Kubernetes is one of the hottest new topics in today's industry, and Tenable's VP of Cloud Engineering, Christos Kalantzis, is here to give you the breakdown - and how to pronounce it! We have global openings if you want to learn it: https://careers.tenable.com/kubernetes
Views: 42174 Tenable
Learn how to easily create compliance and system hardening policies in Nessus v6!
Views: 16364 Tenable
Jay “Saurik” Freeman (@saurik), developer of Cydia, the alternative to the App Store for jailbroken iPhones, is passionate about vulnerabilities. At the 2015 Black Hat Conference in Las Vegas, we spoke to Saurik about how his passion for vulnerabilities generates the same sense of wonderment as watching a magician. When a magician does a trick, he makes you believe he’s doing one thing, but he ends up doing something else. Security researchers are doing similar magician-like behavior when they’re exploiting vulnerabilities. In a show of bravado, they’ll create a sequence of events that you thought were impossible. I asked Saurik if he knew why so many companies who are aware of vulnerabilities take months to fix the bugs. One problem, is that they’re not set up to differentiate between important and unimportant bugs. Because they can’t make a decision internally, bug fixes end up languishing. Then there are some companies that do know about bugs and they fix them quickly, such as Google, said Saurik, but they rely on third parties to get that bug distributed. Google’s failure to distribute the bug fixes to the panoply of Android devices compounds a simple problem into an ever growing problem. The known bug has a second life as it gets installed on new Android devices months, if not a year, after the vulnerability was originally exposed. These zero day vulnerabilities end up living on as “forever day” vulnerabilities.
Views: 4105 Tenable
This video will provide you with an introduction to Nessus 4.2, the latest version of the popular vulnerability scanner. It will introduce some of the new features and show you the basics of logging in to the web interface, creating users, policies, launching a scan, and reviewing the results. The new Nessus client comes to us in the form of a Flash-based web application.
Views: 117889 Tenable
This video shows you how-to get started using the Nessus vulnerability scanner, including: Where to download Nessus Introduction to policies, scans, and reports Performing an asset discovery scan Running a network-based vulnerability scan Configuring a patch uditing scan Performing a configuration audit Detecting sensitive data (SSN & credit cards) Running web application tests Reporting & filtering Risk analysis and compliance (PCI DSS)
Views: 213313 Tenable
“I like to measure the performance of the team,” said Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 Black Hat Conference in Las Vegas. “I like to see metrics about people, about process, about technology. There isn’t one metric that works since it’s such a complicated and moving target… right now companies have to use the data that they have to figure out if their teams are effective.” Schneier feels that certain metrics, such as blocked attacks, don’t really provide a gauge of how secure you are. “Metrics can tell any story. Question is what story do you pull out of the data? Right now my worry is there’s too much data, too many metrics. You can say anything,” said Schneier. “But really, you’re making up a story with the data.” What you really need to do is measure the team’s performance. How are they doing? “If you can measure when and if your team responds and how they respond and how they react and how fast they close serious incidents then maybe you have something,” said Schneier who realizes that a lot of current metrics aren’t that useful. “How do you measure how effective you’d be against a Sony-like attack? You kinda can’t.” Here at Tenable we try to help security teams explain to the business their current state of security. It’s a hard thing to define, and it’s even harder to communicate. “There aren’t any really good pithy ways for the CISO to tell the board we’re doing OK, we’re not doing OK. It’s going to be gut. You’re going to stories instead of data,” said Schneier. “But there is this disconnect because it’s such a technical topic and the board really wants a soundbite.” FUTURE OF ENDPOINT SECURITY I shifted the conversation with Schneier to talk about endpoint security, and asked him how vigilant he felt we are with the proliferation of devices. “I worry less about computers and more about the cheaper devices – phones and the embedded devices, the Internet of Things. The endpoint security there is really terrible,” said Schneier. For all the unknown devices that perpetuate our networks, Schneier pointed out two competing visions. The first is requiring minimum standards for devices on the Internet. Any such requirements seem difficult if not impossible to enforce. The other, which seems more plausible, said Schneier, is that the network needs to be smarter. The reality is there are always going to be unknown devices on every network. The goal is to get security in spite of that.
Views: 1150 Tenable
Nessus is an enterprise tool when used with Tenable's SecurityCenter, Passive Vulnerability Scanner, and Log Correlation Engine.
Views: 4457 Tenable
How to enable and use the Nessus plugins which identify mobile devices and vulnerabilities from your MDM (Mobile Device Management) servers.
Views: 12707 Tenable
Whether it's your first year attending or you're a seasoned conference-goer, we wanted to share some tips that we learned along the way. If you're interested in working in Cyber Exposure, get ahead of the crowd and check out our open jobs here: https://careers.tenable.com/grace-hopper-celebration-2018
Views: 1518 Tenable
Tenable Research discovered a critical vulnerability named Peekaboo permitting remote code execution in IoT network video recorders for video surveillance systems that would allow attackers to remotely view feeds and tamper with recordings. Here's an overview of how it works. Learn more on the Tenable blog: https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
Views: 2322 Tenable
The Only Integrated Vulnerability and Threat Management Platform For Instant Analysis and Rapid Response. Monitor 100% of all assets, 100% of the time. If you are seeing a blank video: Go to http://www.youtube.com/html5 and Request HTML5 Player instead of Adobe Flash Player on Safari and Firefox
Views: 2370 Tenable
“It’s the best thing in the world. It’s like having the shiniest toy on Christmas,” said Neil “Grifter” Wyler (@Grifter801), of what it’s like to set up, run, and thwart off hackers from penetrating the NOC (network operations center) at the 2015 Black Hat Conference. The NOC at Black Hat is responsible for all network operations at the conference. This includes the training, briefings, and conference wi-fi. Wyler is one of the leads in charge of setting up the NOC. This year is the first year they’ve opened the doors of the NOC to the public, so anyone can see what they’re doing. They’re literally in a glass cage and onlookers can come by and gawk. Not everything is necessarily appropriate for the public such as IP addresses (which had to be hidden before I began filming), silly behavior, and sleeping on the floor. Luckily, this year there was a significant upgrade and Wyler and his staff will be sleeping on couches.
Views: 4333 Tenable
When the Nessus vulnerability scanner identifies a virus, the logs and network activity associated with the infection can be analyzed by Tenable's Log Correlation Engine. In this example, a target system is infected with GameVance adware and logs from the Windows system as well as network traffic are analyzed with the Log Correlation Engine.
Views: 4258 Tenable
In this segment we talk about how Nessus supports scanning, auditing, and patch checking for several different firewall and router platforms. We also discuss how you can integrate Nessus with your patch management systems.
Views: 2802 Tenable
“As a business or as an individual you have to make a choice. Should I do this thing, whatever it is, on my computer and on my network or on a cloud computer on a cloud network,” asked Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 RSA Conference in San Francisco. Whatever you choose, you’re going to be making a tradeoff. Schneier recommends you first look at who your adversaries are. “If your adversaries are a cybercriminal I bet Google can do a better job at securing your stuff than you can. If your adversary is the U.S. government, Google will respond to court orders and not tell you about it, so maybe you’re better keeping it. It’s going to depend on what you’re worrying about,” said Schneier, who runs his personal email on his own computers, not so much for security reasons, but for control. He doesn’t want Google looking at his email or sending him advertising. Schneier understands that by hosting his own mail versus cloud-based mail will mean he’ll have to give up the ability to have access to his mail from any device and the ability to use Google’s anti-spam and Gmail features. In exchange, Schneier gets to use Eudora, his favorite email program. Plus, he can read his email on airplanes. For him that’s much more important. For a lot of people it’s not. If your business is moving to the cloud, you’ll have to ask similar questions. “Business service is the same way. You put stuff on the cloud you get a lot of benefits. You get a lot of benefits of the cloud services, the management of interactions among customers, you lose the ability to control it locally. Now for a lot of applications and a lot of businesses, that’s a really good trade off. It’s more reliable, it’s cheaper, it’s more feature rich, and you don’t have to manage it. That’s a plus. You don’t what country your data is in, maybe. That could be a minus. You don’t know what governments are accessing it. That could be a minus. For most companies I don’t think they care very much. It really depends on who your adversary is, what you’re worried about, and what your tradeoffs are,” said Schneier. Check out Schneier’s full video in which he talks about cloud computing trade-offs. I decided to keep a couple of other conversations we had about people’s exhaustion with security warnings and what management needs in order to make decisions about security.
Views: 671 Tenable
Demonstration video of Tenable's Log Correlation Engine for log search of normalized and un-normalized logs. Video shows search of Windows event logs, SSH authentication, router and network traffic.
Views: 5299 Tenable
This video provides information on how to perform Nessus vulnerability scans on a schedule, email the reports to the appropriate people, and modify the results.
Views: 8807 Tenable
At Tenable, we pride ourselves in having one of the premiere internship programs in the DMV area. Hear the story of our Sales Operations Intern, Konrad. To learn more visit: http://www.tenable.com/careers
Views: 363 Tenable