Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

NNM Detections Report - Devices and Services

by Stephanie Dunn
January 3, 2017

NNM Detections Report - Devices and Services Screenshot

Most organizations have security controls in place that focus on protecting the network perimeter, but do not adequately monitor what’s going on inside the network. Unfortunately, many fail to monitor devices that are being connected to the network, and what services are being used. Attackers will exploit vulnerabilities within devices and services to infiltrate the network. Information presented within this report provides a comprehensive look at devices and services in use, and highlights whether systems or security controls need to be hardened.

One of the most important things that any organization can do is to implement a defense-in-depth strategy. This strategy involves implementing a multi-layered approach to defend each layer within the organization by monitoring all possible network endpoints. Using this strategy, organizations will be able to focus on monitoring the internal network to identify and remediate security gaps before critical systems are affected. Additional strategies, including disabling all unnecessary services and blocking unauthorized devices from connecting to the network, can help to reduce the size of the overall attack surface. For those organizations that require the use of specific services, implementing security controls that restrict permissions and access provides best practice in ensuring least privileges. 

This report presents a high-level overview of devices and services in use on the network. Nessus Network Monitor (NNM) continuously listens to the network and monitors network gateways for active devices and services. Information is filtered using several plugin families that will monitor for portable devices, client/server applications, and other services and systems in use. Analysts will be able to easily monitor for systems accessing cloud services, accessing web applications, specific browser versions, and transfer protocols such as SSH and SMTP. Using the information provided within this report, analysts will obtain a real-time view of services and systems in use, and have the actionable intelligence needed to strengthen existing security controls.

This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Discovery & Detection. The report requirements are:

  • Tenable.sc 5.4.2
  • NNM 5.2.0

Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect the organization. Passive listening collects data to continuously monitor traffic and collect information about services and network devices. With more supported technologies than other vendors, Tenable.sc Continuous View (CV) is able to analyze vulnerabilities and collected logs from a wide range of operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure devices. Tenable enables powerful, yet non-disruptive, continuous monitoring that will provide organizations with the information needed to monitor devices and services throughout the enterprise.

The following chapters are included within this report:

  • Executive Summary: The Executive Summary chapter will highlight the top changes detected from systems and services on the network. Data is filtered using several plugin families that report on devices and systems such as mobile phones, client/server applications, and databases that are in use. An overview of the top ports being used by these services are also included within this chapter. Analysts will gain a complete look at existing services and systems in use, and determine whether the service in question is authorized or should be disabled.
  • Systems and Devices: This chapter presents a summary of devices and services that have been detected on the network by NNM. NNM continuously listens to the network and monitors endpoints for active devices and services. Information is filtered using specific plugin families and keywords that will monitor for portable devices, client/server applications, and other services in use.
  • Services Summary: This chapter presents an overview of passively detected services in use on the network. Information in this chapter will highlight activity from cloud services, databases, web applications, browsers, and web servers. Knowing what services are being used within the network can assist security teams in identifying and remediating potential entry points that can be used by attackers to infiltrate the network.
  • Protocols Summary: The Protocols Summary presents an summary of detected protocols in use on the network. Elements in this chapter will highlight systems running services such as SSH, Telnet, Remote Desktop Protocol (RDP), SMTP, and more. Using this information provided within this chapter can be used by analysts to identify services that should be disabled, or tighten restrictions placed on accounts accessing these services. Knowing what services are being used on the network can assist security teams in identifying and remediating potential entry points that can be used by attackers to infiltrate the network.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

    Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

    Tenable Vulnerability Management

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    100 assets

    Choose Your Subscription Option:

    Buy Now

    Try Tenable Web App Scanning

    Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

    Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

    Buy Tenable Web App Scanning

    Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

    5 FQDNs

    $3,578

    Buy Now

    Try Tenable Lumin

    Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

    Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

    Buy Tenable Lumin

    Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

    Try Tenable Nessus Professional Free

    FREE FOR 7 DAYS

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

    NEW - Tenable Nessus Expert
    Now Available

    Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

    Fill out the form below to continue with a Nessus Pro Trial.

    Buy Tenable Nessus Professional

    Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

    Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

    Select Your License

    Buy a multi-year license and save.

    Add Support and Training

    Try Tenable Nessus Expert Free

    FREE FOR 7 DAYS

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Already have Tenable Nessus Professional?
    Upgrade to Nessus Expert free for 7 days.

    Buy Tenable Nessus Expert

    Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

    Select Your License

    Buy a multi-year license and save more.

    Add Support and Training