In the modern business world, networks now encompass virtual, cloud and mobile environments as well as on-premises systems. This means that the accepted defensive technologies, which include monthly scans, firewalls, antivirus solutions and patches, are no longer enough to prevent serious attacks.
The nature of threats today is such that enterprises need to constantly adapt their defences to match the ever-evolving challenge presented by these threats, and to keep their networks safe and secure. In other words, they have to stay ahead of these emerging threats ? something that can best be achieved by constantly monitoring the health of the network systems.
According to Maxtec, a South African IT services provider specialising in security, storage and networking solutions, security threats today pose far more danger to the organisation than they did in the past.
Maxtec is the sole South African distributor of a range of security solutions from Tenable, the leading vulnerability management vendor in the market. Maxtec and Tenable suggest continuous monitoring is the single best protection an organisation can have to safeguard network health.
A key part of Tenable's continuous vulnerability analysis is a strong focus on compromise detection, indicates Gavin Millard, a Tenable director.
"Tenable believes it is just as crucial to search for vulnerabilities and configuration issues in known software, as it is to go looking for malicious software and malicious users.
"Moreover, detecting a compromised system is a different kettle of fish to detecting a system that is under attack," he says.
"While intrusion detection systems are good for discovering attacks, they are not so effective in uncovering actual compromises. For this reason, Tenable advocates an approach that encompasses the monitoring of files, system settings, logs, application processes and network traffic. In this way, continuous vulnerability detection provides an excellent platform to search for malware, botnets and compromised system accounts."
According to a 2014 study by Forrester Research, commissioned by Tenable, "organisations that have implemented continuous monitoring are more than twice as likely to be satisfied with their vulnerability management approach, compared to those that use periodic scanning".
Millard points out Tenable remains a security leader because of its one-step-ahead vision. As an example, he highlights the fact that when the world learned about the Shellshock vulnerability in September of this year, it took Tenable less than 24 hours to release a robust set of detection plugins and a new Shellshock policy wizard for its Nessus vulnerability scanner.
"Protecting your business from something like Shellshock means staying ahead of the people who mean you harm. From the moment the news broke about the vulnerability, Tenable was working hard to ensure that its customers had up-to-date and actionable information about Shellshock in their networks," states Millard.
He adds widespread vulnerabilities such as Shellshock and Heartbleed also have a tendency to reappear in the network environment. "It is therefore critical to verify that the patch has been properly installed on the system. This is something that Tenable's Nessus and SecurityCenter CV do very well."
So how exactly does Tenable manage to stay ahead of those that would do its customers harm?
Millard says the company has a vast library of plug-ins that it is able to draw on in order to protect its customers from vulnerabilities.
"For example, the recent critical vulnerabilities known as Microsoft 14 064, 066 and 068 pose a clear threat to organisations, but Tenable's solutions not only have the ability to discover all the systems that are susceptible to these vulnerabilities, but, more critically, also to validate the patches required to protect against these threats are deployed securely and effectively."
What sets Tenable apart from other security solutions providers, he adds, is its ability to provide a solution is able to continuously monitor infrastructure, rather than only providing snapshots of the security situation at a scheduled time.
"Our solutions are able to detect threats as they are introduced into a network, which means users can immediately take steps to counter these. By reducing the time needed to detect advanced malware that bypasses traditional security controls, we enable clients to stay one step ahead of the criminals," Millard concludes.
Share