Tenable Solutions

Content Auditing

Tenable Network Security's Unified Security Monitoring strategy can help your organization identify and monitor sensitive data at rest and in motion.

A key concern for most organizations is to determine where their data is. Tenable SecurityCenter can classify assets based on the type of services it is offering. For example, Tenable SecurityCenter can take all of the data from Tenable Nessus and the Tenable Passive Vulnerability Scanner and create dynamic lists of all FTP servers, Web servers, email servers and so on. In some cases, it can even identify classes of servers such as "Web servers that host PDF files", or "FTP servers that contain movies".

Tenable SecurityCenter can coordinate Tenable Nessus scans that search hard drives of Microsoft desktop and server systems for files with specific content. Tenable's Support Portal contains audit policies that search for:

  • Credit Cards, Social Security Numbers and Driver's License Numbers
  • Spreadsheets with financial, employee and health data
  • Files and browser records that can indicate abuse of corporate network usage
  • Software source code
  • Document code words such as "SECRET", "PROPRIETARY" or "CONFIDENTIAL"

The Tenable Log Correlation Engine Log Agent for Windows can make use of Windows Management Instrumentation (WMI) functionality to monitor local and remote systems for USB device, CD-ROM disc and DVD disc activity. In addition, the Tenable Nessus scanner may be used to inspect the list of attached devices to servers and also obtain the history of every device that was installed as well. Together, these types of audits can help your organization to identify the types of USB technologies that are in use that could increase risk or violate policy.

Each instance of the Tenable Passive Vulnerability Scanner (PVS) can watch network traffic to see where files and hosted and where they are transferred to. As files are observed being downloaded and uploaded over network shares, FTP, web and NFS, the Passive Vulnerability Scanner builds up a list of all file names and directories that are active on the network. For each unique file transfer, the Passive Vulnerability Scanner also logs in real-time to the Tenable Log Correlation Engine which file was downloaded and the source and destination of the event.