Tenable Network Security Releases Agent-Less Compliance Solution

Business Wire, August 1, 2006

COLUMBIA, Md. -- Tenable Network Security, Inc., a leading developer of security management solutions and creator of the popular and award-winning Nessus vulnerability scanner, announced today the availability of compliance plugins and policy creation tools which provide an agent-less approach for conducting compliance audits. These plugins are available to Tenable Security Center 3.0 customers and the Tenable Nessus 3.0 Direct Feed subscribers.

"Most of the compliance solutions on the market today are 'agent-based' and require that software be installed on servers or desktops to access configurations. These solutions are difficult and expensive to deploy and manage both technically and politically in medium and large organizations," said Greg Kyrytschenko of People's Bank, one of Connecticut's largest banks. "Tenable's solution provides an innovative and cost effective alternative to how we accomplish our audits and meet our compliance obligations."

Tenable offers a variety of ways to verify configurations and audit against policies. Tenable's core technology, Security Center 3.0, is extremely powerful for conducting compliance audits and communicating the results to many different consumers. "Tenable is simply extending the capabilities of Tenable's Security Center 3.0 and Nessus 3.0 to accomplish these audits efficiently, effectively and economically," says Ron Gula, CEO of Tenable Network Security.

Asset Centric Analysis

The combination of network scanning, passive network monitoring, and integration with existing asset and network management data allows Tenable's Security Center 3.0 to organize network assets into categories allowing an auditor to review all components of a particular application.

Configuration Audits

A configuration audit is conducted to verify that servers and devices are configured according to an established standard. Tenable's Security Center 3.0 can perform configuration audits on key assets through the use of Nessus' compliance plugins on UNIX or Windows servers without the need for an agent. Tenable's Security Center 3.0 includes several standard audit templates (NSA, NIST, PCI, etc).

Security Event Audits

For real-time compliance monitoring, Tenable customers can add Tenable's Log Correlation Engine with logic that can map any number of normalized events to a "compliance" event. Tenable's Security Center 3.0 and Log Correlation Engine 2.0 allow any organization to implement their compliance monitoring policy in real time. These events are also available for reporting and historical records.

Tenable has prepared a comprehensive paper outlining how their solutions can be used for measuring and demonstrating "compliance". Extremely detailed appendixes are also included for specific control mechanisms of COBIT, GLBA, HIPAA, NIST Special Pub 800-53 and PCI audits. To request a copy of this paper, send an email to sales@tenablesecurity.com.

About Tenable Network Security

Tenable Network Security is a leading provider of network security solutions for vulnerability, security event, and compliance management. Tenable's award-winning products are utilized by many Global 2000 organizations and Government agencies to discover, unify and manage known vulnerabilities and log data to proactively minimize network risk. For more information, please visit us at http://www.tenablesecurity.com.