Securing The Enterprise With Enhanced Security Management Tool - Nessus

Abstract

Problem: With the increasing digital world practices, the number of devices participate in the network and the number of devices to service and support also gradually enlarged to a countless level. Parallelly the silent killers vulnerabilities also getting increased and impacting many businesses because of the lack of awareness about the vulnerabilities and periodic scans with appropriate actions. Hence the periodic scan and detection of vulnerabilities is important to ensure all the data, devices in the network are secure.

This Project plan and implementation is recommended for Somnet Corp, a fictitious US based Infrastructure Consultancy services company. The company is strengthened with 5000 employees, 7000 workstations and 800 servers to provide the services to clients. But the company is lacking much with security policies and the periodic scans of the vulnerabilities which led to huge business impacts and losses due to the poor security management.

Plan: The suggested plan to secure the company is to deploy an enhanced security management tool (Nessus Vulnerability Management Tenable Security Center) to scan, detect and suggest the actions required to remediate. Along with the security tool, the employees must also be provided awareness about the vulnerabilities and trained with the actions to be taken to ensure the physical vulnerabilities also addressed to secure the enterprise.

Research Methodology: Before formulating the implementation plan, the research on the existing logical and physical vulnerabilities on the assets are assessed. Then the criticality of the actions to be taken are categorized to design the policies and schedule scans. Finally, the discussions with the stakeholders, employees are conducted to make sure the proposed solution addresses all the security issues of the Enterprise.

Implementation Proposal: The implementation process of the proposed plan involves phase by phase steps as below:

Phase 1: Planning This phase works on Inventory checks, defining policies and scans, formation of responsible team

Phase 2: Test Implementation This phase is designed for Testing the Nessus installation, remediate actions on test machines

Phase 3: Implementation This phase is involved with Installation of Nessus on production with configuration of policies and scans, followed by scanning and remediate actions with risk analysis

Phase 4: Review and fine-tune the process This phase is responsible for re-scan check of remediated machines and the updated training to the security team members

Proposed outcomes: The outcome will result in the secured network environment of the Enterprise with the periodic scans of vulnerabilities in place with the Nessus tool and ensures the data and devices will be free from vulnerabilities and secure enough to run the business without impacts. Also, it will result in an easier and faster single management console to take care of the security tasks throughout the network which all the above will lead the company to next generation security model implementation to improve the business with the reliable network security environment.

This resource was uploaded by: Sathiyapriya