Tenable Threat Intelligence
The search for vulnerabilities is a constant and never-ending process, but Security Center users now have a new tool at their disposal. Threat GRID’s threat intelligence is the new weapon. Users of Security Center can identify autoruns and/or scheduled tasks that were produced by malware by using the Nessus plugin 74442 (Microsoft Windows Known Bad Auto Runs and Scheduled Tasks).
Threat GRID equips security teams to proactively defend against attacks and malware outbreaks by fusing advanced malware analysis with in-depth threat analytics and content. To offer customers unmatched scale, coverage, and protection from global threats, Threat GRID analyzes millions of malware samples per month that are collected from all over the world and produces terabytes of rich, actionable content daily.
The dashboard and its parts are accessible through the Security Center Feed, a vast repository of dashboards, reports, assurance report cards, and assets. The dashboard is conveniently located in the Threat Detection category of the Security Center Feed.
Along with seven other updated components, this dashboard includes two new ones: “Threat Intelligence – Microsoft Windows Known Bad Auto Runs and Scheduled Tasks” and “Threat Intelligence – Known Bad Auto Run Network Bar Chart.”. The updated parts are:
Threat Intelligence – Known Bad Auto Run Network Bar Chart:
The list of networks with infected hosts that plugin 74442 has detected is provided by the licensed Tenable. The hosts on the networks shown in this graph are most likely compromised, and they need to be removed from the network right away. The following step would be to adhere to an incident response plan and decide whether or not an incident needs to be reported by Tenable. To ascertain the extent of the compromise, a forensic analysis should also be taken into account. Based on the total number of hosts identified within each network, the Class C Summary tool was used to create the chart, which is then sorted.
Updated elements from the following dashboards make up the remaining elements:
Hidden in the Mask
A difficult task can be keeping an eye out for Advanced Persistent Threats (APT) on your network. Customers of the licensed Tenable Network Security, however, have access to all of the company’s resources. One of Tenable’s malware research analysts created this dashboard in response to the discussion post titled “Behind the Mask.”. By choosing the category “Security Industry Trends” and the tags “anomalies” and “backdoor,” it is simple to find the dashboard in the Security Center Feed.
Superior Botnet Detection
This dashboard, which includes the plugin update to separate inbound and outbound connection results, was created to be used with Nessus’ Enhanced Botnet Detection. By choosing the “Discovery and Detection” category and then the tags “analysis” and “intrusion,” it is simple to find the dashboard in the Security Center Feed.
by malware to be exploited
The exploitability of your network is thoroughly outlined in this dashboard. Following a comparison of the exploitability to attack frameworks, this set of elements demonstrates which vulnerabilities can be used by malware. By choosing the “Threat Detection” option in the Security Center Feed, the dashboard is easily accessible.
The nearly 100 different indicators of compromise and suspicious activity displayed on this dashboard are based on malicious file hashes, network traffic anomalies, correlated attacks, and much more. Selecting the “Monitoring” category, followed by the tags “botnet” and “exploit,” will help you quickly find the dashboard in the Security Center (Tenable.SC License)Feed.
Threat Detection process
This dashboard shows gray area processes, known installed software, Microsoft Windows autoruns, unknown processes, and Microsoft Windows autoruns across various components. By choosing the “Threat Detection” option in the Security Center Feed, you can quickly find this dashboard.
By catching more early, Tenable reduces risk
There is a limited amount of time to secure critical infrastructure. Attacks on OT environments for manufacturers, oil and gas companies, power and utility companies, and many other industries have increased over the past ten years.
You need situational awareness and an industrial cybersecurity solution to protect against the most recent attacks, regardless of their source, type, or origin, as OT and IT are increasingly merging, and IoT devices are becoming commonplace. Tenable. You can use the policy, anomaly, and signature based detection technologies offered by OT’s threat intelligence to ensure protection against the most recent OT cyberthreats.
To help identify, research, and mitigate OT threats, you receive real-time, multi-layered data protection as well as insights at the device and network level.
Threat intelligence gathers information from several feeds that are both open-sourced and specially created by the licensed Tenable. When these data sources and indicators of compromise (IoCs) are combined, it becomes easier to identify both well-known threats and fresh attacks as they first appear in the wild.
At each stage of the attack cycle, the licensed Tenable threat detection creates real-time security against OT-based attacks. It makes use of a wide range of detection methods tailored to industrial and mission-critical environments. The threat intelligence capability makes sure that your system receives the most recent threat-fighting information when new IoCs, signatures, or operations are made available, reducing vulnerability windows from months or weeks to days or minutes.
Benefits of using Tenable Threat Intelligence
Tenable. ICS-CERT, NVD, emerging threats, Tenable, and other detection sources are just a few of the sources that ot’s threat intelligence uses to detect threats to industrial networks. You are fully protected from OT threats as a result of this.
Defense Against Fresh Threats
Threat intelligence is constantly updated, giving you the most recent feed to guarantee the most effective defense against new and emerging OT threats.
Receive research insights from the licensed Tenable, such as fresh IoCs for Zero Day vulnerabilities, distinct SCADA software threats, and other indicators based on professional research.
Deep awareness of the environment
The licensed Tenable’s various feed sources give you contextual information about threats, which you can use to help prioritize and accelerate and increase the precision of your investigations. Information about the actor, campaign to which the threat is related, and IoC threat severity is included in the context.
Hunting for threats
Utilizing various IoCs improves detection abilities and offers better visibility into threat evolution. Bad IPs, dubious domains, malicious hashes, packet signatures, vulnerabilities, and other elements may be present in IoCs.