Tenable.

io Cloud Script

Tenable.io Cloud “SaaS” Platform walkthrough is made
up of several key points which are listed below.
• Platform Overview:
• Key Capabilities:
o Elastic Licensing Model
o Asset Model Licensing
o Asset Tracking
o Unlimited use of Sensors
• Highlight Features:
• Use Cases:
o Internal Assessments
o External Assessments
o Scan-less Assessments
o Agents Assessments
o Mobile Device Assessments
o Cloud Assessments
• Tenable.IO SaaS Benefits

Channel Partner Tenable.io Saas Demo Script Walkthrough

Start the Demonstration by logging into https://cloud.tenable.com with your

"jane.doe.partnername@partner.io" account. If you do not have
a @partner.io demo account, please reach out to your Channel SE contact
to set one up for you.
Platform: Integrated Cyber Exposure Platform (Intro)
Tenable.io is the first Cyber Exposure platform that is built on modern
architecture and delivered as Software as a Service “SaaS” Model.

Tenable.io delivers visibility and insight for all legacy and modern assets.

Tenable.io allows an organization the ability to automate and orchestrate the

lifecycle of the Vulnerability management process and methodology, in a holistic
approach. That approach includes:

1. Discovery
2. Assessment
3. Remediation
4. Validation

---Pause---

Let’s begin with a quick overview of Tenable.io and some of the terms we’ll
use throughout this demo; Workbench, Dashboard and Report:
Workbench:

Tenable.io provides quick insight by utilizing various Workbenches. The

workbench shows near real time data view by Vulnerabilities found and
categorized by Asset.

The Vulnerabilities Workbench breaks down the use of Tenable.io, by your scan
operations, vulnerabilities detected, plugins used, and information about your
scanned assets.

Dashboards:
(Navigate to Outstanding Remediation Tracking Dashboard)

Dashboards are helpful for tracking program success they allow you to report on
the vulnerabilities for over a period of time. They help provide you with the
number of scans run over a given time, the types of scans being run, and what
percentage of data came from authenticated scans vs. what failed.

With Tenable.io you can generate reports in a multitude of ways. The first
approach uses a variety of built-in dashboards.

Dashboards use cumulative data gathered from all sensors and all of the scan
results data. This method provides the most comprehensive view of the overall
program.
You can export any dashboard in a variety of formats for easy distribution. Or,
you can also use our advanced filtering capability to narrow the results displayed
in the dashboard.

This is very useful when creating different reports; for example, a report for your
system administrators showing all vulnerabilities within the past 30 days that
have not yet been patched and or remediated.

This helps target results providing only the relevant information to the desired
audience.

Reports:
(Navigate to Reports Tab)

Prevent information overload by creating reports that other team members can
use that is specific to their job, workflow and task. A simple and intuitive way to
share information and results are utilized for our built-in report templates. These
reports are quick to create and to identify many of the top threats and display the
oversight of the Vulnerability Management program metrics.

Similarly, as with other workflow, Workbench and Dashboard these items can be
shared with team members within Tenable.io, or exported for distribution in
various format for further evaluation and dissemination.

When a new high-profile threat is disclosed, you can quickly scan your assets
specifically for that threat. You would create a report using those scan results
and send it to concerned stakeholders in order to help determine the business
impact as well as the best way to mitigate the threat.

(Navigate back to Dashboards Tab)

Tenable.io gains even more intelligence by integrating third party data into its
platform including threat intelligence, asset data, and other indicators of security
health.

By adding context to the asset’s exposure, organizations can prioritize

remediation based on the asset’s business criticality and the severity of the
issue.

Tenable.io can easily integrated into third party Security and IT Operations tools
including ticketing, CMDBs, and systems management to prioritize remediation,
enhance IT service delivery and integrate Cyber Exposure into your
organization’s overall IT risk and compliance framework.
---Pause---

Let’s Look at Some of the Key Capabilities:

(Migrate to the Scans, Office – Network Monitor Scan)

Tenable.io includes an Elastic Licensing Model and Asset Tracking

Elastic Asset Licensing partners Tenable with customers to cost-effectively
secure customer networks. It includes the following features:

• Assets, not IPs tracking and licensing: Tenable.io Vulnerability

Management analyzes multiple asset attributes, not just IP addresses, to
identify an asset. A proprietary algorithm matches newly discovered
assets with already discovered assets to eliminate double-counting and
ensure more accurate vulnerability reporting.
• We also Provide Balanced, not high-water licensing: Tenable.io
Vulnerability Management allocates licenses only to assets that have been
seen in the previous 90 days. It automatically reclaims licenses for assets
that have been decommissioned, scanned inadvertently or are active
infrequently. Tenable.io Vulnerability Management retains the vulnerability
and configuration data from those assets so there is no downside to
automated license reclamation.
• True-up, not lock-out: Tenable.io Vulnerability Management enables
customers to monitor and adjust license consumption and then true up
 when necessary. It does not automatically lock out functionality if the
license is temporarily exceeded.

So, What are the Benefits of an Elastic Licensing Model Value?

• Customers can purchase the right amount of licenses, based on asset

quantities, not inflated and constantly variable IP counts.
• Customers avoid time-consuming and often inaccurate projects needed to
reclaim licenses from decommissioned and/or inadvertently scanned
assets.
• Finally, Vulnerability management metrics are not corrupted by double and
triple counting vulnerabilities for assets that have multiple IP addresses.

---PAUSE---

Now Let’s Look at Tenable.io and How you can Utilize Unlimited
deployment of Sensors:
(Navigate back to Dashboards and then to Assets Workbench)

Sensors utilized with Tenable.io include, Nessus, Nessus Network Monitor,

and Agents

Because Tenable.io is now licensing based on Asset vs. IP address, we

allow you to deploy any number of scanners and mix and match Nessus
 scanners, Network Node Monitors, agents and/or connectors. This helps
to ensure you have sufficient coverage, high availability and load
balancing in your scanning infrastructure to meet your needs. You can
see here on the right hand side which sensors detected which asset as
well as first seen and last seen data by hovering over the Source Icons.

In Review, Unlimited Sensors Provide Real Value:

What this says for you as the customer is that you are no longer paying for
the scanning engines and or agents, as you do with many other
vulnerability management companies. This is not only a cost savings but
allows you to change your vulnerability management ecosystem as your
network and Cyber Security exposure risks change.

---PAUSE---

What are the Tenable.io Asset Discovery and Asset Tracking methods:

By connecting various sensors to Tenable.io, you can discover all of your assets
across your organization. The discovery methods include scanning with Nessus
Scanner on premises, Nessus Cloud Scanners, Nessus Network Monitoring
and/or Nessus Agents.

By simply creating and launching a scan of your environment using the built-in
Host Discovery Scan Template and on-site Nessus Scanner, you can begin to
populate Tenable.io with asset data within minutes of deployment.

For externally facing asset with direct access to the internet or in a DMZ you can
utilize our Nessus Cloud base scanners to identity all of your external devices.

Passive listening is another effective way to identify all approved assets and
rogue assets on your network by utilizing Nessus Network Monitor sensor on
premises for a set of IP address space. This is very effective for continuous
vulnerability scanning and provide vulnerability insight between active scans.

You could also identify assets using Nessus Agents incorporating the agents in
your organization standard system image is an easy way to deploy them this
ensures all newly deployed assets including desktops laptops, critical servers,
virtual machines and cloud-based systems can be accounted for and scanned.

---PAUSE---
Let’s Take a Minute and Review Some of the Use Cases:
(Navigate to the Scans Tab and Select ‘New Scan’)

Keep in mind that we’re only covering a handful of the Detection use cases here
and yours may vary. These are some of the most popular use cases used today
in Tenable.io.

Our First Detection Use Case is Internal Assessments:

(Highlight Host Discovery, Basic Network Scan, and Advanced Network Scan)

Internal Assessment are a crucial part of any Cyber Exposure framework

because your internal assets represents the largest part of your Cyber Exposure
Risk. The goal is to identify and gather data for all of your internal assets
including infrastructure devices; this mean servers, databases and network
equipment as well as end-user asset such as laptops and desktops. You gather
data by strategically and using them and more.

These are also very useful in detecting the non-standard assets that we see in
the workforce these days. As the explosion of IOT continues, so does the threat
surface for any attackers that attempt to circumvent security controls or exploit
vulnerabilities within your network beyond the traditional infrastructure devices
mentioned earlier. This is what we call Cyber Exposure. Here, we would
initially utilize the Host Discovery Scan and then could chose a number of other
choices for additional scans, such as the Basic Network Scan or Advanced
Network Scan.

Another very useful scan is looking at External Assessments or the

“Hacker View”:
(Again, highlight Advanced Network Scan)

The main reason for conducting external assessments is to Identify areas of

weakness on your public-facing assets you must understand exactly which
assets are vulnerable because they could be easily exploited by anyone with an
exploit toolkit.

One strong reason for scanning against your public IP space is to identify assets
you didn't even know you had typically external scans gather data from the
hacker point of view.

It doesn’t require any deployment of any sensors and most of the time, external
scans typically don’t require any credentials or authenticated scans.
An external scan can be configured and run within 5 min of launching the
Tenable.io portal. An Advanced Network Scan here utilizing the Tenable.io cloud
based scanners help provide you external visibility into your infrastructure.

Let’s take a look at Credentialed Patch Auditing “Scan-less Assessments”

(Highlight Credentialed Patch Auditing)

Patching everything is impossible, so it’s important to identify everything on a

given network. This allows organizations to prioritize and make informed
decisions on what gets patched and when.

Credentials Patch Audit integrates and queries the endpoint management

platforms including Windows WSUS and SCCM, IBM Tivoli Endpoint Manager,
Red Hat Network Satellite, and Dell KACE, to name a few.

This helps to better prioritize unpatched systems along with their vulnerabilities
and for distribution of updates and hotfixes.

Our Next Detection Use Case: Agents Assessments “Mobile Workforce

Assessments”
(Navigate to the Agent tab)
Agents can be installed on any supported asset whether it's in the cloud or on a
private network because agents do not require you to open any inbound
connections towards or on sensitive systems.

They are an ideal way to scan for remote or mobile workforce and also works
great in cloud environments. Agent scan is the same as for a credentialed
internal credentials assessment that gather similar data on the systems.

Well, what about all of those mobile phones, tablets and non-corporate
owned devices? We offer Mobile Device Assessments in that case.
(Navigate back to the Scanner Tab, highlight Mobile Device Scan)

You can utilize Tenable.io to connect to supported mobile device solution, or

MDMs, to gather data from devices your organization manages.

This assessment method identifies Device Ownership, Applications, Operating

Systems, Vulnerabilities and more depending on the mobile device management
platform. As the world of BYOB expands, and the workforce becomes more and
more mobile, all while accessing sensitive data, this continues to become an
important step in effectively assessing your Cyber Exposure.

Our Last Detection Use Case we’re going to cover today is Cloud
Assessments
(Highlight Audit Cloud Infrastructure Icon)

Cloud assessments gather similar data to a cloud provider for example you may
have systems and services with Amazon Web Services to support your business.
To assess those workloads, you can either deploy a pre-authorized Nessus
scanner with an AWS; or install agents on individual EC2 instances.

Gathering data from your cloud architecture is as important as gathering data

from your on-premises assets. The result of the assessment is identical to the
assessments of your internal infrastructure.

We’ve touched on just a few of the available scans and capabilities of Tenable.io
SaaS offering.

Let’s look at some of the benefits of Tenable.io as a Cloud Based or Saas

offering:
(Navigate back to the Dashboards Tab)

Tenable.io SaaS solution provides many benefits, among those are:

• It delivers modern asset and data protection for organizations that

prioritize a cloud based solution.
• It does not require additional staff to procure, build, and maintain a
separate infrastructure to support Tenable.io
• It is built on a very highly available platform and is the ONLY Vulnerability
Management company that offers an SLA for availability and uptime. The
SLA is available online for review.
• It simplifies upgrades and patching to core systems as those are self-
contained, and is self-managed by the professionals at Tenable.
• There are effectively no limits to maximum deployment size with SaaS
 solution
• PCI ASV is available as part of our SaaS platform
• There is also an associated direct cost savings with the SaaS solution vs.
an on-premise solution.

Thank you for your time today.