“Nessus is by far the most widely used assessment tool in the SCADA community and does a great job of identifying vulnerabilities in IT components and applications. However, control system components and applications also have inherent vulnerabilities and assessment information, and no tool on the market today has this SCADA intelligence” says Dale Peterson of Digital Bond. “We believe partnering with Tenable is the best way to bring these needed SCADA component and application tests to the community.”
In this first stage of the partnership, vulnerability checks (“plug-ins”) will be developed for selected SCADA protocols, PLC’s, and SCADA/EMS applications. A broad set of initial plug-ins is planned to demonstrate the value of adding SCADA intelligence to assessment tools. The plug-ins will perform reconnaissance, identify vulnerable configurations and test for what is expected to be a growing number of unpatched, known SCADA system vulnerabilities.
The initial set of SCADA plugins are scheduled for release on November 1 and will be made available for Nessus through Tenable’s Direct Feed subscription or through the use of Tenable’s Security Center.
“Digital Bond is highly regarded in the SCADA community and Tenable is pleased to be working exclusively with them to provide in this type of research to the Nessus and Tenable Security Center customer base,” commented Ron Gula, CEO of Tenable Network Security.