Tenable Blog

Cross referencing the results of your vulnerability scans with the list of public exploits helps identify likely targets for authorized penetration testing teams. Removing these vulnerabilities significantly raises the value of a penetration test since the team will have to work much harder to find issues that aren’t found through automation. There are many subtle issues to consider when correlating available exploits with vulnerabilities. In this blog entry, we’ll highlight these issues by considering exploit correlation with attacks available from the Metasploit project, Core, and Immunity with the results of a very large Nessus scan of several thousand web servers.

With Nessus 5, the results from a single vulnerability scan can be filtered to show which hosts have ancient vulnerabilities, which hosts aren’t being managed, and also which hosts have been exploitable for long periods of time. This blog entry discusses the new Nessus 5 filters, how they can be used to track high-risk vulnerabilities, and how enterprise users of Tenable SecurityCenter can leverage these filters for dashboards and asset-based reporting.

New Features

Nessus version 5.0 introduces key features and improvements, separated into the four major phases of the vulnerability scanning process:

1. Installation and management (for enhanced usability)
2. Scan policy creation and design (for improved effectiveness)
3. Scan execution (for improved efficiency)
4. Report customization and creation (for improved communication with all parts of the organization).

We've created a video showcasing the new features in Nessus 5.0 listed above:

Below you can find a more detailed list of the new features added to Nessus 5.0:

Penetration tests are typically a point-in-time exercise to determine if a remote adversary or malicious insider can compromise systems that contain sensitive data. Most organizations do not conduct penetration tests on a daily basis. Instead they schedule them annually, quarterly, or in some cases monthly. Penetration tests procured on a consulting engagement are often limited to key systems and assets rather than the entire network of systems. This diminishes the value of the penetration test as the results quickly become outdated and may not be relevant to new systems or recent network changes. However, by correlating the availability of exploits with a continuous monitoring program to identify vulnerabilities, an organization can have a better idea of how “exploitable” they are on a real-time basis.

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Ron Gula, CEO/CTO

Announcements

• New iSeries and AS/400 plugins are being released this week!
• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The "Top Ten Things You Didn't Know About Nessus" videos have been posted from #10 through #2, so check them out!
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins