Kubernetes is one of the hottest new topics in today's industry, and Tenable's VP of Cloud Engineering, Christos Kalantzis, is here to give you the breakdown - and how to pronounce it! We have global openings if you want to learn it: https://careers.tenable.com/kubernetes
Views: 49291 Tenable
Learn how to easily create compliance and system hardening policies in Nessus v6!
Views: 17394 Tenable
Jay “Saurik” Freeman (@saurik), developer of Cydia, the alternative to the App Store for jailbroken iPhones, is passionate about vulnerabilities. At the 2015 Black Hat Conference in Las Vegas, we spoke to Saurik about how his passion for vulnerabilities generates the same sense of wonderment as watching a magician. When a magician does a trick, he makes you believe he’s doing one thing, but he ends up doing something else. Security researchers are doing similar magician-like behavior when they’re exploiting vulnerabilities. In a show of bravado, they’ll create a sequence of events that you thought were impossible. I asked Saurik if he knew why so many companies who are aware of vulnerabilities take months to fix the bugs. One problem, is that they’re not set up to differentiate between important and unimportant bugs. Because they can’t make a decision internally, bug fixes end up languishing. Then there are some companies that do know about bugs and they fix them quickly, such as Google, said Saurik, but they rely on third parties to get that bug distributed. Google’s failure to distribute the bug fixes to the panoply of Android devices compounds a simple problem into an ever growing problem. The known bug has a second life as it gets installed on new Android devices months, if not a year, after the vulnerability was originally exposed. These zero day vulnerabilities end up living on as “forever day” vulnerabilities.
Views: 4764 Tenable
This video shows you how-to get started using the Nessus vulnerability scanner, including: Where to download Nessus Introduction to policies, scans, and reports Performing an asset discovery scan Running a network-based vulnerability scan Configuring a patch uditing scan Performing a configuration audit Detecting sensitive data (SSN & credit cards) Running web application tests Reporting & filtering Risk analysis and compliance (PCI DSS)
Views: 221140 Tenable
When the Nessus vulnerability scanner identifies a virus, the logs and network activity associated with the infection can be analyzed by Tenable's Log Correlation Engine. In this example, a target system is infected with GameVance adware and logs from the Windows system as well as network traffic are analyzed with the Log Correlation Engine.
Views: 4371 Tenable
Whether it's your first year attending or you're a seasoned conference-goer, we wanted to share some tips that we learned along the way. If you're interested in working in Cyber Exposure, get ahead of the crowd and check out our open jobs here: https://careers.tenable.com/grace-hopper-celebration-2018
Views: 1905 Tenable
Demonstration video of Tenable's Log Correlation Engine for log search of normalized and un-normalized logs. Video shows search of Windows event logs, SSH authentication, router and network traffic.
Views: 5453 Tenable
“It’s the best thing in the world. It’s like having the shiniest toy on Christmas,” said Neil “Grifter” Wyler (@Grifter801), of what it’s like to set up, run, and thwart off hackers from penetrating the NOC (network operations center) at the 2015 Black Hat Conference. The NOC at Black Hat is responsible for all network operations at the conference. This includes the training, briefings, and conference wi-fi. Wyler is one of the leads in charge of setting up the NOC. This year is the first year they’ve opened the doors of the NOC to the public, so anyone can see what they’re doing. They’re literally in a glass cage and onlookers can come by and gawk. Not everything is necessarily appropriate for the public such as IP addresses (which had to be hidden before I began filming), silly behavior, and sleeping on the floor. Luckily, this year there was a significant upgrade and Wyler and his staff will be sleeping on couches.
Views: 4392 Tenable
“I like to measure the performance of the team,” said Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 Black Hat Conference in Las Vegas. “I like to see metrics about people, about process, about technology. There isn’t one metric that works since it’s such a complicated and moving target… right now companies have to use the data that they have to figure out if their teams are effective.” Schneier feels that certain metrics, such as blocked attacks, don’t really provide a gauge of how secure you are. “Metrics can tell any story. Question is what story do you pull out of the data? Right now my worry is there’s too much data, too many metrics. You can say anything,” said Schneier. “But really, you’re making up a story with the data.” What you really need to do is measure the team’s performance. How are they doing? “If you can measure when and if your team responds and how they respond and how they react and how fast they close serious incidents then maybe you have something,” said Schneier who realizes that a lot of current metrics aren’t that useful. “How do you measure how effective you’d be against a Sony-like attack? You kinda can’t.” Here at Tenable we try to help security teams explain to the business their current state of security. It’s a hard thing to define, and it’s even harder to communicate. “There aren’t any really good pithy ways for the CISO to tell the board we’re doing OK, we’re not doing OK. It’s going to be gut. You’re going to stories instead of data,” said Schneier. “But there is this disconnect because it’s such a technical topic and the board really wants a soundbite.” FUTURE OF ENDPOINT SECURITY I shifted the conversation with Schneier to talk about endpoint security, and asked him how vigilant he felt we are with the proliferation of devices. “I worry less about computers and more about the cheaper devices – phones and the embedded devices, the Internet of Things. The endpoint security there is really terrible,” said Schneier. For all the unknown devices that perpetuate our networks, Schneier pointed out two competing visions. The first is requiring minimum standards for devices on the Internet. Any such requirements seem difficult if not impossible to enforce. The other, which seems more plausible, said Schneier, is that the network needs to be smarter. The reality is there are always going to be unknown devices on every network. The goal is to get security in spite of that.
Views: 1230 Tenable
In this segment we talk about how Nessus supports scanning, auditing, and patch checking for several different firewall and router platforms. We also discuss how you can integrate Nessus with your patch management systems.
Views: 2841 Tenable
How to enable and use the Nessus plugins which identify mobile devices and vulnerabilities from your MDM (Mobile Device Management) servers.
Views: 12907 Tenable
Accurately identify, investigate and prioritize vulnerabilities. Managed in the Cloud. Tenable.io® is an integral component of the Tenable Cyber Exposure Platform that provides actionable insight into your entire infrastructure’s security risks, allowing you to quickly and accurately identify, investigate, and prioritize vulnerabilities and misconfigurations in your modern IT environment. Learn more at: https://www.tenable.com/products/tenable-io
Views: 1451 Tenable
Tenable Research discovered a critical vulnerability named Peekaboo permitting remote code execution in IoT network video recorders for video surveillance systems that would allow attackers to remotely view feeds and tamper with recordings. Here's an overview of how it works. Learn more on the Tenable blog: https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
Views: 2465 Tenable
Watch a preview video of the topics that will be discussed on a webcast featuring Ron Gula, CEO of Tenable Network Security, and guest Rick Holland, principal analyst with Forrester Research. Register for the Webcast: Americas: http://go.tenable.com/934XQB56800018c00bIdV00 EMEA: http://go.tenable.com/934XQB56800019b00bIdV00
Views: 1231 Tenable
This video provides information on how to perform Nessus vulnerability scans on a schedule, email the reports to the appropriate people, and modify the results.
Views: 9053 Tenable
In the first video of the series, Zach discusses the NIST 800-53 Dashboard for Configuration Auditing, which captures and automates the CCI families and their associated checks. You’ll hear how to configure, deploy, and use these checks to assess network issues.
Views: 1028 Tenable
Tenable Network Security has released SecurityCenter 4.6 and PVS 3.8. These new updates to SecurityCenter and the Passive Vulnerability Scanner include several new features and enhancements. Adding to the long-standing IPv6 capabilities of Nessus, both SecurityCenter and PVS now support IPv6. Combined, these create the only truly comprehensive IPv6 vulnerability assessment and management suite in the industry, and expand SecurityCenter CV's continuous monitoring capabilities to include IPv6 and dual stack IPv4/IPv6 environments. Other notable features include new asset creation tools, HTML5 dashboards, and multiple reporting enhancements. Watch this introductory video to see several of the new features and enhancements to SecurityCenter and PVS.
Views: 3061 Tenable
“Eighty four percent of Americans want something to be done with hacking,” said Dan Kaminsky (@dakami), chief scientist at White Ops Security, in our conversation at the 2015 Black Hat Conference in Las Vegas. That’s amazing to Kaminsky who claims you can’t get 84 percent of Americans to agree on anything. “These security problems are not just mainstream, they’re part of everyday life for everybody,” added Kaminsky. “But there’s consensus like there’s almost never consensus about anything… I see that consensus as being able to drive real genuine change. ” I responded by saying that consensus may be the result of people being more frightened by the increasing number of breaches. Kaminsky argued that we’re just aware of a problem that had always been there. We just didn’t’ know about it. “When I see that breaches are way up, you think it’s because breaches are way up. I think it’s because our detection and correction of them is finally starting to happen,” said Kaminksy. “[Because of this newfound visibility,] the era of hopefully permanent compromise is I’d like to say, if not coming to an end, at least everybody’s realizing just how bad it is.” Kaminsky went on to predict that the country that figures out how to host secure networks is going to host the next Silicon Valley. He bases his prediction on what has happened in the auto industry. The U.S. use to be the dominant player until Japan figured how to build cars better and that diminished the U.S.’s dominance in auto manufacturing. I argued that startups in Silicon Valley don’t build any security into their product. Kaminsky said that this can be remedied by building security tools for startups just like we’ve build tools for entrepreneurs to construct businesses. “We want to go ahead and tell the world this is how you build societies, this is how you build business. You use technology in a way that advances the speed of information,” said Kaminsky. “If we want to be able to tell people to do this, it has to be able to survive the onslaught and it’s not right now.”
Views: 698 Tenable
We’ve more than tripled our Dublin team in the past year and we’re looking for additional engineers to enjoy the views of the Liffey from our new Dublin Docklands office. View our open roles here: https://careers.tenable.com/dublin-research-developer-jobs
Views: 836 Tenable
“As a business or as an individual you have to make a choice. Should I do this thing, whatever it is, on my computer and on my network or on a cloud computer on a cloud network,” asked Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 RSA Conference in San Francisco. Whatever you choose, you’re going to be making a tradeoff. Schneier recommends you first look at who your adversaries are. “If your adversaries are a cybercriminal I bet Google can do a better job at securing your stuff than you can. If your adversary is the U.S. government, Google will respond to court orders and not tell you about it, so maybe you’re better keeping it. It’s going to depend on what you’re worrying about,” said Schneier, who runs his personal email on his own computers, not so much for security reasons, but for control. He doesn’t want Google looking at his email or sending him advertising. Schneier understands that by hosting his own mail versus cloud-based mail will mean he’ll have to give up the ability to have access to his mail from any device and the ability to use Google’s anti-spam and Gmail features. In exchange, Schneier gets to use Eudora, his favorite email program. Plus, he can read his email on airplanes. For him that’s much more important. For a lot of people it’s not. If your business is moving to the cloud, you’ll have to ask similar questions. “Business service is the same way. You put stuff on the cloud you get a lot of benefits. You get a lot of benefits of the cloud services, the management of interactions among customers, you lose the ability to control it locally. Now for a lot of applications and a lot of businesses, that’s a really good trade off. It’s more reliable, it’s cheaper, it’s more feature rich, and you don’t have to manage it. That’s a plus. You don’t what country your data is in, maybe. That could be a minus. You don’t know what governments are accessing it. That could be a minus. For most companies I don’t think they care very much. It really depends on who your adversary is, what you’re worried about, and what your tradeoffs are,” said Schneier. Check out Schneier’s full video in which he talks about cloud computing trade-offs. I decided to keep a couple of other conversations we had about people’s exhaustion with security warnings and what management needs in order to make decisions about security.
Views: 710 Tenable