Tenable Network Security Releases SCADA Plugins for Nessus 3

Business Wire, Dec 12, 2006

Protocol Support for Control Systems Added

COLUMBIA, Md. -- Tenable Network Security, Inc., a leading developer of security management solutions and creator of the popular and award-winning Nessus 3 vulnerability scanner, announced today the immediate general availability of a set of Nessus 3 plugins for detection of vulnerabilities common to SCADA networks. The SCADA plugins are available for download by Tenable Direct Feed subscribers and Tenable Security Center customers. The addition of SCADA plugins for Nessus will benefit organizations worldwide that are facing increased scrutiny and legislation for protection of critical infrastructure networks. The SCADA plugins were developed through a partnership with Digital Bond, Inc., a security consulting and research practice with special expertise in SCADA systems.

In addition to offering SCADA support for the market leading network vulnerability scanner, Nessus 3, Tenable also offers a Passive Vulnerability Scanner (PVS). Similar SCADA plugins for the PVS have been available since mid-2006. These offer no impact to the monitored network and effectively identify all devices which communicate via Modbus, ICCP and DNP3 protocols.

"Control system applications and devices can suffer from the same classes of vulnerabilities as IT applications and devices such as missing control system security patches, unchanged default passwords, and weak configurations. The Nessus plugins in the new SCADA category represent the first tool to identify these vulnerabilities and will also help identify unknown or rogue SCADA applications on the network," stated Dale Peterson of Digital Bond.

"The SCADA plugins allow organizations, which rely heavily on control systems, to develop an effective risk-based security plan designed to protect their valuable infrastructure," explained Ron Gula, CEO of Tenable Network Security. "Industries which rely on these systems include, but are not limited to, electric utilities, water treatment facilities, natural gas and petro-chemical companies."

As part of the Cyber Security Standards CIP-002-009 adopted in 2006, NERC produced The Security Guidelines for the Electricity Sector to address topics including vulnerability and risk assessment, business continuity, and protecting sensitive information. Tenable's Security Center in combination with Tenable's Nessus 3 and Tenable's Passive Vulnerability Scanners offer a comprehensive solution to meeting NERC requirements.

To learn more about SCADA solutions from Tenable please visit: http://www.tenablesecurity.com/whitepapers/compliance.shtml

For further information and detail on Tenable's SCADA plugins, please visit: http://blog.tenablesecurity.com and http://www.digitalbond.com.

About Digital Bond

Digital Bond, Inc. is a security consulting and research practice with special expertise in SCADA systems. In a DHS funded project, Digital Bond developed IDS signatures for SCADA protocols that have been integrated into most IDS products., Digital Bond has also identified numerous SCADA application and protocol vulnerabilities, including the vulnerability disclosed in US-CERT's first SCADA related vulnerability note.

Digital Bond Contact: Dale Peterson, 954-384-7049, peterson@digitalbond.com

About Tenable Network Security

Tenable Network Security is a leading provider of network security software solutions for enterprise vulnerability, security event, and compliance management. Tenable's award-winning products are utilized by many Global 2000 organizations as well as federal government agencies to unify vulnerabilities detected with active, passive, and host-based auditing with enterprise security log data to precisely assess and proactively minimize network risk. For more information, please visit us at http://www.tenablesecurity.com.