The Importance of Protecting and Managing Privileged Credentials for Security Scanning
| Guest Blogs |
Guest Post — by Manish Patel, Sr. Solutions Marketing Manager, Tenable Network Security
According to the Verizon Data Breach Investigations Report (DBIR), vulnerability management and continuous monitoring programs can be very effective in proactively preventing breaches as well as detecting compromised systems. As with many enterprise applications, vulnerability management solutions require the same level of access to privileged account credential as IT administrators. When performing a security scan or compliance audit, privileged access to target systems is often necessary in order to obtain richer scan results. Organizations understand this, but they also have a difficult time managing, maintaining and securing related credentials. When it’s done manually, it’s cumbersome.
Case in point, I recently met with an IT director for a retailer to understand how he uses Tenable products. I was surprised to learn that his team was not using the full capabilities for credentialed scans. I proceeded to share the benefits of credentialed scanning, noting the advantages over remote scanning. For example, I explained credentialed scanning can identify whether a patch for a given vulnerability has been applied in a method that is far more accurate (and safer) than running a remote check. Tenable’s credentialed scans can detect client side software in addition to software vulnerabilities and are executed on the host itself rather than across the network – a process that is not disruptive to operations and consumes far less system and network resources. Credentialed scans also offer deeper insight, providing greater visibility into the host by reading password policies, obtaining a list of USB devices, checking anti-virus software configurations and even enumerating Bluetooth devices attached to scanned hosts.
Yet, despite all the benefits, the IT director’s simple response was that it was too difficult to manage credentials individually on multiple security solutions in their distributed environment.
This customer’s challenge – the same challenge faced by many enterprise security professionals – highlights the impetus for Tenable and CyberArk’s technology integration which enables customers to maximize their existing investments and ease the process of protecting and managing privileged credentials for scanning across the enterprise.
Using Tenable’s Nessus® vulnerability management solution and SecurityCenter Continuous View™ solution with CyberArk Application Identity Manager allows customers to secure and centrally manage privileged credentials to hosts for vulnerability, compliance, malware and web application scanning.
This diagram provides a high-level visual of how the products work together:
When a credentialed scan is needed, Tenable’s solutions are configured to automatically query the CyberArk solution for privileged credentials. CyberArk provides the requested privileged credentials, and Tenable’s solutions use them to log into the target system to perform vulnerability and configuration auditing.
For the IT director with whom I spoke and many others in a similar situation, this integration offers the benefits of performing credentialed scans while at the same time eliminating the need to manually configure, store and rotate privileged credentials. This provides secure management and monitoring of privileged and administrative credentials. Furthermore, this integration allows organizations to more thoroughly address enterprise wide security mandates to lock down privileged credentials.
To learn more about the integration, please visit the Technology Integrations page on Tenable’s website. Visit CyberArk’s web site for more information about CyberArk Applications Identity Manager. For technical details on configuring the solutions, please contact your Tenable or CyberArk support team.