Tenable Lightning is a commercial front-end and correlation solution for the popular Nessus open-source scanner. Lightning adds some additional scanning and reporting capabilities; the ability to ticket and comment on found vulnerabilities; the ability to deploy scan sensors across the enterprise; and the integration of output generated by Nessus Scan and various network intrusion-detection systems, such as Bro, Dragon, RealSecure and Snort. By combining VAs with IDSs enterprises can see a detailed picture of how an open vulnerability might be an active compromise within their environments.
Although we did find several enhancements to Tenable's new Nessus front end, we found drawbacks as well. For instance, administrators no longer have a real-time display of the scanner's progress, and attempting to stop an active job sent us deep into the CLI, where we had to remove the active scan file manually. There's no mistaking this is still a new product, and it requires knowledge of the back-end OS--Linux--to make things happen.
Lightning is off to a good start. More comprehensive reporting, additional work with the ticketing interface, more granularity for user permissions and an overall more user-friendly interface, and Tenable might take Nessus to bigger and better places.
Tenable Nessus Appliance 1.0, $20,000. Tenable Network Security, (410) 872-0555. www.tenablesecurity.com
BindView Corp. bv-Control for Internet Security 7.2
Bv-Control for Internet Security is only a small piece of BindView's complete bv-Control Suite, but it has a great deal of potential. The management interface, a snap-in to the Microsoft Management Console, is uncluttered and easy to understand. The application incorporates policy-compliance scanning and lets administrators fix some registry and policy vulnerabilities that appear in its reports.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
