Tenable Security Center

October 11, 2015. Several modules which carry out the following tasks enter this system:

• Tenable Security Center – the IB central system
• LCE – log correlation engine – processing system and correlations of logs of cybersecurity from services and sensors which can be both agents of LCE and network equipment or systems of detection of the attacks (Snort, Dragon, ISS, Cisco Mars, CheckPoint)
• Tenable Security Scanner is the scanner of information security Tenable which executes scanning in profiles and signatures of cybersecurity from Security Center
• PVS is the passive scanner executing listening of traffic regarding leak of confidential information (passport numbers, credit cards, customer accounts)
• agents of LCE (the agents who are established on all operating systems – more than 10 supported systems for collecting of logs of events of cybersecurity)

A system allows to configure the notification of events of cybersecurity on specific cases and specific signs of an event, has the built-in system of tracking of problems including opening of the request for correction of vulnerability and purpose of responsible and supports a flexible role model of access to the cybersecurity system.

On everyone to subject of the analysis it can be constructed the set of reports including classification by the following signs:

• IP address watch lists
• Tenable scan results
• Passive Vulnerability Scanner discovered nodes
• Log Correlation Engine IP address queries

• Manual IP list upload
• API IP list upload
• Regular Expressions
• Classification by OS
• Classification by App
• Classification by Domain
• DNS and Name patterns
• IP addresses
• Ports
• Protocols
• Event type and name
• Asset
• User
• Date or time range
• Inbound, outbound, external events
• Plugin family
• Scan Policy
• Plugin ID
• Severity
• Active, Passive or Compliance plugins
• Matching text searches
• Days since vulnerability was observed
• Days since vulnerability was found
• Reoccurring vulnerabilities
• Re-casted severity adjustments
• Risk Accepted vulnerabilities
• Specific SecurityCenter repository

The Security Center system (further SMIB) allows to execute authorization in different environments that allows to carry out a complete inventory of IT resources of the enterprise and does not require the administrative rights as on the scanned resources and there where agents are unrolled. Authentication is provided with the following methods and protocols:

• Role based access to stored credentials
• Kerberos
• SNMP
• SSH
• SU/SUDO
• Telnet
• Windows Domain
• Web Authentication

System architecture of information security monitoring of Tenable Security Center, 2015

In addition to inventory of resources (detection of new attached devices, support more than 3000 types of devices including turning on workstations, servers, routers, switches) also assessment of security of IT systems of the enterprise both for own evaluation criteria and according to more than 10 ready certified tests from vendors is provided (IBM, Cisco, Checkpoint, Microsoft, SAP, Oracle, Sun and others).

Advantages of Tenable Security Center

• Budget optimization of the enterprise depending on quantity of resources
• Detection of potential security risks in different network segments and systems
• The system of risks assessment and the built-in system of HelpDesk allows to plan works on elimination of uzyavimost and to prioritize on execution of works
• Reports are configured in compliance with the working model of threats of the enterprise
• Single console of management of all subsystems of Security Center
• The built-in system of correlation of events on all data sources
• Extensive base of vulnerabilities from vendors and analysts of cybersecurity (more than 10 sources)
• Distributed architecture of a system of an enterprise scale (up to 250,000 IP addresses on 1 Security Center)
• Scanning of systems in the active and passive mode – a single system of correlation as results of scanning and the arriving logs of events of cybersecurity

Use of Security Center allows to automate process of monitoring and assessment of a status of information security of the enterprise using the certified signatures (more than 20,000) directly from vendors and ISO-certified 27000. This product is rather convenient in use and is issued both in hardware execution, and in an image of the virtual machine for the environment of VMware.