Tenable announced new malicious process detection capabilities on Windows computers for the Nessus vulnerability scanner. This new functionality complements and extends AV solutions and empowers businesses to discover often-overlooked and difficult-to-detect malicious software like Flame.
Nessus’ malicious process detection enhances an organization’s AV strategy by red-flagging threats which often slip through the cracks, including malware specifically designed to avoid and target corporate AV solutions.
This new feature, which is available immediately for Nessus, Perimeter Service, and SecurityCenter customers, extends Tenable’s ability to help organizations fight malware and APTs including:
- Identification of infected systems by leveraging the power of dozens of industry-leading antivirus engines
- Identification of botnet infections, systems connected to known botnets, and websites hosting malicious content associated with botnet propagation
- Auditing an organization’s antivirus agent for vulnerabilities, out-of-date signature rules, and misconfigurations.
“When targeting an organization, cybercriminals will create viruses which are designed to bypass detection of whichever antivirus technology is deployed,” said Ron Gula, CEO of Tenable Network Security. “With this new Nessus feature, the power of multiple antivirus industry technologies can be leveraged to identify malicious software that has slipped through.”
Nessus uses multiple methods to detect malware by scanning networks for evidence of infection — including known Trojans, APTs, and backdoors — and with this plugin, by comparing cryptographic hashes against a database of known malicious hashes. Leveraging technology from ReversingLabs, the expansive database of malicious hashes integrates intelligence from a wide variety of AV vendors, effectively enabling Nessus users to scan running processes with 25 AV solutions at once.