Usinngg TTeennaabbllee PPrroodduuccttss - Tenable™ · Additional Benefits to Your Company when using the SecurityCenter to Manage the ... There are several advantages to utilizing
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Tenable Network Security, Inc. • 7063 Columbia Gateway Drive, Suite 100, Columbia, MD 21046 • 410.872.0555 • [email protected] • www.tenable.com
Return on Investment Summary............................................................................................... 3
Advantages ................................................................................................................................ 3 Automation/Increased Employee Productivity ........................................................................ 3 Stretching Your Investment Dollar ......................................................................................... 3
Network Security Business Problems ......................................................................................... 4 Managing the Vulnerability Lifecycle (Scan, Discover, Organize, Communicate
recommendations, Remediate, Re-scan to verify) ............................................................. 4 Improving Scan and Discovery Time ..................................................................................... 4 Organize, Communicate Recommendations, Remediate, Re-scan to Verify .......................... 5 Vulnerability Remediation Articulation and Tracking .............................................................. 6 Executive Reporting ............................................................................................................... 7
Additional Benefits to Your Company when using the SecurityCenter to Manage the Vulnerability Life Cycle .......................................................................................................... 8 Asset Management ................................................................................................................ 8 Vulnerability/IDS Correlation: Leveraging legacy Intrusion Detection Systems ...................... 9 Network Topology and Firewall Policy Discovery ................................................................... 9
Additional Products from Tenable for Your Company’s Future Consideration ...........................10 Passive Vulnerability Scanner ..............................................................................................10 Log Analysis with the Log Correlation Engine .......................................................................10
About Tenable Network Security .............................................................................................12
IDS Correlation (supports 8 different IDS') $ - $ -
Fully-burdened cost of DBA to administer database $ - $ -
Total Investment $ 96,000 $ 16,000
NETWORK SECURITY BUSINESS PROBLEMS
Managing the Vulnerability Lifecycle (Scan, Discover, Organize, Communicate recommendations, Remediate, Re-scan to verify) Tenable can provide your company with the ability to scan all of your organizations as often
as desired. Tenable utilizes the Nessus (http://www.nessus.org/) vulnerability scanner in a
distributed fashion to discover systems, their services and their vulnerabilities. By using a
distributed architecture, the job of scanning can be split up among several different nodes.
Improving Scan and Discovery Time For your company, this means that your entire network space could be completely scanned
for thousands of vulnerabilities each weekend. It also means that when a particular
vulnerability needs to be searched for, a list of vulnerable systems can be determined within
hours. By using one scanner technology across all of your organizations, a common list of
the top vulnerabilities can be produced. The SecurityCenter gives your organization the
ability to conduct distributed scanning. This allows you to dedicate several scanners
throughout your network so all scanning of networks can be accomplished in parallel. Below
is an example of how distributed scanning allows you to scan networks in parallel and audit
your entire IP range in far less time.
Scan Time Savings Estimates SecurityCenter - Distributed Scanning
Number of Hosts 5,000 5,000 5,000 5,000 5,000
Number of Hosts Scanned in Parallel 15 15 15 15 15
Organize, Communicate Recommendations, Remediate, Re-scan to Verify The primary network security problem within many large organizations is communication.
Tenable believes that information about the “security state” of a network asset should be
part of a three tiered model.
> The first tier is made up of the network and system administrators who have
responsibility for keeping the systems running and delivering their services.
> The second tier is the security group that is responsible for determining the
vulnerabilities present on the network, their impact to the business and to track the
progress made to mitigate vulnerabilities.
> The last tier is the management group that looks at the vulnerabilities and progress
made by each business unit.
SecurityCenter provides a web-based console where all users that need to scan can log in
and launch scans to their assets. Once the scan is complete they can also use their account
to run reports, analyze results and perform and track vulnerability remediation. Below are
estimates of how the SecurityCenter (SC) can increase the number of full network
vulnerability audits and repair cycles that can be accomplished by your company.
into more manageable business information. With slightly different report options or web
interface queries, Tenable’s products can quickly sort the information that applies to key
routers, key servers, executive computers, corporate mail servers, human resource
database servers, mainframe systems and any other types or descriptions that are needed.
Vulnerability/IDS Correlation: Leveraging legacy Intrusion Detection Systems The type of solution that Tenable recommends for your company is to distribute their
investment in intrusion detection information across all of their network administrators.
Normally, large enterprises establish a specific group within their security group to monitor
intrusion detection devices. This is because there is a perception that intrusion detection
devices require highly skilled people and that only through looking at the aggregate of all
intrusions across an enterprise can a meaningful model of intrusion activity be achieved.
Tenable believes that intrusion detection data needs to come out of the “back room” and be
shared with the system administrators. This has two effects: first, it gets more people
looking at the intrusion data and second, it dramatically decreases the incident response
time when an attack or worm occurs.
Tenable does not want to turn every administrator into an IDS expert. However, we do want
them exposed to threat information. We believe that administrators have a sense of
ownership and will respond accordingly if they feel their systems are at risk or are under
attack. With Tenable’s products, any administrator can see the raw IDS events for their
networks and hosts. They are not required to look at them, but they are available for
administrators who want to be proactive. These IDS logs are also of tremendous value when
conducting network troubleshooting.
For your company, Tenable can provide automatic notification of network administrators
when attacks occur against vulnerable systems. This is a solution uniquely provided by
Tenable. Instead of requiring an administrator to be an IDS expert, Tenable can
automatically issue an alert that says not only are one or more of their systems under
attack, but they are indeed vulnerable or susceptible to the attack. On a given day, an IDS
system at your company may see over 100,000 attacks. These may all be real attacks and
probes, but only a small percentage of these are actual system compromises or information
leaks. By correlating these events with known vulnerability states of the target systems,
“real” attacks can be identified.
Tenable’s products can not only communicate this information to administrators, but can
also send it to network management systems such as Tivoli.
Network Topology and Firewall Policy Discovery Another aspect of Tenable’s distributed vulnerability scanning is highly accurate network
maps. The maps are accurate because scanning can be completed very quickly and from
many vantage points.
Scans need to be completed for most organizations within a weekend. Anything longer and
it will only be politically acceptable to launch scans once per quarter. Although this data is
still useful, Tenable feels that up-to-date network maps are vital and that networks the size
of your company routinely have daily changes.
By scanning from many vantage points, Tenable’s products can identify all of the
interconnections between your company’s organizations and the Internet.