Blog Tenable

Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design

July 23, 2024 • 3 Min Read
by Robert Huber
Blog Home / Company

Tenable’s Software Update Process Protects Customers’ Business Continuity with a Safe, Do-No-Harm Design

With the unprecedented tech outages experienced by so many of our customers over the last week, we recognize the need for deeper understanding of our software development processes and how they support global business continuity. In this blog post, we’ll outline how Tenable’s comprehensive approach to the software development lifecycle (SDLC) allows us to produce extremely high-quality software and protect our customers’ business operations with a secure, do-no-harm approach.

Tenable rigorously manages every step in the software development lifecycle (SDLC) – research, design, development, testing and release – which results in software that’s stable, tested, accurate and timely.

Specifically, Tenable makes software-design choices that prioritize flexibility and give customers control over the deployment of our software releases and updates.

For example, customers can control when or if the Nessus Agent and its plugins are updated within their environment. Additionally, the Nessus Agent operates in the kernel’s “user space,” reducing the risk of operating system faults.

Features such as these put the ultimate power in the hands of customer change-control programs and lower the risk of incidents, such as the one that caused the global IT outage last week.

Below we provide more details.

Declarative plugin version control feature

Supporting our customers' change-control management processes, Tenable provides the flexibility to choose from multiple options for how the plugin content version is applied across agent deployments. This offers customers the control to validate and test Tenable plugins before performing an enterprise deployment.

Do-no-harm Nessus Agent design

The Tenable Nessus Agent is designed so that it executes solely in the user space and limits its interaction with the endpoint's kernel to standard system calls as provided by the operating system, such as event notification callbacks.

As such, the Tenable Nessus Agent does not require any Tenable-developed components to reside inside the operating system kernel. This design is intentional in order to reduce catastrophic impacts to the endpoint's operating system. It also prevents the Tenable Agent from impacting an endpoint's ability to boot properly.

User-space applications do not have direct access to the kernel or hardware. Therefore, they cannot directly cause the types of failures that lead to a “blue screen of death” in a Windows system.

Nessus Agent software version control features

Enabling our customers' enterprise change-control procedures is at the top of Tenable's mind. With Tenable Vulnerability Management and with Nessus Manager for Security Center integrations, we provide multiple options for customers to apply software version control for their Nessus agents. These options allow customers to test and validate the Nessus Agent before performing an enterprise deployment. Depending on their business needs, customers may choose to leverage this feature.

We hope this blog post has provided you with a clear idea of how Tenable strives to design and deliver software with the highest degree of security and quality, guided by our top priority – to keep our customers safe and protect their businesses.

Please contact us if you wish to get more information about our software development processes.

Robert Huber

En tant que Chief Security Officer de Tenable, Head of Research et President of Tenable Public Sector, LLC, Robert Huber supervise les équipes de sécurité et de recherche de la société dans le monde, travaillant de manière transversale pour réduire le risque vis-à-vis de l'entreprise, de ses clients et du secteur dans son ensemble. Il bénéficie de plus de 25 ans d'expérience en cyber-sécurité dans les secteurs de la finance, de la défense, des infrastructures critiques et des technologies. Avant de rejoindre Tenable, Robert Huber officiait en tant que Chief Security and Strategy Officer chez Eastwind Networks. Il a été cofondateur et président de Critical Intelligence, un fournisseur de threat intelligence OT et de solutions, racheté en 2015 par iSIGHT Partners, leader de la threat intelligence. Il a également été membre de l'équipe CIRT de Lockheed Martin, chercheur en sécurité OT à l'Idaho National Laboratory et architecte de sécurité principal chez JP Morgan Chase. Il est membre du conseil d'administration et conseiller pour plusieurs startups de sécurité et a servi dans l'Air Force et l'Air National Guard américaine pendant plus de 22 ans. Avant de prendre sa retaite en 2021, il a fourni des capacités de cyber-sécurité à la fois défensives et offensives à la NSA (National Security Agency), le United States Cyber Command et pour d'autres missions fédérales.

Cybersecurity Snapshot: North Korea’s Cyber Spies Hunt for Nuclear Secrets, as Online Criminals Ramp Up AI Use in the EU

July 26, 2024

Check out a CISA-FBI advisory about North Korean cyber espionage on critical infrastructure orgs. Plus, what Europol found about the use of AI for cybercrime. Meanwhile, the risk concerns that healthcare leaders have about generative AI. And a poll on water plant cybersecurity. And much more!

Juan Perez

ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions

July 24, 2024

Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs to do to protect itself.

Liv Matan