Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Vulnerability Assessment Principles

1. Vulnerability Assessment Overview


What is vulnerability assessment?

A vulnerability assessment is a way you can discover, analyze and mitigate weakness within your attack surface to lessen the chance that attackers can exploit your network and gain unauthorized access to your systems and devices.

With an ever-expanding attack surface, protecting your organization from cyber risk is challenging. A vulnerability assessment program can reduce your organizational risks by eliminating blind spots in your attack surface, discover and analyze all of your assets, and help you plan for remediation of the vulnerabilities and weaknesses that pose the greatest risk to your organization.

What's the difference between vulnerability assessment and vulnerability management?

Vulnerability assessment and vulnerability management are different, but complementary.

A vulnerability assessment is a one-time project you conduct on a regular basis to identify all of your assets and vulnerabilities. Generally, a vulnerability assessment, which is not the same as a vulnerability scan, has a specified beginning and end date. It’s a snapshot of your attack surface at a specific point in time.

Vulnerability management, on the other hand, is an ongoing program that uses a variety of tools and processes that helps you identify all of the assets and vulnerabilities across your enterprise but also helps you plan how you will mitigate issues, remediate weaknesses, and improve your overall security posture.

A vulnerability assessment is part of your overall vulnerability management program, which helps you continuously identify and address your cyber risks.

2. Assets, Vulnerabilities and Your Attack Surface


What is a vulnerability?

A vulnerability is a weakness or hole in hardware or software that can be exploited to compromise systems and give attackers access to your data and information. Basically, they’re “bugs” or programming mistakes.

Vulnerabilities are commonly fixed, or remediated, by repairing issues within code, known as patching, or fixing misconfigurations to improve operational security.

The more complex a system is, the more lines of code it will likely have, meaning there’s a greater chance of programming mistakes somewhere in that code. That’s why, say for operating systems, you’ll often get notifications that you need updates to fix issues.

Vulnerabilities can also be found when systems are misconfigured, creating additional opportunities for attackers to exploit your system.

Here are some common ways attackers target organizations through vulnerabilities and weaknesses:

  • Exploiting misconfigurations and unpatched systems
  • Phishing: Sending fake emails that look like they're from real sources to trick people into revealing information like usernames, passwords and payment info.
  • Credential stealing: Because people often use the same usernames and passwords across many sites, attackers can collect usernames and passwords from one breach and then use them to access other sites.
  • Malware: Malicious software that gives attackers system access.
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS): Flooding attacks to use up bandwidth so systems can’t respond to actual service requests.
  • Cross-Site Scripting (XSS): Putting malicious code on websites to target visitors.
  • Man-in-the-Middle (MitM): Compromising users through unsecure networks like public WiFi.
  • SQL Structured Query Language (SQL) Injection: Putting malicious code on a server and then using SQL to access sensitive information that otherwise wouldn’t be accessible.
  • Zero-Day Exploits: Exploiting a system after a threat is publicly announced but before a patch or other fix is released.

Top Vulnerability Types

The Open Web Application Security Project (OWASP) maintains a list of top vulnerabilities, updated most recently in 2017. OWASP’s list takes a closer look at the top 10 critical web application security risks. The risks include:

  1. Injection flaws including SQL, NoSQL, OS and LDAP injection
    1. These flaws give attackers access to data without proper authorization and can also get users to execute unintended commands without their knowledge
  2. Broken Authentication
    1. These flaws give attackers access to data without proper authorization and can also get users to execute unintended commands without their knowledge
  3. Sensitive Data Exposure
    1. When not properly protected, attackers can get access to personal information such as financial and healthcare data and use that for financial fraud or identity theft.
  4. XML External Entities (XXE)
    1. According to OWASP, “older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution and denial of service attacks.”
  5. Broken Access Control
    1. When access controls don’t function properly, attackers can access data and files. They can change data, amend access rights and get access to other unauthorized functionalities within an exploited system.
  6. Security Misconfigurations
    1. Misconfigurations, including insecure default configurations, misconfigurations and open cloud storage, are top security issues.
  7. Cross-Site Scripting (XSS)
    1. With XSS, attackers execute scripts in a victim’s browser. This allows them to take over user sessions and redirect users to other sites, often without the user knowing they’ve been compromised.
  8. Insecure Deserialization
    1. Insecure deserialization leads to remote code execution.
  9. Using Components with Known Vulnerabilities
    1. Attackers use components such as libraries, modules and frameworks, which have the same access privileges as core applications, to steal data or take over servers.
  10. Insufficient Logging and Monitoring
    1. OWASP cites studies that indicate time to detect a breach is more than 200 days, which means insufficient logging and monitoring leaves attackers with more time to move through your system unnoticed.

What does my organization’s attack surface look like?

Today’s attack surface no longer includes just traditional IT assets like servers, desktop machines and your network. The modern attack surface now also includes dynamic devices that may appear intermittently on your network like laptops, smartphones and tablets, and also Internet of Things (IoT) devices, operational technology (OT), containers and cloud environments.

Attackers know most organizations struggle to keep up with visibility into all of their assets. Add that to the challenges of mitigating and remediating the volume of vulnerabilities discovered by most vulnerability assessment programs, and it may feel like attackers always have the upper hand. That’s why it’s important to develop a robust, flexible and scalable vulnerability assessment program to continuously discover and assess all of your assets and vulnerabilities to decrease your overall cyber risk.

When looking at your attack surface, here are a few key steps you don’t want to miss:

  1. Identify all of your organization’s assets, regardless of type. A vulnerability assessment solution from Tenable will give you comprehensive insight into your attack surface.
  2. Determine where each asset is located.
  3. Determine who is responsible for managing each asset and who has access.
  4. Indicate asset type: cloud, mobile, traditional IT, IoT, etc.
  5. Determine if the asset is critical to business operations and prioritize accordingly.
  6. Evaluate what might happen if each critical asset was affected by a vulnerability. Would you still be able to operate or would it have a non-critical effect on your organization?

Visibility Challenges

Today’s modern and vast IT landscape means most likely you have blind spots and don’t have the comprehensive insight you need into your entire attack surface.

Here are some common challenges when assessing your attack surface:

  • Assets that aren’t on your network for long (or those that don’t appear on your network at all) make it difficult to discover and monitor them.
  • End-user devices that are off-network can be hard to discover and protect.
  • When your organization builds its own application code, it can be difficult to find vulnerabilities within that code.
  • IoT devices are relatively new to vulnerability assessment. They aren’t always protected the same way as traditional IT assets, so it can be challenging to find related weaknesses.
  • Operational tech (OT) can be a challenging piece of your vulnerability assessment program because they can often only be assessed with passive, non-intrusive assessments.
  • If you’re assessing critical systems, it can be difficult to do assessments without causing disruptions to your daily operations or organizational goals.
  • While cloud deployments offer flexibility and scalability, it can be hard to secure assets. There are often blind spots, compliance issues and governance challenges.
  • Mobile devices create a number of security risks for your organization especially when they’re used without proper security controls to protect sensitive data.
  • Most organizations have a lot of web applications. These applications have frequent updates. Because of the volume of apps and updates, it can be difficult to keep up and know how many apps are being used across your organization.
  • Application containers cause visibility challenges because they’re fast to deploy new software and that can make it hard for your teams to keep up.

Vulnerability Assessment Styles


Are the different vulnerability assessment styles?

Yes. There are four general types of vulnerability assessment styles. That’s what the team at Tenable Research discovered and released in its Cyber Defender Strategies report after analyzing more than 2,100 organizations.

Here’s what those four vulnerability assessment styles look like:

  • Minimalist: Minimalists do bare minimum vulnerability assessments as required by compliance mandates. About 33% of organizations in the study are minimalists, meaning they only conduct limited assessments on select assets. These organizations are exposed to risk and have more work to do on improving their cybersecurity posture.
  • Surveyor: Surveyors do more frequent vulnerability assessments than Minimalists, but they are broad in scope. About 19% of organizations in the study are Surveyors. They don’t use authentication or customize scan templates when they conduct these assessments, which leaves them in a low-to-mid-level security posture.
  • Investigator: The Investigator’s vulnerability assessments are at a high-maturity level, but these assessments are only on select assets. About 43% of organizations surveyed are Investigators. These organizations have a solid vulnerability assessment strategy and they do assessments on a good cadence and use asset authentication and prioritization, with targeted scan templates. This is level three in the four levels of maturity, but the program’s cybersecurity posture can mature further.
  • Diligent: The Diligent vulnerability assessment style is the highest level of maturity. Only about 5% of organizations are Diligent, meaning they have near-continuous visibility into all of their assets and they conduct assessments with high frequency. Diligent organizations do targeted and customized assessments with comprehensive asset coverage. They also will tailor scans required on a case-by-case basis.

4. Vulnerability Assessment Solutions


Why do I need to do vulnerability assessment?

Unpatched software, misconfigured systems, and other weaknesses can create devastating implications for your organization.

A single successful breach into your environment, for example, a successful phishing attempt that lands ransomware on one of your servers, could cost your business hundreds of thousands of dollars in remediation and recovery expenses; extended downtime that can last days or longer; lost customers and a drop in sales and revenue; brand and reputational damage; and in some cases, a successful attack can shut down your business altogether.

With about 9,000 recorded breaches in the past 10 years, your organization is increasingly vulnerable to a cyber attack. And although more than 30% of organizations say they’ve had a cyber attack on their operational infrastructure, more than 62% around the world aren’t confident they’re ready to deal with an attack.

While attackers are constantly looking for ways to exploit weaknesses and get into your system, malware and phishing schemes are common attack methods. The average cost of a malware attack in the past two years is more than $2 million and ransomware continues to be an increasing threat for organizations of all sizes.

On average, a business becomes a victim to ransomware every 13 seconds. Phishing emails are the most effective way in, with 91% of attacks starting with phishing. In the past year, 76% of businesses said they had been targeted by a phishing attack.

Add to these exploit vectors the volume and diversity of asset types and it is increasingly more challenging for security teams to adapt and remediate every vulnerability that could affect your organization.

That’s why today’s most successful vulnerability assessment programs rely on tools and resources that facilitate continuous asset discovery and vulnerability monitoring, along with processes to prioritize threats based on actual risk to your organization.

Benefits of a vulnerability assessment program

Vulnerability assessment helps you discover and analyze weaknesses within your attack surface to reduce the chance attackers can exploit your network and gain unauthorized access to your data.

From malware to weak passwords and everything in between, threats to organizations of all sizes continue to increase, as does the cost to stop and fix and attack once it’s underway. That’s why it’s increasingly important to adopt a vulnerability assessment program to better understand your Cyber Exposure and keep your organization safe.

If you’re still considering whether or not a vulnerability assessment program is right for you, here are a few benefits to consider:

Discover Vulnerabilities

A vulnerability assessment program can help you discover all of your vulnerabilities including software flaws, missing patches, malware, and misconfigurations, so you can stay a step ahead of mitigate them before attackers infiltrate your attack surface.

Map Your Assets

By discovering all the assets in your organization, you can create a detailed map of your entire attack surface.

Maintain an Up-to-Date Asset Inventory

Asset discovery enables you to create an inventory of all your assets, even those that only occasionally connect to your network and those that are short-lived.

Understand Your Cyber Risks

Your vulnerability assessment program should give you insight into all of your assets and all of your vulnerabilities so you can determine your cyber risks and make solid business and security decisions to mitigate those risks. This will also help you build a stronger security posture.

Audit Patching

A vulnerability assessment program can help you better manage your patching plans, including insight into any configuration changes, so you can better plan for and evaluate the success of your remediation strategies.

Better Communication of Critical Information

Reporting on your vulnerability assessments can help you keep key stakeholders, from management to clients informed about all vulnerabilities and misconfiguration issues.

Choosing a vulnerability assessment solution that enhances your vulnerability management program

While your organization will have unique needs when it comes to selecting a vulnerability assessment solution, there are some core considerations applicable across industries. Here are four things to consider when evaluating a vulnerability assessment solution:

  1. Continuous and Complete Discovery of Assets

    When it comes to asset discovery and vulnerability assessment, your solution should offer a wide range of coverage including continuous asset discovery and complete visibility into your attack surface.

  2. Do you provide passive network monitors to continuously discover assets?

    Do you provide agents that work with both cloud-based and on-premise deployments?

    Do you provide cloud connectors for live visibility into Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) environments?

  3. Assessment: More Than Just a Scan

    Asset assessment in today’s modern IT environment is more than just running a scan.

    Questions to ask your vendor:

  4. Do your container image scans consider layer hierarchy to reduce false positives?

    Do you provide passive monitoring for OT and IoT vulnerability detection?

    Has your research team discovered any Zero-day vulnerabilities in the last 12 months? If yes, how many?

  5. Analyzing risks for remediation

    With an array of data collection tools in your comprehensive vulnerability assessment program, teams often struggle with vulnerability data overload. What do you do with all the information you gather? Which vulnerabilities are likely to have the greatest real-world impact on your organization and may be exploited in the near future? How do you prioritize remediation?

    A vulnerability assessment solution that leverages machine learning can help your team get a handle on data so you can uncover blind spots and hidden patterns to better assess future threats to your organization.

  6. Does your vulnerability scoring primarily look at historical data such as the existence of exploits or does it incorporate real-time intelligence about current threats?

    Does your vulnerability scoring leverage machine learning?

    What about automated asset criticality scoring?

  7. Simplified Pricing, Licensing and Growth Opportunities

    Your vulnerability assessment solution should have a simple and straightforward pricing and licensing model and can scale as your organization grows and changes.

If you’d like to take a deeper dive into how to choose the best vulnerability assessment solution for your organization, check out Gartner’s Guide to Choosing a Vulnerability Assessment Solution.

5. Vulnerability Assessment Processes


Implementing a vulnerability assessment program

If you’re ready to implement a vulnerability assessment program for your organization, you may be unsure exactly where to begin. Here are five steps you can take to set the foundation for your vulnerability assessment program and improve it as your company changes and evolves over time.

Step 1: Program planning

Before implementing your vulnerability assessment program, plan core components and set objectives.

Begin by reviewing your existing organizational and security policies and procedures.

  • Are they current?
  • Are they effective?
  • How will you align your vulnerability assessment program with these existing policies?
  • Don’t forget to include compliance and regulatory components.

After reviewing your existing plans and policies, define the scope of your vulnerability assessment program, including timelines, priorities, goals, and quantifiable metrics. This is also a good time to define roles for key players with an overview of responsibilities.

Step 2: Initial Assessment

Your initial assessment will create a baseline from which you can build your vulnerability assessment program.

This assessment should include identification of all of your assets across all of your environments.

After identifying assets, you’ll need to determine the criticality of each as they relate to your business operations. You’ll also need to identify who owns or is responsible for each asset, with additional information about who has access to each device.

Your initial assessment should also include a review of all your ports to see if any are open that should not be. Also, review all services to identify any that are active but shouldn’t be.

This initial assessment phase is also a good time to determine if systems, processes and apps are up-to-date. Check out every application and data source. This includes reviewing all software to determine if any unauthorized software is on your assets. Also, look for configuration issues to see if attackers can exploit any misconfigurations.

Step 3: Conduct a vulnerability scan

Now it’s time to conduct your first vulnerability scan. Here are some scan suggestions:

  • All applications
  • All ports
  • Your firewall(s)
  • CMS systems and web platforms
  • HIPAA and other compliance and regulation standards such as PCI DSS and GDPR
  • OWASP Top 10
  • DoS and DDoS

Step 4: Create reports

After completing your vulnerability scan, you’ll need to create reports to share information with your teams.

In general, your reports should include the following information to help prioritize remediation and facilitate communication about your program effectiveness with your organizational stakeholders:

  • Name of the vulnerability and date it was discovered
  • Description of the vulnerability and which assets are affected
  • Vulnerability rating based on your adopted scoring scoring systems like CVSS for CVEs
  • Plans to remediate the vulnerability
  • How long the vulnerability existed
  • When the vulnerability was fixed and how long that took
  • Which steps were taken to fix the issue
  • Any follow-up steps

Step 5: Remediate

Once you’ve analyzed your vulnerabilities and shared detailed reports with your team, it’s time to plan and fix those weaknesses.

Remember, most vulnerability assessments return lengthy lists of vulnerabilities and it can be challenging to know which ones to fix first. You can prioritize your remediation plans based on your vulnerability scoring systems and asset criticality.

Start with vulnerabilities most likely to pose the greatest risk to your organization in the near future and then work your way further down your list of less critical weaknesses.

Vulnerability assessment best practices

A successful, flexible and scalable vulnerability assessment program should:

  • Facilitate high-speed, accurate scanning across all of your IT environments. These scans should go beyond just your traditional attack surface such as desktop machines, servers and your network, to also include mobile devices like smartphones, laptops and tablets, but also your cloud environments, IoT devices, OT devices and containers.
  • Automate manual and repetitive tasks to speed up your insight and response into potential weaknesses within your attack surface.
  • Provide insight into your assessment program success with configurable reports so you can communicate your program’s effectiveness to key stakeholders, identify gaps, and make business and security-related decisions that align with overall goals and objectives for your organization.
  • Help determine the criticality of all of your assets so you can prioritize which vulnerabilities may put your organization at the greatest risk
  • Help you plan for patching and remediation to reduce your cyber risk and the size of your attack surface, while causing the fewest disruptions to your day-to-day business operations.
  • Determine your Cyber Exposure Score (CES), so you can have a better understanding of your assessment program success and where you need to make improvements or adjustments.
  • Benchmark your program’s effectiveness internally across departments as well as against industry peers to better understand how well you’re doing in reducing your cyber risk so you can communicate this information to your teams and key stakeholders.

6. Vulnerabilities and Penetration Testing


What is penetration testing?

Penetration testing is a supplementary component to you vulnerability assessment processes. In penetration testing, pen testers use a variety of exploitation methods to try to get around your existing cybersecurity measures by compromising vulnerabilities or other security weaknesses in your attack surface.

Generally, a third party does penetration testing and launches intentional exploits on your attack surface (or specific parts of it) to prove a vulnerability exists. After a pen test, your tester will report findings back to you so you can plan remediation and take steps to improve your overall cybersecurity posture.

What’s the difference between vulnerability assessment and penetration testing?

Vulnerability assessment and penetration testing are different processes, but they work together. Penetration testing is a stand-alone activity that gives you insight into your attack surface from a specific point in time, but vulnerability assessment is an ongoing process. Pen testing helps you understand how well your vulnerability assessment and vulnerability management programs are working and where you may have weaknesses that should be addressed. Pen tests can also help you gather information about your cybersecurity posture so you can set goals to improve your vulnerability assessment processes.

What are the phases of penetration testing?

There are generally five phases for a penetration test and they look like this:

  1. Your penetration test begins with a planning phase to outline goals and set testing expectations.
  2. Next, determine the scope of the test. Do you want your pen tester to target your entire network or a specific subset? Will the tester do credentialed or non-credentialed scanning? Will your security team be aware of the tests and when they’re happening?
  3. Once you’ve scoped testing parameters, your tester is ready to begin. The goal is to try to find weaknesses within your network, just like an attacker would in a real-world scenario.
  4. After conducting the test, your tester will report findings for your review.
  5. Once you’ve reviewed those results, use that information to plan for remediation and address the security issues the tester discovered.

What are the different approaches to penetration testing?

There are two core approaches to penetration testing, and a third that is a variation of the two: whitebox testing, blackbox testing, and grey box testing.

Whitebox testing: The third-party tester knows information about the target and the tests generally take place within a credentialed environment.

Blackbox testing: No target information is shared with your tester, and your tester conducts network sweeps without credentials.

Grey box testing: A mix where your organization may provide the tester with only partial details about targets.

Nessus Professional is a complementary tool that can help testers discover possible vulnerabilities or weaknesses within your attack surface before launching tests.

What is vulnerability scanning?

Vulnerability scanning helps you discover vulnerabilities and weaknesses within your attack surface—across all of your assets—so you can plan for remediation to decrease your overall cyber risk. There are a number of automation tools you can use for vulnerability scanning, for example, Nessus Pro. These tools help you build an inventory of all of your assets across your network and enable automated scanning when a device connects to your enterprise.

관련 제품

최고의 취약성 평가 솔루션입니다.

최고의 취약성 평가 솔루션입니다.

자세히 보기

Vulnerability Assessment Resources

 

How to Use Vulnerability Testing for Risk Assessment

 

Nessus User Guide

 

Advanced Dynamic Scan Policy in Nessus Professional

tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable.io Vulnerability Management 평가판에는 Tenable Lumin, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Nessus Professional 무료로 사용해 보기

7일간 무료

Nessus®는 오늘날 시장에서 가장 포괄적인 취약성 스캐너입니다. Nessus Professional은 취약성 스캔 프로세스를 자동화하고 컴플라이언스 주기에서 시간을 절약하고 IT 팀이 참여할 수 있도록 합니다.

Nessus Professional 구매

Nessus®는 오늘날 시장에서 가장 포괄적인 취약성 스캐너입니다. Nessus Professional은 취약성 스캔 프로세스를 자동화하고 컴플라이언스 주기에서 시간을 절약하고 IT 팀이 참여할 수 있도록 합니다.

여러 해 라이선스를 구매하여 절감하십시오. 연중무휴 전화, 커뮤니티 및 채팅 지원에 액세스하려면 Advanced 지원을 추가하십시오.

라이선스 선택

여러 해 라이선스를 구매하여 절감하십시오.

지원 및 교육 추가

Tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable.io Vulnerability Management 평가판에는 Tenable Lumin, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Tenable.io Web Application Scanning 사용해 보기

Tenable.io 플랫폼의 일부로 최신 애플리케이션을 위해 설계된 최신 웹 애플리케이션 스캐닝 서비스에 대한 전체 액세스 권한을 누리십시오. 많은 수작업이나 중요한 웹 애플리케이션 중단 없이, 높은 정확도로 전체 온라인 포트폴리오의 취약성을 안전하게 스캔합니다. 지금 등록하십시오.

Tenable Web Application Scanning 평가판에는 Tenable.io Vulnerability Management, Tenable Lumin 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable.io Web Application Scanning 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

5 FQDN

$3,578

지금 구매

Tenable.io Container Security 사용해 보기

취약성 관리 플랫폼에 통합된 유일한 컨테이너 보안 서비스에 대한 전체 액세스 권한을 누리십시오. 컨테이너 이미지에서 취약성, 맬웨어 및 정책 위반을 모니터링합니다. 지속적 통합 및 지속적 배포(CI/CD) 시스템과 통합하여 DevOps 실무를 지원하고 보안을 강화하고 기업 정책 컴플라이언스를 지원합니다.

Tenable.io Container Security 구매

Tenable.io Container Security는 빌드 프로세스와의 통합을 통해 취약성, 맬웨어, 정책 위반 등 컨테이너 이미지의 보안에 대한 가시성을 제공하여 DevOps 프로세스를 원활하고 안전하게 지원합니다.

Tenable Lumin 사용해 보기

Tenable Lumin을 사용하여 Cyber Exposure를 시각화 및 탐색하고 시간 경과에 따른 위험 감소를 추적하고 유사한 조직을 벤치마크하십시오.

Tenable Lumin 평가판에는 Tenable.io Vulnerability Management, Tenable.io Web Application Scanning 및 Tenable.cs Cloud Security도 포함되어 있습니다.

Tenable Lumin 구매

조직 전체에서 인사이트를 얻고 사이버 위험을 관리하는 데 Lumin이 어떻게 도움이 되는지 알아보려면 영업 담당자에게 문의하십시오.

Tenable.cs 사용해 보기

클라우드 인프라 구성 오류를 감지 및 수정하고 런타임 취약성을 볼 수 있는 전체 액세스 권한을 누리십시오. 지금 무료 평가판에 등록하십시오.

Tenable.cs Cloud Security 평가판에는 Tenable.io Vulnerability Management, Tenable Lumin 및 Tenable.io Web Application Scanning도 포함되어 있습니다.

영업 담당자에게 연락하여 Tenable.cs 구매

영업 담당자에게 연락하여 Tenable.cs 클라우드 보안에 대해 자세히 알아보고, 클라우드 계정을 온보딩하는 것이 얼마나 쉬운지 확인하고, 몇 분 내에 클라우드 구성 오류와 취약성에 대한 가시성을 얻으십시오.

Nessus Expert 무료로 사용해 보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

Nessus Professional이 이미 있습니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Nessus Expert 구매

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

프로모션 가격은 12월 31일까지 연장되었습니다.
여러 해 라이선스를 구매하여 비용을 더 절감하십시오.

지원 및 교육 추가