DerbyCon 2012 Nessus User Group Meeting

by Paul Asadoorian
October 3, 2012

DerbyCon 2.0 - The Reunion

While I'll do my best not to get "all sentimental," it seems you just can't help it when you're writing about the DerbyCon security conference. DerbyCon takes place each September in Louisville, KY, and has grown to house over 1500 hackers and security professionals in a relaxed and fun environment. There was plenty to do, including visit the lock pick village, be transformed into a zombie by a professional make-up artist, attend a wide array of talks, and much more.

The conference truly feels like you're getting together with your friends and family. Throughout the entire conference, even through the wee hours of the morning, folks were gathered in the hallways and lobbies talking about security, educating each other, and sharing ideas. The presentations received excellent reviews, and ran the gamut from big-name speakers, such as Jeff Moss and Kevin Mitnick, to lesser-known folks sharing some cutting-edge research.

If you want to read more about DerbyCon, you can visit their web page and view videos of all the talks on Irongeek's website.

Nessus Users Unite

DerbyCon has become one of the best conferences to spend time with folks in the security community. So, for the second year in a row, Jack Daniel and I could think of no better place to host a Nessus User Group meeting. We filled the room with more than 40 folks interested in hearing about Nessus and Tenable's line of enterprise software.

Jack presented the Tenable product roadmap, which covered upcoming releases of Nessus, PVS (Passive Vulnerability Scanner), SecurityCenter, and LCE (Log Correlation Engine). There's some great stuff coming, so stay tuned to the Tenable blog for announcements. If you were one of the lucky ones to attend the user group meeting, you got a sneak preview of some of the upcoming features.

In my session, I presented a variation of the "Top Ten Things You Don't Know About Nessus," which included a review of some of the major new features, and some interesting use-cases for targeted Nessus scans. This edition of the presentation included discussions of the following topics:

  • Credentialed scans are important
  • Configuration auditing is cool
  • Low-hanging fruit taste good
  • Malicious processes are out there
  • Patch management integration is fun
  • You can “scan” mobile devices
  • Tuning Nessus to snipe web applications is better

The content was very well received by the audience. We got several insightful questions, discussed features associated with all Tenable products, and even covered some general security-related topics.

We're looking forward to holding more of these events, so stay tuned to the Tenable Newsletter and Blog for updates.