Summary: Discovering New Hosts - At a recent presentation is was asked of me how one can detect new hosts. Tenable has many products that work towards detecting new hosts. One can do this passively by monitoring network traffic, via Nessus by enumerating virtual machines from virtualization servers, and by looking at the logs collected by LCE. How does one pull all of this information together and act on it? Critical AND Exploitable - Severity rating vulnerabilities is tricky business. How do you rate the risk? The threat? What's the difference? Math aside, there is something to be said for a vulnerability in your environment, one thinks we should fix all of these ASAP, or should we? Scanning the ICS Village - Recently we were able to scan an entire lab of security products and SCADA devices. The results were impressive. We generated over 3GB of network traffic, all scans completed successfully and enumerated several vulnerabilities. While some of the SCADA plugins were written some time ago, they are still very much effective at enumerating vulnerabilities against SCADA devices, and even support ModBus.
