Security Metrics - Differentiating New Vulnerabilities from Change
February 8, 2008<p>When you perform vulnerability discovery via network scanning, passive network monitoring or patch auditing, the discovered vulnerabilities can each be classified if they were newly discovered, or if they were previously known about. If you have historical vulnerability data, such as with the <a href="http://www.nessus.org/products/sc/">Security Center</a>, you can also classify vulnerabilities that have been previously known about, but were somehow mitigated or are no longer present. In this blog entry, I will discuss a variety of ways to analyze new vulnerabilties, and to also analyze how vulnerabilities are being mitigated. </p>
Security Metrics - Counting Security and Compliance Incidents
February 7, 2008<p>Many IT security managers I speak with want to produce some sort of graph or statistical data that records the amount of security incidents occurring on the network. This data is used to not only inform management of business risk, but to also justify budget for ongoing security and compliance activities. In this blog, we will consider several high-level sources of "incident data" and discuss their relevance for tracking in the enterprise. </p>
Security Metrics - How Often Should We Scan?
February 5, 2008<p>I get this question from Nessus users and Tenable customers very often. They want to know if they are scanning too often, not often enough and they also want to know what other organizations are doing as well. In this blog entry, we will discuss the many different reasons why people perform scans and what factors can contribute to their scanning schedule.
Nessus UNIX Configuration Auditing "sudo" Support
January 31, 2008Tenable's research group recently added support to all SSH enabled UNIX configuration audits to make use of "sudo". Support is available in version 1.4.4 of the UNIX compliance checks. Some org...
NIST FDCC Implementor's Workshop Notes
January 25, 2008I attended the January 25th, NIST Federal Desktop Core Configuration Implementers Workshop this past week and wanted to share some of my thoughts and take-aways from it. Some Organization...
200th Blog Entry and 30,000th Nessus Plugin ID
January 22, 2008This blog entry marks the 200th post for this blog. I've been very pleased with the content we've created for our Nessus users and customers. The feedback I've received is that the content here is use...
Updated Windows Compliance Auditing
January 16, 2008Previously we've blogged about upcoming changes to how Nessus Direct Feed and Security Center users perform configuration audits of Windows servers and desktops. Version 2 of the Windows Compliance co...
Enhanced AIX and SuSE Auditing
January 14, 2008Tenable Network Security's research group recently introduced support for credentialed patch auditing of SuSE Enterprise 9 and 10 for both the Server and Desktop editions. Plugins which support patch ...
Detecting Web Servers with Malicious Javascript
January 9, 2008Recently, Tenable Network Security introduced Nessus plugin #29871 which looks at the content of a web site to see if it is hosting potential hostile javascript code. There have been several recent ma...
Introduction to the .nessus Scan, Policy and Report Format
January 7, 2008The Nessus Client 3.0 introduced a new format for Nessus scan policies, targets and results. This is known as the ".nessus" format. This blog entry discusses the advantages of this new file ...
Version 2 of Windows Compliance Checks Available for Testing
December 19, 2007Direct Feed and Security Center customers who use Nessus to perform configuration audits of their Windows computers can now beta test an upgrade of this technology. The upgrade provides enhanced audit...
Order from Chaos on Large Enterprise Networks
December 14, 2007I often get the chance to speak with our Security Center customers who perform active Nessus scans or monitor networks in realtime with the Passive Vulnerabiltiy Scanner (PVS). These customers general...