Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Mobile Device App Inventory Auditing with Nessus 6.5

In the world of mobile apps, if you are looking for malware, there are apps (yes, plural) for that. How about one that leaks sensitive content? There are apps for that, too. Pick any other mobile attack vector; chances are there is an app for that as well. Regardless of how well your Mobile Device Management (MDM) policies are set up, if mobile apps are not part of your equation, then you are missing a big piece of the problem. After all, a smartphone is only as secure as the most insecure app on it.

A smartphone is only as secure as the most insecure app on it

And with millions of mobile apps to choose from, it seems that the next big opening into your network might just be an app away. To get a sense of how bad this problem is, all you have to do is look around for mobile app reputation services. There is literally a cottage industry built around recommending whether a mobile app is good, bad or ugly.

It’s only natural for our customers to look for a solution to solve this problem. With the release of Nessus® 6.5, we are expanding our MDM auditing capabilities to audit mobile apps installed on mobile devices.

When we set out to tackle this problem, we identified four areas where Nessus could add value. First, provide a way to review which mobile apps were installed on which mobile devices. Second, provide a way to determine whether all required apps are installed. Third, provide a way to verify that only whitelisted apps are installed. And finally flag any non-approved or blacklisted apps. Nessus 6.5 meets all these requirements.

Setup

To use this feature, simply upgrade to Nessus 6.5, use the MDM Config template, and follow the wizard to set up the scan. The existing MDM .audit policies were updated to audit mobile apps to do the job for you.

Scanner templates

Installed apps

The Nessus MDM audit policies are updated in version 6.5 to report on all installed apps.

Before you can start creating a policy around mobile apps, you first need to know what kinds of apps are installed on the mobile devices. The Nessus MDM audit policies are updated in version 6.5 to report on all installed apps.

Installed apps

Required apps

As you start tightening your mobile app policy, you may want to make sure that certain apps are installed on all mobile devices managed by your organization. For example, you may have a requirement to have an anti-virus app or a VPN app installed on all devices. The updated audit policies will help you do that.

Whitelisted apps

Another variant of the required apps feature is the whitelisted apps feature. For example, your organization might decide to approve any app from Google. Therefore instead of approving each individual app, you could have a blanket approval for all apps from Google with a filter such as Google .+. Any app that is not part of the whitelisted pool of apps will be flagged.

Blacklisted apps

And finally, there are certain apps which shouldn’t be installed on mobile devices under any circumstance. This could be due to concerns around malware, privacy or even network bandwidth consumption. Any app that is part of a blacklisted pool of apps will be flagged.

Blacklisted apps

XcodeGhost affected apps

The updated audit policies will also help you look for XcodeGhost affected apps.

Sometimes the best features write themselves and the use cases for them just drop out of the sky. When we set out to implement the blacklisted apps feature in 6.5, XcodeGhost was not even on our minds, and yet when Nessus 6.5 ships, this might be the most important use case for this new feature. The updated audit policies will also help you look for XcodeGhost affected apps.

How are whitelist/blacklisted apps defined?

Now that you know it’s possible to create a blacklisted/whitelisted pool of apps in Nesssus 6.5, the next question you may have is how does one go about configuring these apps? The answer is pretty straightforward. The list is essentially a comma-separated list of apps configurable through the Nessus UI for that specific .audit.

Here’s an example:

Configuring example

Note that it also accepts and regexes version numbers, which is a very powerful way to blanket approve/disapprove apps either by app name or version number. By default, the lists are not defined (.*) and will report a PASS result.

Which MDMs are supported?

Nessus 6.4 includes MDM auditing capabilities for MobileIron and AirWatch, and Nessus 6.5 extends those capabilities to audit Mobile Apps. Nessus 6.5 also includes the ability to audit mobile apps with Apple Profile Manager.

Sample

Sample

Final thoughts

If you watch Nessus releases closely, you may have noticed that Tenable’s mobile story is steadily growing. We first released the capability to detect mobile device vulnerabilities including jailbroken devices; we then followed it up by integrating Nessus with MDM platforms such as MobileIron. And just last quarter we took our integrations to the next level by auditing the MDM policies themselves. Now we are adding the ability to audit mobile apps installed on mobile devices. We’re not done! When it comes to auditing mobile devices, we are just getting started.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training