Security technology company, Tenable Network Security, has upgraded its Tenable.io security management platform to enable security professionals to monitor a wide range of devices in operational and information technology, and containers, for vulnerabilities.
The functionality comes through an upgrade to the Tenable Nessus Network Monitor (formerly the Passive Vulnerability Scanner) and the addition of Tenable.io Container Security.
Tenable claims to be the first company to enable organisations to have complete and centralised visibility over the full range of traditional and modern assets.
Corey Bodzin, Tenable’s VP product operations, told IoTAustralia that, while the traditionally siloed worlds of operational and information technology were likely to remain so, chief security officers were increasingly expected to ensure security of both IT and OT, but lacked visibility into OT devices and technology.
“At the end of the day the CSO is in charge of information security and what we find is that the ways OT and IT are managed are not converging,” he said. “However, at a board level there is the expectation that the CSO is securing all devices. They are not making a distinction. They expect the CSO to have visibility.
“By releasing our Nessus Network Monitor and tying it in with our Tenable.io platform we give CSOs the ability to have all that information on OT and IT in the same place with a consistent view and consistent reporting capabilities. So that, as the CSO is held accountable they have the tools do it.”
Totally passive scanning
He said a key feature of the Nessus Network Monitor was that it operates entirely passively: it does interrogate monitored devices in any way, but relies on monitoring traffic to and from them, and on using its stored information on a very wide range of devices, in order to identify devices and detect abnormal behaviour.
“It is designed to be a zero touch way to identify OT and IoT devices on your network, identify any issues with them and allow you to identify and mitigate any problems without having to worry about the interactions that might come with an active scanning technology,” Bodzin said.
He said traditional technologies send packages to assess an end device, but many OT devices were not designed to be scanned and sending packets of data to them could cause problems.
“We give security professionals visibility into the security of networks that before they were forbidden from even assessing because of the possibilities of interaction,” he said.
To enable Nessus to understand a wide range of devices with purely passive monitoring, Bodzin said Tenable undertook extensive research.
“We have hundreds of researchers whose job it is to figure these things out, and we have some really strong partnerships with the manufacturers to make sure we can get their equipment into our labs and for them to teach use what normal operations look like.
“Out of the box we are able to detect thousands of different SCADA and IoT operating systems from the simplest light bulb up to a Qualcomm ethernet controller for a line printer, and we will continue to expand the range of devices we are able to detect.”
Nevertheless, he said Nessus often encountered devices that it was unable to identify. “Sometimes there is something we can grab onto. They are often using embedded Linux or Windows and we can fingerprint that, but there are thousands of devices with their own embedded OS and sometimes we find something we have never seen before, but even if we cannot identify a device, Nessus can see if it is receiving or sending a lot of traffic and we can say it might be worth investigating.”
Bodzin said Tenable’s aim was to Give CSOs the tools to see what was happening right across their environments, and would be following up its latest release by adding the ability to passively monitor web applications and ecommerce sites in about six weeks time.
