As a rule, vulnerability scanners try to guess installed versions by opened ports and service banners, or scanner may just have a full remote access to the host and able to perform all necessary commands (it is the most accurate and effective way).
Continue reading