Mr Bartlett Blogs
  • Ramblings...
  • OLD_CEFKorg
    • New CEFKorg Page!
    • About Computer Equipment For Kids
    • Alliance of Awesomeness
    • How do I help?
    • The Places We've Been
    • Tutorials
    • Learning Sites
    • Conferences

Tenable Luncheon

10/22/2017

0 Comments

 
I attend a lunch and learn for Tenable yesterday in Tysons Corner.   The talk covered their TENABLE.io product mostly with small mentions of their other tools/products: Security Center and Nessus. 
Tenable.IO is there newest product.  It has a faster scanning engine and more integration capabilities (web app scanning).
Here is the high level architecture of the tool.  The product provides all of the functionality of the old nessus scanner and has added multiple things: 
  • Active Scanner - Like old Nessus product
  • Passive Scanner -  Captures network information across the wire to inventory and alert for changes in the environment (between active scans)
  • Agent - Install agent on end points for on demand/scheduled VM scans
  • API and SDK to start creating integrations with other systems in your environment
  • Third-party sources - System is building 'connectors' to allow other systems to send information into the tenable.io product.  (example they used was AWS.  You enter your creds for AWS environment it will pull and load the CloudTrial logs and provide vulnerability information off of that data) 
  • Container Security - Plugin for scanner to detect Containers running on servers/assets




Picture
How you can utilize this tool: 
  • OPS: Start utilizing scanner during on-boarding process of new devices and changes to understand your environments/assets
  • OPS/IT:   Utilize the active scanner to keep a baseline of your network/asset.  Use the passive scanner as a way to keep an eye on things in that environment 'between' active scans. 
  • DEVELOPMENT:  If you using Docker or any other Container type technology and want to add another layer of security into your Security Lifecycle. Part of the tenable.io suite allows for scanning of Docker Containers, this could be added to your CI/CD server to run scans against containers every time there is a build and add some additional security to your SDLC process. 
  • Research/Intel :  Pull output from tenable.io tool and match it with current threat details in your Threat Management Tool (i use Recorded Future to help with this piece).  If done right it will take the vulnerability information and match it against the 'threats/risks' and provide a good guide on where to start with patching and the timeline needed . 
0 Comments



Leave a Reply.

    Author

    Security Researcher with about 20 years in the Computer Security Field. Going to talk even if no one is listening..

    email: mrbartlett <at> mrbartlett.com

    View my profile on LinkedIn
    Picture

    Archives

    January 2022
    June 2021
    February 2020
    June 2019
    October 2018
    September 2018
    August 2018
    March 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    December 2015
    August 2013
    January 2013
    September 2012
    June 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011

    Categories

    All
    Activation
    Agile
    Backup
    Centos Vmware Interfaces Error
    Collaboration
    Communication
    Computer Security Scans Passwords
    Conferences
    Drones
    Emergency Response
    Exploit Kits
    Exploits
    Life
    Links
    Malware Security Dnschanger
    Organization
    Passwords
    Patches
    Phish Security Email
    Project Management
    Rfun
    Scrum
    Security
    Security Blackhole Exploit Kit Browser Phish
    Security New
    Software Development
    Team
    Windows
    Work

    RSS Feed

Powered by Create your own unique website with customizable templates.