| DATA SHEET

Tenable Passive
Vulnerability Scanner

Product Overview
The Tenable Passive Vulnerability Scanner is a patented network discovery and vulnerability
analysis technology that delivers continuous real-time network profiling and monitoring
in a non-intrusive manner. Tenable Passive Vulnerability Scanner monitors IPv4 and IPv6
network traffic at the packet layer to determine topology, services and vulnerabilities. Tenable
SecurityCenter integrates with Passive Vulnerability Scanner to enable the centralization of
both log analysis and vulnerability management for a complete view of your security posture.

Continuously monitors network

traffic to uncover hidden risks in
hybrid IPv4/IPv6 networks.

Benefits
Determine and identify vulnerabilities continuously in real-time to accelerate threat
remediation and eliminate gaps between active scans
Automatically detect and monitor IPv6-based assets and new or rogue systems that pose a
potential security risk
Demonstrate compliance with both internal policies and key regulatory requirements by
validating configuration management
Focus on incident response by alerting on real compromises
Detect inappropriate use and pinpoint insider threats not detectable by perimeter devices
Detect vulnerabilities on systems that are unavailable to active scans due to sensitivity,
policy or configuration
Politically correct vulnerability scanning without credentials and without possible
disruption of service
Identify sensitive data in motion that could compromise Personally Identifiable Information (PII)

Key Features
Real-time Vulnerability Monitoring
Tenable Passive Vulnerability Scanner continuously monitors IPv4/IPv6 network traffic for a
variety of security-related information including:
Keeping track of all client and server application vulnerabilities
Detecting when an application is compromised or subverted
Detecting and tracking new hosts that are added to a network
Detecting when an internal system begins to port scan other systems
Highlighting all interactive and encrypted network sessions
Tracking exactly which systems communicate with other internal systems
Detecting which ports are served and which ports are browsed for each individual system
Passively determining the operating system of each active host
Passive Vulnerability Scanner is connected to the network segment on a hub, spanned port
or network tap and continuously monitors the data stream, generating real-time alerts and
comprehensive reports for the security, IT and management teams.
Tenable Passive Vulnerability Scanner observes which systems are active, what protocols
they communicate on, what systems they communicate with, what applications they run and
most importantly what vulnerabilities exist. This information is used to efficiently monitor your
network for intruders and worm outbreaks.

Unified Security Monitoring

At the heart of Tenables Unified
Security Monitoring architecture is
Tenable SecurityCenter, our enterpriseclass security monitoring console.
SecurityCenter can manage multiple
Nessus scanners and Log Correlation
Engine servers and provides a correlation
of real-time vulnerability monitoring,
critical log/event monitoring and custom
compliance monitoring capabilities in
a single, role-based interface for users
to evaluate, communicate and report
results for effective decision making.
SecurityCenter organizes network assets
into categories through a combination
of network scanning, passive network
monitoring and integration with existing
asset and network management data
tools, then correlates all this information
with enterprise-wide log data to provide
a comprehensive view of system and
network activity.

| DATA SHEET

Network Web and FTP Monitoring

Passive Vulnerability Scanner offers extensive web and FTP activity
monitoring through direct analysis of the packet stream. By passively
monitoring any HTTP or FTP transaction, Passive Vulnerability Scanner
can determine and report useful information about each host on your
network such as:
All client and server web-based vulnerabilities and applications
A list of all web-agents used on each host
Passive enumeration of all files shared via FTP
Real-time logging of every web GET, POST or file download
Real-time logging of every FTP file GET or PUT
Real-time logging of every DNS query
This data is useful to analyze insider activity, employee activity and
malware infection or advanced threat compromise. Many of these logs
can be sent to the Tenable Log Correlation Engine for further analysis,
correlation search and long term storage.

SQL Database Logging & Monitoring

Passive Vulnerability Scanner also can look at network traffic and
identify SQL devices, vulnerabilities associated with them and log this
activity in real-time. Real-time logs for SQL queries can be sent to the
Log Correlation Engine for search, storage and analysis of attacks
such as SQL injection from web services. Full instrumentation of all
SQL activity can be achieved by combining the Passive Vulnerability
Scanner data with Nessus SQL database configuration and
vulnerability auditing data, as well as log data gathered from a SQL
database server with a Log Correlation Engine agent.

Passive Topology Discovery & Service

Identification Intelligent Banner Analysis
Data is analyzed for specific client or server vulnerabilities by
reconstructing both sides of network communications. Unique protocols,
such as HTTP, SMTP and FTP have specific strings that identify the
version of the service. Passive Vulnerability Scanner identifies these and
associates them with specific vulnerability plugins or tests.

Quickstart Services
Get your Tenable enterprise products deployed quickly and begin
to immediately realize the maximum benefit from your investment
with QuickStart Services from Tenable. Experienced engineers will
implement Tenable best practices for enterprise deployment and
scanning throughout the system. SecurityCenter will be tested end
to end for scanning and other operational capabilities. Contact us at
sales@tenable.com today to learn more!

Industry Awards
Agentless Scanning and Clientless Access
Passive Vulnerability Scanner offers advanced protocol analysis of the
Microsoft SMB protocol. If Passive Vulnerability Scanner is deployed
on the interior of a network where it can see Active Directory network
traffic, it can automatically learn:

A list of all files shared on any folder

Logins and file downloads from a network share in real-time
The ability to passively determine this information in real-time has
tremendous forensic and situational awareness value. For large
networks, the ability to passively determine all shared folder contents
can make identification of potentially sensitive data much easier.
Sending a record of each file that was shared over the network to
the Tenable Log Correlation Engine enables forensic analysis of
employees and malware activity.
READERS
CHOICE
AWARDS

Information Security

BRONZE

Tenable ranked #251 on the list of the 500 fastest-growing technology

companies in North America on Deloittes 2010 Technology Fast 500.
Tenable products are favorites with trade experts and users alike.
Recent awards include:

Each systems hostname and workgroup name

10

In 2011, Tenable Network Security was recognized by Inc. Magazine

as one of the top 1500 companies in the United States, and one of the
top 35 companies in the Security Industry on the Inc. 5000 list.

READERS CHOICE

WINNER

Finalist, SC Magazines Excellence Award:

multiple products and categories in 2007, 2008, 2009, 2010, 2011
Winner, Information Security Magazines Readers Choice Award:
Security Scanner Software, 2009, 2010
Winner, WindowSecurity Magazines Readers Choice Award:
Best Vulnerability Scanner, 2007, and 2009

For More Information

Questions, purchasing, or evaluation:
subscriptions@tenable.comor 410.872.0555, x506
Twitter: @TenableSecurity
YouTube: youtube.com/tenablesecurity
Tenable Blog: blog.tenable.com
Tenable Discussions: discussions.nessus.org
www.tenable.com

Copyright 2013. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, and ProfessionalFeed are
registered trademarks of Tenable Network Security, Inc. Unified Security Monitoring is a trademark of Tenable Network Security, Inc.
All other products or services are trademarks of their respective owners.