Technology Spotlight: Nessus
-Hacker in a Box-
Have you ever listened to stories of prison breaks or robberies? The methods people use to get into or out of secured facilities are inventive, to say the least. Normal folks simply don’t have an eye for weaknesses in security or clever uses of available resources like professionals do. The same is true for computers – hackers can combine small bits and pieces until they have enough to breach bigger barriers, in ways that IT professionals often would never think of, and using information that IT professionals might never think to hide.
The solution might seem obvious then; just hire a hacker, right? That’s what governments, financial institutions, healthcare companies, industrial manufacturers, and MANY others do, so surely that’s the way to go…
…that is, until you realize that in order to attract those sorts of skills, you’re competing with governments, financial institutions, healthcare companies, industrial manufacturers, and MANY others. They have more to lose, have bigger pockets, and generally are a more enjoyable ‘target’. As a result, this sort of resource can be entirely beyond the reach of smaller companies. That was the case for a long time. Until a company called Tenable decided to change things.
Reconnaissance
The first thing that any sophisticated attacker will do in preparation for an engagement is reconnaissance; the act of gathering information about the target. In some cases, this phase alone is enough to affect a catastrophic breach on one of the company’s systems. Other times, bits and pieces have to be combined in order to gain access. Tenable realized that by automating the process of finding weaknesses, they could empower their customers to fix those weaknesses. To this end, they constantly add newly discovered weaknesses to the list of things their tool looks for, and new ways of finding avenues of attack that attackers use.
Why it Matters
Now, if you’ve read our spotlight on SentinelOne, you might think that the ‘add what we know’ approach sounds familiar. Maybe… a bit like virus definitions? If you thought that, you’d definitely be right. The difference comes in the cost to an attacker: while creating a new version of a malicious piece of software is both easy and expendable, finding new vulnerabilities in other systems is many orders of magnitude more difficult. Small businesses have a reduced risk of targeted zero-day attacks, since attackers will focus their efforts where they are likely to see greater rewards. In fact, more than 95% of attacks suffered by small businesses exploit vulnerabilities that have been known for several months. Imagine spammers who use bad grammar and spelling on purpose – they know that anyone they catch with such an obvious hook will be far more gullible. The same is true for businesses that haven’t patched in months – they are much softer and easier targets.
This is where Nessus comes in. It can crawl your networks and computers looking for vulnerabilities, weaknesses, misconfigurations, or anything that might contribute to a weakened security posture or that an attacker might use to compromise your systems. It aggregates decades of attack knowledge and vulnerabilities into one easy-to-use tool. Just point, click, scan, and voila, you have a detailed report of findings sorted from the highest risk to the lowest.
The Limitations
Nessus is a beautiful tool, but like most tools, it doesn’t do the work for you. It helps you know about the problem, but it can’t fix it automatically. Think of it like the check-engine light in your car; without it, you’ll remain blissfully unaware right up until the critical moment it all goes wrong. With it, you know that there’s something that needs your attention hopefully right as the problem starts to become evident, but before any real damage is done.
The Way Forward
From day 1, we’ve used Nessus to perform vulnerability scans for our customers. It’s quick, effective, low-impact, and highly accurate results form a fantastic foundation for remediation efforts. We were more than happy to repeat these scans for our customers at a discount, so they could track their progress toward a stronger security posture. However, we’re pleased to announce that from this day forward, monthly vulnerability scans will be included FREE for ALL customers using an INFANGER Appliance, regardless of the managed services plan they have with us. The resulting reports will be reviewed by our personnel for any new or high-risk findings, with remediation planning available according to your plan terms.
We’re excited to start rolling this out right away. If you haven’t contacted us to schedule your free recurring monthly scans, now is the time!