My Favorite Question to Ask Nessus Users
As Tenable CEO, I love to get all types of feedback from our customers. Nessus users give terrific feedback because they run Nessus everywhere and always have suggestions for features and improvements. When I get a chance to ask them about Nessus, I always ask them one question:
Have you ever found malware with Nessus?
If they say yes, then we can have a conversation about APT and bypassing anti-virus or even their sandbox. If an organization has an anti-virus program and deploys sandboxes, then Nessus finding malware is actually a significant event. It means that some set of known malware has bypassed the malware defenses. Even if the malware is minor to some extent, investigating how Nessus got it, why the resident anti-virus program didn’t find it, or why the sandbox didn’t see it can expose limits or holes in the security monitoring program.
If they say no, then we can have a conversation about their use of Nessus and if their deployment includes the use of credentialed scans. Normally, when I speak with a Nessus user who does not scan with credentials, they also aren’t taking advantage of malware auditing, patch auditing, configuration auditing, web application auditing, mobile device auditing or auditing cloud applications such as Salesforce.com.
Chances are, wherever you work, someone on your IT team is using Nessus. Feel free to make sure they are getting the most out of it and ask them what their experience has been; the answer may surprise you!
Related Articles
Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action
April 12, 2024Check out CISA’s urgent call for federal agencies to protect themselves from Midnight Blizzard’s breach of Microsoft corporate emails. Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. Meanwhile, SANS pinpoints the four trends CISOs absolutely must focus on this year. And the NSA is sharing best practices for data security. And much more!
Cybersecurity Snapshot: New Guide Details How To Use AI Securely, as CERT Honcho Tells CISOs To Sharpen AI Security Skills Pronto
January 26, 2024Cyber agencies from multiple countries published a joint guide on using artificial intelligence safely. Meanwhile, CERT’s director says AI is the top skill for CISOs to have in 2024. Plus, the UK’s NCSC forecasts how AI will supercharge cyberattacks. And a global survey shows cyber pros weighing pros and cons of AI. And much more!
Cybersecurity Snapshot: Are SBOMs on Your Supply Chain Security Radar Screen? Check Out New Recommendations from CISA and NSA
November 17, 2023The SBOM concept is still half-baked, but CISA and NSA want to help change that with new best practices for software vendors, developers and buyers. Plus, there’s new guidance about the Royal ransomware gang – as ransomware attacks grow. In addition, Google highlights a new typosquatting trend impacting cloud storage. And much more!
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
Tenable and Thales Collaborate to Provide Cyber Defense Simulations to Better Secure Operational Technology Environments
April 18, 2024The heart of the Welsh Valleys is home to the Thales Ebbw Vale campus, a world-class facility jointly funded by the Welsh government as part of its regeneration program for the region. At the core of the facility is the Cyber Range, a simulation and virtualization platform for training, testing, exercising and R&D. Tenable has joined the lineup of solutions used to run real world simulations in this controlled environment.
- Malware
- Nessus