Tenable Solutions

SANS CAG

The SANS Consensus Audit Guidelines (CAG) is a compliance standard that specifies 20 "control points" that have been identified through a consensus of federal and private industry security professionals.

A detailed technical paper is available for download which discusses how Tenable Network Security's combination of scanning, configuration auditing, log analysis and passive network monitoring can be leveraged to comply with the CAG recommendations.

Specifically, Tenable can help in the following areas:

  • Active scanning, patch auditing, passive network monitoring and process accounting help monitor authorized and unauthorized software and devices.
  • Active, passive and credentialed vulnerability scanning provides continuous and accurate monitoring for new security issues.
  • Configuration auditing and file integrity monitoring of applications, desktops, routers and operating systems can be performed against a wide variety of government and commercial standards.
  • Network and intranet perimeters can be monitored and correlated by aggregating logs from NIDS, firewalls, DMZ servers and netflow.
  • Custom web applications can be audited with Tenable Nessus's web application tests and logs from the applications can be monitored for abuse. Custom applications can also undergo rigorous configuration audits of the OS, application and SQL database with Nessus.
  • All user accounts and user activity can be strictly audited and monitored for abuse and suspicious activity.
  • All web browsing can be passively logged and searched which enables analysis of botnets, malware and user activity.
  • Anti-virus software can be audited to ensure it is working correctly. Logs from desktop, email, NIDS, gateway devices and "blacklisted" sites can be correlated for a complete view of your malware exposure.
  • Full log searches as well as complete configuration audits can be used to accelerate your incident response efforts.
  • Unauthorized wireless access points as well as desktops with incorrect wireless SSIDs can be identified.

To learn specific details about how Unified Security Monitoring maps into the SANS CAG, please contact us to sign up for a live webinar demo of our products and solutions.