Configuration Auditing
Thousands of organizations use Tenable Nessus and Tenable Security Center to audit their networks. Using Tenable, you can ensure that IT assets including operating systems, applications, databases and network devices are compliant with policy and standards. Tenable provides more than 450 audit policies for a wide range of assets and standards, including:
- Operating systems
- Databases
- Applications
- Network infrastructure
- Virtual infrastructure
- Sensitive content
- Anti-virus
Tenable's audit policies have been certified by the Center for Internet Security (CIS).
Configuration Auditing with SecurityCenter CV
Using SecurityCenter CV™, you achieve real-time monitoring of configurations from the integration of Nessus scans, real-time monitoring using Tenable's unique Passive Vulnerability Scanner® (PVS™), and the Log Correlation Engine® (LCE®). This combined solution helps you:
- Detect system change events in real time and automatically perform a configuration audit on new or changed systems
- Ensure that logging is configured correctly for Windows and Unix hosts
- Audit the configuration of a web application's operating system, application and SQL database
Configuration Auditing with Nessus
Rely on Nessus to prepare for both internal and external compliance audits. As the industry standard tool used by tens of thousands of auditors around the world, Nessus offers the most extensive library of policy checks available.
Nessus includes hundreds of pre-packaged reports. You can create customized audits to deliver relevant, accurate information in a format that meets your specific requirements.
Additionally, if you are subject to complying with the PCI Data Security Standard, you should know that Nessus can be used to baseline your cardholder data environment (CDE) and identify systems that do not adhere to the PCI DSS hardening requirements or your organization's build standards.
Operating System Auditing
Operating system audits include access control, system hardening, error reporting, security settings and more. You can test configurations against many industry and government policies.
Windows
- Windows Vista
- Windows 7
- Windows 8
- Windows 2003
- Windows 2008
- Windows 2008 R2
- Windows Server 2012
Unix
- AIX
- FreeBSD
- HPUX
- Mac OS X
- Oracle Linux
- Red Hat
- Solaris
- SUSE
IBM AS400/iSeries
- IBM AS400/iSeries
Storage Devices
- NetApp Data ONTAP
Application Auditing
Audit desktop and server applications against standards including DISA STIG, CIS and vendor recommendations.
Tenable offers policies for applications like Adobe Reader, browsers, business productivity tools and anti-virus. It also includes IT-hardening audit policies for server applications, such as Apache and IIS, as well as for architectures and frameworks such as VMware ESX/ESXi and Tomcat.
Virtualization Platforms
- VMware: ESX 3.5/4, ESXi 4.x/5.x, vCenter 4.x/5.x
- Microsoft Hyper-V
- Citrix XenServer
Webservers
- IIS 7
- IIS 6
- Apache
Server Applications/Frameworks
- BIND
- PHP
- Exchange 2007
- Red Hat JBoss 5.x
- SharePoint 2010
- Tivoli Enterprise Manager Server (BigFix)
- Tomcat
Desktop Applications
- Browsers: IE9, IE7, Firefox, Safari
- Microsoft Office: Outlook, PowerPoint, Word, Excel, Access
- Tivoli Enterprise Manager Client (BigFix)
Anti-Virus Audits
- Kaspersky
- McAfee
- Microsoft Endpoint
- Norton
- Panda
- Sophos
- Symantec
- Trend Micro
- CA
Database Auditing
Audit the configuration of databases as well as the underlying operating systems for a complete database audit. Tenable audit policies cover many best practice standards, including DISA STIG and CIS.
Tenable Nessus supports database audits for the following SQL technologies:
Database Audits
- SQl2005
- SQl2008
- MySQL
- Oracle 10
- Oracle11g
- IBM DB2
- PostgreSQL
- Informix
Standards-based Auditing
Perform configuration scans of Unix and Windows servers to test for specific policy settings. Supported configuration audit policies include, but are not limited to:
Standards-based Audits
- Anti-virus vendor audits
- CERT recommendations
- CIS best practice guides
- DISA STIGs
- GLBA guidelines
- HIPAA profiles
- NIST SCAP and FDCC content
- NSA best practice guides
- PCI DSS configuration and hardening requirements
- Recommended vendor settings
- USGCB
- MSCM
- FISMA
- OWASP
Content Auditing
Identify and monitor sensitive data at rest and in motion. Tenable solutions can create dynamic lists of all FTP servers, web servers and email servers. They can identify classes of servers such as "web servers that host PDF files" or "FTP servers that contain movies."
Tenable products can search hard drives of Windows, Unix or Linux systems for files containing specific content. Available through the Tenable Support Portal are audit policies that search for:
Content Audits
- Credit cards, Social Security numbers, and driver's license numbers
- Spreadsheets with financial, employee and health data
- Banking wire transfer detection
- Adult media
- Confidential corporate information
- Files and browser records that can indicate abuse of corporate network usage
- Software source code
- Document code words such as "SECRET," "PROPRIETARY" or "CONFIDENTIAL"
Network Infrastructure Auditing
Audit network infrastructure to ensure that configuration and administrative settings are secure and compliant with internal policies and industry standards.
Tenable supports the leading network equipment operating systems and provides broad coverage for a wide variety of equipment.
Network Infrastructure Audits
- Adtran AOS
- Brocade FabricOS
- Cisco FWSM Firewall
- Cisco Nexus OS (NX-OS)
- Cisco IOS
- Cisco IOS-XE
- Dell Force10
- Extreme ExtremeXOS
- HP ProCurve
- Huawei VRP
- FireEye
- FortiGate FortiOS
- Juniper Junos
- Juniper ScreenOS
- Check Point GAiA
- Palo Alto Networks PAN-OS
- SonicWall SonicOS
- Tenable Nessus
- Tenable Security Center