資安軟體-值得您信賴的資安專家,擁有多年資安服務。

Passive Vulnerability Scanner 漏洞掃描軟體

Passive Vulnerability Scanner 漏洞掃描軟體

  • Passive Vulnerability Scanner 漏洞掃描軟體
  • 編號
  • 類別
    資訊資安軟體
  • 介紹
    Tenable Network Security has released version 3.0 of the Passive Vulnerability Scanner (PVS). This version supports realtime vulnerability alerting, enables monitoring of corporate networks for data leakage and completes the re-branding from "NeVO".
  • 價格

Passive Vulnerability Scanner

Tenable Network Security has released version 3.0 of the Passive Vulnerability Scanner (PVS). This version supports realtime vulnerability alerting, enables monitoring of corporate networks for data leakage and completes the re-branding from "NeVO".
A major new feature of the PVS is the ability to stream new vulnerability information in realtime to the Security Center and to the Log Correlation Engine. As the PVS finds new data about the network, it is sent in realtime in logs such as this:
Apr 20 19:58:21 pvs: 192.168.20.22:0|0.0.0.0:0|17|13|new-host-alert|00:11:95:89:d4:8a
Dec 21 10:56:04 pvs: 162.21.99.99:53|192.164.141.12:36788|17|1016|DNS server detection|||INFO
Dec 21 10:56:04 pvs: 169.31.24.219:80|0.0.0.0:0|6|0|new-open-port|INFO
The PVS realtime alerts include:
·        new vulnerability and network data with low, medium and high severity levels
·        new hosts, new open ports, new "browsed" ports, new systems that perform
Internet browsing and new trust relationships between internal devices
·        evidence of compromised systems and serious attacks, such as against SCADA devices
·        detection of internal hosts performing port scans
·        support for detecting a variety of sensitive data in motion and at rest

Example Screen Shots
Below is a screen shot of PVS events on a large enterprise network under the Security Center:
Each of the "events" listed above occurred when the PVS encountered new vulnerability data that it wasn't previously aware of. The LCE normalizes the 1000s of potential PVS vulnerabilities based on their severity levels. In the above screen shot, 26 new vulnerabilities with "HIGH" severity levels have been discovered.
Although not a network IDS, the PVS does discover very useful events which can be fed into the Security Center, the Log Correlation Engine or most SIM products. Below is a screen shot of several PVS events intermixed with IDS events from an Intrusheild IPS. There are several different port scan events as well as two Windows error event detections.

Log Correlation Engine Support
With this release, a separate Log Correlation Engine library for PVS events has been produced, and several of the existing correlation scripts have been updated to take advantage of the new events. These include
·        tenable_pvs.prm log normalization library for PVS events
·        botnet_with_scan.tasl correlates detected IDS Botnet events with the same host performing a port scan
·        detect_change.tasl now also processes new host and new open port events from the PVS (Note: this script can be extended to alert on new trust relationships, new Internet browsing and new client side port browsing if desired.)
·        ids_event_followed_by_change.tasl considers changes in host configurations or behavior after being attacked. Now supports detected attack events from the PVS.
·        new_host_portscanning.tasl uses PVS events which identify new hosts and port scan events to discover when a new device immediately begins port scanning.
·        portscan_spike.tasl now uses port scan and host scan logs from the PVS, along with any portscan log from supported IDS and firewall devices to look for short term spikes in scanning activity.
·        windows_crashes_and_restarts.tasl now makes use of PVS ID #4722 which sniffs Windows error messages being sent back to Microsoft. The script considers this event along with Windows OS events such as crashing applications and system restarts to look for failed worm attacks and even failed compromise attempts.

lce_tasl.prm is the LCE PRM library which normalizes events from the TASL scrips. This file should be updated on your LCE if any of these modified TASL scripts are implemented.
 

Advanced Encryption Package 2009 Professional 檔案加密軟體

Advanced Encryption Package 2009 lets you encrypt/decrypt/shred/make sfx .exe/zip files. This program was included into PCWorld's 5 top encryption tools of the year. This program has a nice and clean user-friendly interface and full ZIP files support.

特價0

Advanced Encryption Package 2009 Professional 檔案加密軟體
Advanced Encryption Package 2009 Professional 檔案加密軟體

CryptoExpert 2010 Professional 硬碟加密軟體

CryptoExpert是行動硬碟加密軟體。它是大量加密的檔案在您的硬碟。在G,H,I,J槽等所設定的一般硬碟可以看這些加密檔案(這是被要求您輪入密碼)。您使用在硬碟中任何程式包括Microsoft Word, Excel, Windows Media Player等程式,您也能移動所有您私人的影音從數位攝影機到這個加密的硬碟。

特價0

CryptoExpert 2010 Professional 硬碟加密軟體
CryptoExpert 2010 Professional 硬碟加密軟體

SNMP informant

SNMP Informant provides in-depth Windows performance and configuration data to industry standard SNMP Network Management Systems.

特價0

SNMP informant
SNMP informant

公司資訊

立即聯繫

透過以下方式迅速的聯絡我們

2018© Copyright All Rights Reserved

蘋果網頁設計
資安軟體量身規劃資訊安全零死角,提供有效方案,以期協助企業運用新科技改善及提升其商業服務及價值,資安軟體達到運用新科技最佳化商業營運及價值的目標。秉持讓客戶可以安心、輕鬆、有效的享用現代科技有線網路。資安軟體秉持讓客戶可以安心、輕鬆、有效的享用現代科技有線網路