Vulnerability management

The Vulnerability Management System provides analytical insight into your network that reveals individual vulnerabilities and ranks them according to their severity.

Introduction

Every piece of software has vulnerabilities that affect applications, network services, operating systems, drivers, firmware, and more.

Vulnerabilities are everywhere. Even big companies like Microsoft, Apple, Google release updates every month fixing many security vulnerabilities.

Vulnerabilities may not only be caused by software programmer error, but also by misconfiguration or insufficient hardening of servers. By hardening, we mean changing the default configuration to a state that complies with security best practice.

In short, humans are not perfect, so the software they create contains vulnerabilities.

How to navigate vulnerabilities?

The basic rule is “Update, update, update…“. But updates can cause us some wrinkles.

  • There are many updates
  • Sometimes (often) they break something
  • Updates require a service outage
  • How is this a priority?
  • Will it wait for a maintenance window?

 

In short, we would need to know what vulnerabilities exist in the software we run and what the impact is. This is where a vulnerability management system comes in.

What can vulnerabilities cause?

Vulnerabilities can be exploited by hackers. For example, they can cause the following:

  • Cause data leaks
    • loss of reputation, client defection
  • Restrict the operation of the company
    • Encrypting data with ransomware
    • extortion, ransom demands
  • Attackers can exploit the power of our servers
    • cryptocurrency mining
    • engaging in a botnet

Vulnerability management system Tenable

Description

We would like to introduce you to the solutions of Tenable, a company that once pioneered the well-known Nessus product and now has a full range of products in its portfolio.

How can we scan our environment? The Tenable.io product offers 2 types of sensors.

Nessus Scanners

  • Cloud scanners
    • EU cloud scanners, India cloud scanners, US
    • Used for external scans from the internet
  • Linked scanners
    • Local Nessus scanners running on our network (internal / external)
    • Each site / VLAN can have one or more scanners
    • We can see the tests and results in the cloud interface – cloud.tenable.com

Agents

  • Running locally on the target device – servers, stations
  • Tests and results can be seen in the cloud interface – cloud.tenable.com
Traditional Scanning – Nessus Scanner

Accesses the device under test over the network.

Scan is active – communicates with services and evaluates responses.

Benefits:

  • Tests network services on TCP/UDP ports.
  • Scans without authentication
  • Scan with authentication – SSH, RDP, HTTP and more.

Disadvantages:

  • Store credentials in the cloud, not suitable for sensitive services/servers, e.g. domain controllers, etc.
  • password change policy – need to modify in 2 places

Agend-based Scanning – Agents

Runs directly on the target device – server or station.

Passively collects information about installed software.

Advantages:

  • Low-performance.
  • Better detection of installed software versions.
    • Suitable for environments with hardening – hides service identification
  • Finds even vulnerable software that does not communicate over the network
    • Detects vulnerabilities e.g. local privilege escalation
  • Compared to Nessus scanner with authentication, does not require storing and managing credentials
  • Device can be anywhere with a dynamic IP address

Disadvantages:

  • Does not test services available over the network

Ideal solution is a combination:

Nessus scanner without authentication + Agent on the target device

Vulnerability management lifecycle

Product variants Tenable

Tenable.io – provides a cloud-based service and interface for defining, scheduling, running and evaluating tests

Tenable.sc – this is a similar interface to Tenable.io, however the product is distributed as an on-premise product for installation on your own HW

Tenable.cs – a service within Tenable.io that serves as a scanner for docker containers

Tenable.ot – vulnerability scanning solution for IOT environments

Tenable.ad – the solution offers an active directory audit with normal user rights

Nessus scanner – this is a security scanner that is part of the above scanners, but can also be purchased as standalone product

 

Product description directly on the manufacturer’s website.

Vulnerability management as a service

Don’t have time to spend on vulnerability monitoring and impact? No problem – we’ll be happy to arrange it for you:

  • Complete management of the Tenable.io environment
  • Evaluation of new vulnerabilities
    If a serious vulnerability is discovered, we will notify you immediately.
  • Regular reporting
  • We will suggest a course of action and assist in resolving vulnerabilities

Are you interested in Tenable products?

We will provide a Trial version for you

  • Standard for 30 days with the possibility of extension

Define the targets you want to scan

  • Targets available on public IP addresses from the Internet
  • Important servers in the internal network – we deploy local Nessus scanners
  • We can add targets incrementally (65 assets and above)
Contact us

If you’re interested in learning more about Tenable, please don’t hesitate to get in touch. We will be happy to help you with everything.

U Sluncové 666/12a
186 00, Praha 8
Czech Republic

IČO: 24216941 / DIČ: CZ24216941

info@integra.cz

+420 214 214 602

copyright © 2018 – 2021
Integra Czech Republic, s.r.o.
All rights reserved
Ethics and Anti-Corruption Policy