Skip to main content

 

Vulnerability Management Tool Review — Tenable.io

R. Eric Kiser

Tenable.io

Tenable.io is a widely used vulnerability management tool that offers a comprehensive view of an organization’s vulnerabilities, including both technical and non-technical vulnerabilities. It provides tools for prioritizing and remediating vulnerabilities, making it easier to manage and reduce risk. However, it is important to conduct a cost-benefit analysis before procuring any product, and to seek out honest reviews from independent sources. Personally, I use Tenable.io as one of the vulnerability management tools at my organization, along with OpenVas and Rapid7.

Benefit

Tenable.io is a user-friendly vulnerability management tool that is easy to set up, even in a large organization. The support team is available to assist during the process. In my experience, the initial set up was smooth. While Tenable.io does offer automated remediation, it was not a viable option for my organization due to concerns about the impact on existing processes. However, the tool is still useful for identifying and mitigating vulnerabilities in a timely manner, which can help reduce the risk of security breaches and data loss. It is important to incorporate Tenable.io into a comprehensive vulnerability management plan and to consider the reporting capabilities, which can be useful for demonstrating compliance with industry standards and regulations.

Tenable.io’s API can be used to collect and send data to a Security Information and Event Management (SEIM) system, which can be useful for building dashboards and reporting on the organization’s current security posture. In my experience, integrating the API with our SEIM was straightforward and allowed us to effectively parse the data. This can be especially valuable for creating a business case for a project. For example, if we have a web server that is frequently attacked by a specific exploit from multiple threat sources, we can use the data from Tenable.io to identify any internal legacy devices that may also be vulnerable to that exploit. By combining this data with information about zero-day exploits discovered in the wild and the results of our latest phishing campaign, we can build a compelling argument for upgrading systems that are past their lifecycle. This can help reduce the risk of a successful zero-day exploit leading to a foothold on our internal network.

Cost

While Tenable.io can be a valuable vulnerability management tool, it does have a high cost and there are other costs to consider. For example, it may be necessary to fine-tune detection software and firewall rules to reject Tenable scans and automation testing. Additionally, it is important to consider the impact on the Security Information and Event Management (SIEM) system, as Tenable.io generates a large volume of logs every system it touches. In our experience, we needed to filter Tenable.io out of our SIEM to prevent it from overwhelming our incident response team. While these costs can be manageable, it is important to weigh them against the benefits of using Tenable.io to determine if it is the right fit for your organization.

The tool appears to mainly scan a system and compare it to a list a list of known vulnerabilities. It does not strike me as revolutionary, and it may not be sufficient on its own as a key risk indicator. It does not scan for code issues or capture all misconfigurations, and the advanced features can sometimes cause unintended consequences such as breaking access or connectivity. Misconfigurations in systems can get lost as blue information points because they are measured by CVE scores (or the like).

We have encountered some issues with the advanced features of Tenable.io, specifically with the automated remediation function, which can sometimes break access or connectivity. It is important to test these features in a controlled environment with a recent backup to avoid any unintended consequences. However, even with careful testing, mistakes can still happen, which can be frustrating. It is crucial to fine-tune Tenable.io and implement a robust change management and backup procedure to minimize the risk of disruptions to legitimate users or systems. Similar to an intrusion protection system (IPS), Tenable.io can “fix” vulnerabilities, but it is important to carefully manage these changes to avoid negative impacts.

Conclusion

Tenable.io is a strong product that can be useful for compliance and vulnerability remediation in any organization. While I personally find it to be a useful tool, I am not convinced that it is necessarily better than using open-source tools and building a custom scanning solution. In some cases, the advanced features can be a bit messy to use and may not be the best fit for organizations who have time and resources. Organizations with the necessary skills, time, and desire to integrate a custom solution into their pipeline, building a custom scanning tool may be a worthwhile investment. Ultimately, the decision will depend on the specific needs and constraints of the organization.

Comments

Post a Comment

Popular posts from this blog

  Python Script to search for YouTube Data trends R. Eric Kiser As a subject matter expert, I wanted to gain insight into the topics that my readers and students are interested in. Given the increasing popularity of video platforms such as YouTube, I decided to use a Python script to pull data from Google Trends on a specific topic of interest, “hacking.” This script allows me to understand the current trends and popular search queries in the field, and tailor my content to align with the needs and interests of my audience. Below is the simple script that I created. I tend to do more with the project but that is for another day. import requests from pytrends.request import TrendReq # create a new instance of the pytrends class pytrend = TrendReq() # prompt for keyword keyword = input ( "Enter a keyword to search for data trends: " ) # set the parameters for the trend search kw_list = [keyword] timeframe = "today 1-m" # get the trends pytrend.build_payloa...
Post a Comment
Read more
  Cyber Incident Response Workflow Diagraming Tools R. Eric Kiser There are several diagram drawing tools available on the market today that can be explored. Two very common drawing tools, Microsoft Visio and Draw.io tend to dominate the arena. Draw.io is a free, web-based diagramming software that allows users to create a variety of diagrams, including flowcharts, mind maps, network diagrams, and more. It is web application or as a standalone desktop application for multiple operating systems. Draw.io provides a range of templates and shapes to help users create professional-looking diagrams quickly and easily. It also has a range of collaboration features, including the ability to share diagrams and work on them with others in real-time. Draw.io supports a number of file formats, including .png, .svg, .pdf, and .xml, and can be integrated with other applications through its API. Microsoft Visio is very similar to Draw.io but is the proprietary and a part of the Micr...
Post a Comment
Read more
  Vulnerability Identification Techniques R. Eric Kiser Vulnerability detection can often be automated through the use of tools such as vulnerability scanners. While these tools can be useful, it is important for organizations not to rely solely on automated techniques and to also incorporate more comprehensive methods in their vulnerability detection efforts. Failing to do so could result in the organization missing vulnerabilities that could potentially lead to data breaches. There are a number of methods that can be employed to identify vulnerabilities in target systems Penetration Tests A penetration test, also known as a pen test, is a simulated cyber attack on a computer system, network, or web application to test its defenses and identify vulnerabilities that an attacker could exploit. This is much more than just a scan as the pen tester intends to find a method of getting foothold on your internal network or sensitive data by acting as a real attacker would. T...
Post a Comment
Read more