Tag Archives: Tenable SecurityCenter

Tenable Nessus: registration, installation, scanning and reporting

Tenable Nessus: registration, installation, scanning and reporting. It’s a bit strange that I wrote in this blog about some relatively exotic vulnerability management solutions and not about the one I use every day. It is, of course, Nessus. The legend of vulnerability scanners. It would be fair to say that Nessus has become a synonym for vulnerability scan itself as Xerox for photocopy. First version of Nessus was developed by Renaud Deraison in 1998 as a free and open-source product. In October 2005 the license was changed to proprietary. The last version of GPL source codes became the base for the great open source vulnerability scanner – OpenVAS (btw, see my post “openvas_commander for OpenVAS installation and management”).

Nessus Vulnerability Scan Results

I am glad that Tenable still keeps Nessus mostly in UNIX-way. Nessus is a vulnerability scanner and makes one thing good – finds vulnerabilities on network hosts. If you need dashboards, advanced user management, advanced reporting capabilities, etc. use Tenable Security Center that works above the Tenable separate products: Nessus, Passive Vulnerability Scanner (PVS) and Log Correlation Engine (LCE).

nessus download page

Continue reading

Remediation capabilities of Vulnerability Management products

Remediation capabilities of Vulnerability Management products. Vulnerability scanning and vulnerability management. This terms are often used synonymously. However, most top security vendors and institutions, express an opinion, that vulnerability management is a more complex process that includes vulnerability scanning (vulnerability assessment in general), remediation and some other stages, like asset management and risk assessment.

Vulnerability Management Lifecycle

Remediation in most cases, does not mean that the vulnerability management product automatically tries to patch vulnerable system, but rather provide functionality to control remediation process. In other words, it contains a built-in task tracker, where security administrators could assign tickets (manually or automatically) on system administrators to patch or reconfigure vulnerable systems. For example, such functionality is implemented in Tenable Security Center and Qualys Cloud Suite.

NB: In most cases, but there are exceptions, as ERPScan, Secpod Saner or ConfigOS. This solutions can actually update vulnerable systems automatically.

Continue reading