Further Identification of Web Browsers and Email Applications in Tenable Vulnerability Management

For example, If we wanted to identify endpoints which had Chrome installed, we could filter on pluginID = 20811, with a Plugin Output = *chrome* (asterisk specifies a wildcard element).

Begin by navigating to the Findings page and we would get results similar to the following screenshot, which shows results for all the hosts which have Chrome installed:

Further Identification of Web Browsers and Email Applications in Tenable Security Center

For Tenable Security Center, the process is similar. From the Analysis tab, filter on pluginID = 20811 (1), with a Vulnerability Text contains chrome (2) (REGEX can also be used if REGEX is selected in lieu of “Contains” from the dropdown) and we would get results similar to the screenshot below, which shows results for all the hosts which have Chrome installed.

The plugin output contains the version of Google Chrome and the date the application was installed. Additional searches can be performed using specific application version searches if so desired. Filters created here to refine search results, can also be used to refine vulnerability results displayed within components.

Restrict Unnecessary or Unauthorized Browser and Email Client Extensions

Organizations need to determine which browser extensions are authorized, and which ones are not. Once this determination is made, restrict either through uninstalling or disabling any unauthorized or unnecessary browser or email client plugins, extensions, and add-on applications.

There are Tenable Nessus plugins, which detect or enumerate extensions, such as plugin 96533 - Chrome Browser Extension Enumeration and 133180 Chrome Browser Extension Enumeration (macOS). If the proper credentials are utilized, these plugins will enumerate Chrome extensions for all users.

In both of the examples below (Tenable Vulnerability Management and Tenable Security Center), the plugin output contains information regarding the:

  • User who has the extension installed

  • The Name of the Extension

  • The Version of the Extension

  • The date of the Last Update

  • The installation Path

This allows analysts reviewing the information and the administrator or operational staff to have the most complete and reliable information needed to take corrective action.

The plugin output contains the version of Google Chrome and the date the application was installed. Additional searches can be performed using specific application version searches if so desired. Filters created here to refine search results, can also be used to refine vulnerability results displayed within components.

Tenable Vulnerability Management

Tenable Security Center

Anti-Malware Protections

Malicious software or “malware”, is software designed to cause harm to information systems and is one of the biggest challenges organizations face in maintaining cyber hygiene. Malware exploits weaknesses and vulnerabilities to make software or hardware perform actions not originally intended. Malware is constantly evolving and the software used to detect the presence of malware must be kept up-to-date to ensure accurate and efficient detection of emerging threats from malicious code. Anti-malware software includes both signature and non-signature methods of detection, and is frequently updated to leverage new advances in technology, such as machine learning and artificial intelligence. New malware is created and released almost daily. Keeping anti-malware software up-to-date involves applying patches when they become available to fix bugs or vulnerabilities and to update to the latest stable version to leverage the latest features. Any signature based anti-malware rules must be updated with the latest signatures from the vendor to ensure the latest known malware is detected.

For more information on malware detection, visit the Malware Defenses Cyber Exposure Study.