Welcome to the Tenable Network Security Podcast Episode 111

Hosts

• Paul Asadoorian, Product Evangelist
• Carlos Perez, Lead Vulnerability Researcher
• Ron Gula, CEO/CTO
• Jack Daniel, Product Manager

Announcements

• Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The "Top Ten Things You Didn't Know About Nessus" videos have been posted from #10 through #3, so be certain to check them out!
• We're hiring! - Visit the Tenable website for more information about open positions.
• You can subscribe to the Tenable Network Security Podcast on iTunes!
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!

New & Notable Plugins

Passive Vulnerability Scanner

• Opera < 11.61 Multiple Vulnerabilities
• Google Chrome < 16.0.912.77 Multiple Vulnerabilities

Nessus

• OpenSSL 0.9.8s DTLS Denial of Service
• McAfee Security-as-a-Service (SaaS) mcCIOScn.dll ShowReport Method Remote Command Execution
• WebSphere MQ Client < 6.0.2.7 / 7.0.1.0 Buffer Overflow
• WebSphere MQ Server < 6.0.2.7 / 7.0.1.0 Buffer Overflow
• HP Managed Printing Administration jobDelivery Script Directory Traversal (intrusive check)
• HP Managed Printing Administration < 2.6.4 Multiple Vulnerabilities
• HP Managed Printing Administration Detection

Assessing the security of SCADA devices has always been a challenging task. SCADA devices are used in several critical infrastructure industries, including power plants, manufacturing, chemical processing, and nuclear reactors. Thus, the high availability and security of these devices are of the utmost importance. The challenge lies in assessing the security of SCADA devices without causing any adverse effects. The special purpose-built systems often operate within a limited scope and use protocols that are specific to the tasks being performed, such as Modbus, OPC, and DNP3.

In 2006, Tenable Network Security released the first Nessus® vulnerability scanner and Tenable Passive Vulnerability Scanner (PVS) SCADA plugins (you can read the original release notes for PVS in a post titled "SCADA Network Monitoring" and the original release for Nessus titled "SCADA Checks For Nessus 3"). In April 2011, a new round of SCADA plugins were released for Nessus (covering devices from Movicon, 7-Technologies, and more).

Tenable is now pleased to announce the availability of additional SCADA plugins for Nessus ProfessionalFeed, Tenable SecurityCenter, and PVS users. Tenable's research team worked alongside SCADA experts from Digital Bond to test and identify a wide variety of common SCADA devices. The plugins were announced at Digital Bond’s S4 Conference on SCADA security held on January 19, 2012. Note: Digital Bond’s Dale Peterson joined us on the Tenable Network Security podcast episode 110 and spoke about the new plugins and SCADA security.

Below is a sample of some of the new SCADA plugins:

One of the primary ways SecurityCenter allows you to visualize the overall security and compliance posture of your network is through the use of dashboards. The SecurityCenter section of Tenable’s Discussion Forums now provides index lists for all of the available Tenable-produced SecurityCenter dashboards grouped by category.

SecurityCenter dashboards are easily customizable to give snapshot information on scanning, vulnerabilities, and events. Tenable provides dozens of dashboard templates in the SecurityCenter Dashboards section of the Tenable Blog. Categories such as “PCI, CIS, & SANS CAG”, “Advanced Persistent Threats & Malicious Software”, and “Vulnerability Tracking, Trending, & Scoring” are split out so SecurityCenter customers can easily find sample dashboards related to each topic. In addition, each post includes a link to a Tenable-produced dashboard XML file that can be imported into SecurityCenter.

  Sample SecurityCenter Dashboard for Intrusion Detection Trend and Correlation

Anyone can create a Discussion Forums account by clicking on the “Register” link on the main page and filling in the requested information. Once you have an account, log into the Discussion Forums and perform a search for “SecurityCenter Dashboards” to find dashboards of interest, find additional information related to SecurityCenter dashboards, or to start your own discussion with other SecurityCenter customers.

We are so excited to announce that we were named the fastest-growing enterprise network security provider by Deloitte in their Technology Fast 500! We ranked 261st on Deloitte’s list with a 4-year sales growth of 337 percent and were in the top 10 among local software providers.

This is our second consecutive top-ranking; in August, Tenable was named the fastest-growing private company in enterprise security software by Inc. Magazine. 

Our continued success comes from our unique approach to helping enterprises and government agencies secure their networks from targeted attacks, internal misuse and compliance violations. Tenable's award-winning technology is the only solution which provides continuous assessment and monitoring of vulnerability, patch, configuration, log, event, network and threat intelligence across virtual, cloud and mobile assets into a single database. 

The Deloitte Technology Fast 500 provides a ranking of the fastest growing technology, media, telecommunications, life sciences and clean technology companies in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2006 to 2010.

If you would like to learn more about this exciting announcement, you can read our press release or visit Deloitte's Fast 500 website.

We are pleased to announce that Tenable has been ranked in the Inc 500/5000 for the second year in a row. In the 2011 rankings, we were ranked the fastest-growing private company in the enterprise security software market. We ranked 934^th overall, and 17^th among all security companies.

As a company, we’re changing the way that enterprises think about information security solutions by helping them move from ‘point-in-time’ security to ‘continuous’ security and compliance monitoring.  There’s no such thing as ‘good enough security,’ which is why we’re consistently developing new resources and innovative solutions to help our clients stay ahead of emerging threats.  This approach has been the cornerstone of our success.

See more about our Unified Security Monitoring platform at http://www.tenable.com/solutions

See more about the Inc. 5000 on their website: http://www.inc.com/inc5000/welcome 

  
Tenable Network Security is proud to announce the immediate availability of SecurityCenter 4.2. SecurityCenter is used to centralize and report on system and event data such as vulnerabilities, logs, NetFlow, configurations and more. 

Tenable is pleased to announce the availability of the Nessus On Demand training.

Below is a short "FAQ":

• What is On Demand training and how does it work? - The On Demand training represents training content, slides and audio that you can take anytime you like. Marcus Ranum (and the Tenable training team) has narrated nearly 20 hours of training material and lab exercises. This also includes full access to the online labs associated with the Nessus course.
• What products are currently being offered via On Demand? - Currently the "Nessus Vulnerability & Compliance Auditing" course is available On Demand and covers all aspects of using Nessus, including network vulnerability scans, authenticated patch auditing, configuration auditing and introducing the Nessus API and NASL scripting.

Have you ever wanted to run an external Nessus vulnerability audit of your DMZ but didn’t have access to a Nessus scanner located on the outside of your network? Tenable Network Security now offers the Nessus Perimeter Service, offering unrestricted and unlimited vulnerability scans through annual and thirty day subscriptions. 

Scan any number of Internet facing sites you are authorized to scan from your desktop computer, mobile laptop, iPhone, customer network or wherever is convenient, as often as you want, all for a flat fee. And best of all – if you are a Nessus user, you already know how to use our service. Subscribers of the Nessus Perimeter Service are logged into the Nessus scanners hosted in Tenable’s secure datacenter. 

The Nessus Perimeter Service supports all of the major features of Nessus including:

• Rapid and Accurate Discovery of Systems and Vulnerabilities
• Vulnerability Scan Scheduling
• Support for the Nessus iPhone App
• Preparing for PCI-DSS Vulnerability Audits
• In-depth Web Application Scanning
• Highlighting vulnerabilities which have public exploits
• Patch and Configuration Auditing for web servers and many other devices
• Executive, Detailed and Differential reports
• Sharing results with Tenable’s SecurityCenter and 3^rd party SIEM and GRC solutions 

Pricing for the annual and thirty day subscriptions to the Nessus Perimeter Service set a new benchmark for value in the managed scanning industry:

1 Year Nessus Perimeter Service Subscription Unlimited Scans $3600

30 Day Nessus Perimeter Service Subscription Unlimited Scans $995

Both services can be purchased on Tenable’s Online store. 

The service includes access for one user account to perform scans and analyze results. Access to Tenable’s ticketing system for world-wide Nessus support is also available 24x7. The Nessus Perimeter Service also makes use of the very latest Nessus plugins developed by Tenable’s world renowned Research team. 

To learn more about this offering, please contact our sales staff, read the Nessus Perimeter Service FAQ or watch this introductory video. If you would like to run Nessus on your own hardware, commercial organizations should consider the Nessus ProfessionalFeed. If you are a large organization and are considering SIEM or GRC solutions, you should also consider the Tenable SecurityCenter. 

Tenable Network Security was ranked 251st on the Deloitte 2010 Technology Fast 500™ program (15th in Greater Washington DC area). This program ranks the fastest growing companies in technology, media, telecommunications, life sciences and clean technology in North America. Rankings are based on the percentage of fiscal year revenue growth during the past five years. Tenable’s revenue grew 363% during this period.

This is the second year in a row that Tenable Network Security has been named on this list!

I'm excited to announce Tenable's new eCommerce site. This site supports:

• Nessus ProfessionalFeed purchases of 1, 2 and 3 years
• Renewals of ProfessionalFeed subscriptions of 1, 2 or 3 years
• Initiating the renewal process directly from the Tenable Support Portal

The renewal link is available for ProfessionalFeeds within 90 days of expiration and up to a year afterwards.

Tenable Network Security is very pleased to announce the release of SecurityCenter 4. This major new release of our security management tool provides much greater efficiency in managing security, compliance and situational awareness for enterprise network monitoring. The process and data from vulnerability scanning, log analysis, event management, configuration auditing and much more can be managed, fused and analyzed from one central console. This is the core principal of Tenable’s Unified Security Monitoring strategy.

Tenable's web site has been updated with much more detailed information about SecurityCenter 4 and how it manages the Nessus vulnerability scanner, the Log Correlation Engine and the Passive Vulnerability scanner. We’ve also updated our solutions content that features the new capabilities of SecurityCenter 4 to enable tasks such as database activity monitoring, forensics, user tracking and anomaly detection. 

More information about the SecurityCenter is provided in the following demonstration videos and images and can also be obtained by contacting us at sales@tenablesecurity.com. 

SecurityCenter Screenshots

SecurityCenter Introduction Video

Tenable Network Security is currently seeking talented individuals to fill several roles within the company. Tenable Network Security is a privately held company founded in 2002 by security product innovators Ron Gula, Renaud Deraison and Jack Huffard. Together with Tenable CSO Marcus Ranum, they have developed a Unified Security Monitoring approach based on the award-winning Nessus scanner engine leveraged with several other enterprise vulnerability and log management products such as SecurityCenter, the Log Correlation Engine (LCE) and the Passive Vulnerability Scanner (PVS). In 2009, Tenable was named one of Deloitte’s 500 fastest growing technology companies. This blog provides a brief description of four technical positions that are open here at Tenable:

Vulnerability Research Engineer

This position is ideal for those who like to research and test software vulnerabilities. The results of your research will present themselves as Nessus and PVS plugins, which are small scripts that are able to detect vulnerabilities. In this role, you will accurately test for vulnerabilities by manually configuring vulnerable targets in a virtual environment, analyzing the system or application to reliably understand how the vulnerability is exploited and then developing a method to test for the vulnerability with credentialed or uncredentialed access. We are looking for people with strong programming skills (knowledge of a scripting language, regular expressions, functions and source code analysis), familiarity with system configurations in operating systems, applications or network devices and in-depth knowledge of TCP/IP protocols, Linux/Unix internals and Windows internals.

Tenable Network Security is seeking to fill a variety of technical and sales positions. These positions primarily reside in our Columbia, Maryland office. If you or someone you know would be a good fit for any of the positions I've outlined below, please have them contact us by emailing jobs@tenablesecurity.com.

• Customer Support Engineer
  Job Description: Help Tenable's customers install, configure and troubleshoot our scanning, configuration auditing, log analysis and network monitoring solutions.
  Requirements: The right candidate should have some help-desk experience, very good knowledge of Nessus and a firm understanding of networking and operating system functions. The ideal candidate will have on-the-job-experience with multiple Tenable products.
• Enterprise Security Technical Writer
  Job Description: Primary author for the Security Center documentation, knowledge base articles, quick start guides, and product release notes. This person would regularly interact with Tenable's Training, Customer Support, Sales and Development teams and would also regularly contribute to blog entries, official Tenable white papers and product webinars.
  Requirements: Must be an excellent technical writer and have 2-4 years experience working with configuration auditing, vulnerability scanning, network montioring or log analysis tools.
• Graphics Artist
  Job Description: Help our marketing, documentation and training groups produce professional charts, images, diagrams and logos.
  Requirements: 2-4 years of graphics design for web based content, technical drawings and/or online advertising. Should be comfortable working with Adobe editing tools and Microsoft Office. Should also consider themselves artistic and creative. Any experience with Flash animation such as Adobe Captivate or Camtasia Studio is also a desired, but not required.
• IT Engineer
  Job Description: Work in Tenable's IT group which supports our internal and remote workforce, a variety of custom internal applications, VMware Lab Manager, telecommunications and the nessus.org and Tenable web sites.
  Requirements: Minimum 4 years experience Unix (Linux or FreeBSD) administration with some Cisco router/switch management. Any experience with VMWare in the enterprise, Unix based mail administration, MySQL maintenance or DNS is also strongly desired.
• Nessus Vulnerabiltiy Researcher
  Job Description: Perform analysis of vulnerable operating systems, applications and network devices in order to write efficient NASL plugins for the Nessus Vulnerability Scanner.
  Requirements: Minimum 2-4 years in-depth experience auditing Unix and Windows commercial and open source applications with Nessus. Must have some experience writing or modifying NASL scripts in a production environment and a deep knowledge of Unix and Windows internals.
• Sales Engineer - West Coast, USA
  Job Description: Present technical demos to potential customers about Tenable's solutions. Assist customers in evaluations, bake-offs and other types of product testing.
  Requirements: Must have 3-5 years experience with enterprise vulnerability scanning, log analysis, NBAD and configuration auditing solutions. Must also be physically located in California and able to travel.
• Trainer/Instructor for Nessus and Enterprise Security Solutions
  Job Description: Assist in management and delivery of course material, online tests, electronic training content for multiple courses providing certification training for Nessus users and Tenable Enterprise products.
  Requirements: Must have a security background such as a researcher, consultant or security administrator and have a strong desire to teach. Experience with Nessus, Tenable solutions, log analysis, security management, network monitoring and information security and compliance is also desired.
• Unix/Windows C/C++ Developer
  Job Description: Assist in the development of Tenable's Passive Vulnerabiltiy Scanner and Log Correlation Engine for both the Windows and Unix platforms.
  Requirements: Minimum 4 years experience with C programming for .NET, C, and/or C++. Must be familiar with Linux and Windows internals. Any expertise working with network sniffing and log normalization/correlation is also desired. 

All positions are immediately available, require US citizenship and (with the exception of our west coast sales engineer position) will be located in our recently expanded office in Columbia, Maryland. 

Tenable Network Security is a unique place to work. We've been very successful in a market that has many competitors. We've been able to do this by hiring the right people for the right jobs.

If you would like to submit a resume, please email it to jobs@tenablesecurity.com and indicate which position you are applying for in your subject line.

If you follow the blog, you can see there is a lot going on at Tenable right now, and the training program is no exception. As Brian mentioned in a previous blog entry, our instructor-led classes on Nessus and Tenable Unified Security Monitoring solutions have recently been updated to cover the latest features included in NessusClient 3.2.1 and Security Center 3.4.2 releases.

Based on increasing demand for training during the past quarter, we have refined our course sequence to better meet the needs of enterprise customers that use Security Center, the Passive Vulnerability Scanner, and the Log Correlation Engine – and those that use Nessus to perform vulnerability scans or compliance audits of their own (or their clients’) networks.

As a result, we have split our training offerings into two tracks and moved from three courses to four.

Starting in October, two training sessions will be offered each month. The first session is three days of enterprise training that focus on Unified Security Monitoring and includes vulnerability scanning, configuration auditing, passive network monitoring and log analysis with the Security Center and other Tenable solutions. Later in the month, two days of Nessus training will be offered that cover scanning and configuration auditing using Nessus.

Which track should you choose?

If your organization only works with Nessus, you should sign up for the Nessus classes, and if you operate or make use of any Tenable enterprise products, you should take the enterprise classes.

For more information on Tenable and Nessus product training see http://www.tenablesecurity.com/training/

As a new Tenable employee, one of my first opportunities was to sit in on recently updated Nessus training classes taught by Tenable’s Training Lead, Matt Franz. Joining me in putting Matt on the hot seat was Tenable CSO Marcus Ranum. As a consultant, I have been using Nessus for almost ten years to assist in assessing clients’ networks, but had never attended formal training on the software. I sat in on the first day of class to better understand how to leverage Nessus to perform credentialed scans to audit a system against configuration standards such as CIS or PCI. Other students attended to not only learn more about Nessus, but also to learn how Nessus can specifically help assess their organization.

The first day covered a wide variety of activities involving the Nessus including installation, administration, configuration, scanning, policy generation, vulnerability analysis and reporting. Using a hands-on environment, students learned each aspect of the Nessus products by performing tests with a variety of configurations and hypothetical situations. Unlike many classes or training, the material wasn’t rigid in any way. As different ideas and questions came up, students were encouraged to discuss and experiment on the test network. In the first day alone, students chatted about the merit of CVSS scores, the philosophy of what defined a vulnerability and one-off situations on using Nessus across VPNs with SSH port forwarding. One of the nicer surprises to students was learning how to better manipulate scanner output, filter results to better match their needs and export them to a new file. Using this new-found ability, students quickly began discussing how this might better help administrators remediate vulnerabilities by severity, expertise or subnet. At some point, Matt brought in several boxes of pizza and encouraged us to chow down while we continued to learn. We ended up firing off several concurrent scans while watching a traffic monitor to see how much traffic was generated and directly answer students’ questions.

The second day delved into using Nessus for compliance audits, where students continued to learn and enhance their Nessus knowledge and skills as applied to their enterprise environments. With the ability for Nessus to assist in determining a system’s compliance with various federal guidelines, using the compliance plugins available to ProfessionalFeed customers adds additional functionality and value to an organization. This class gave additional instruction to students and demonstrated not only how to use the vulnerability scanner to ensure compliance, but also how to write custom audit profiles specific to their organizations.

Attending the Nessus training class made me realize that while the course material may be static, each class would invariably branch out and learn aspects of the scanner that were more helpful to the students’ own networks. Solid course material, combined with insightful class discussions provided a valuable learning experience.

For more information: http://www.nessus.org/training/

Tenable has launched our Unified Security Monitoring (USM) concept. There is a new white paper available which details how event monitoring, vulnerability analysis and configuration auditing can all be leveraged in one process.

I realize this is a pretty advanced concept for some organizations, especially those that are large enough that their audit, incident response and patch management groups don't regularly communicate with one and other. Having said that, Tenable has many financial, government and academic customers where log analysis, configuration auditing, vulnerability monitoring and passive network monitoring are all performed by the same team. Accomplishing these tasks with not only the the same product suite, but also with the same core team has many political, efficiency and financial advantages.

I am also very excited to announce the launch of the merged Tenable and Nessus web sites. If you have not seen the new "unified" site yet, you'll notice the new Tenable company logo, and the new website design.

Normally, we focus on the technical usage of the products at Tenable, but we have a number of open positions I'd like to make people aware of. If you are a regular BLOG reader, you might enjoy working on some of the projects we have ongoing as well as working with our customers and Nessus community. We have the following positions open:

Nessus Support Engineer
Qualified candidates should be familiar with Nessus and have a good understanding of UNIX and Windows system administration and underlying technology. Tenable customers tend to scan very large networks, scan with credentials and perform configuration audits. No two networks are alike and our support staff is exposed to many different combinations of technology and audit requirements.

Nessus Compliance Trainer
Nessus 3 Direct Feed and Security Center customers can make use of Tenable's library of audit templates to perform NIST, CIS, PCI and many other types of configuration audits. We are looking for the right individual to help deliver a training class focused on Windows and UNIX configuration auditing.

UNIX and Windows C Programmers
Tenable offers a wide variety of network monitoring, log watching, visualization and scanning tools which run on both Windows and UNIX operating systems. We are looking for several new C developers who have experience in Linux and/or Windows programing. 

Web Application Developers
Tenable is seeking web developers who have experience developing Linux/Apache based web interfaces written in PHP and AJAX. Web developers will work directly on the award winning Security Center product.

Pre-Sales Engineering
Tenable is seeking a qualified pre-sales engineer to assist our customers in the New York, Philadelphia and Boston metropolitan locations. Qualified engineers should have solid experience with vulnerability auditing, configuration auditing, log analysis or network behavioral analysis. Limited travel within the region is expected, as well as performing webinars and attending security conferences.

Interested candidates should send a resume to jobs@tenablesecurity.com. All development, training and support jobs are located at Tenable's headquarters in Columbia, Maryland.

Tenable is entering our 5th year of business and a large part of our success has been the great people at Tenable I've been lucky enough to work with. I'm very much looking forward to meeting readers who are interested in joining our team and taking on new challenges.

Tenable's Chief Security Officer, Marcus Ranum, has launched a  security podcast named the "Rear Guard". Listeners can subscribe to the podcast feed here.

Marcus has previous offered a Tenable webinar on the "Six Dumbest Ideas in Computer Security" which is available here.

Tenable would like to thank everyone who came to see us at the User's Conference. In particular we'd like to thank our guest speakers including Johny Long, Richard Bejtlich from Tao Security, Russ Rogers from Security Horizon and Brian Kee and Brent Deterding from Lurhq. Each session was well attended and we had great participation from the audience. We hope to see you next year!

Welcome to the official Tenable Network Security blog. We will be using this to communicate a variety of information including network security best practices, Nessus updates, vulnerability scanning techniques, log correlation best practices, compliance monitoring, Tenable product news and Tenable events.