Tenable Network Security Podcast Episode 205

Welcome to the Tenable Network Security Podcast Episode 205

Announcements

  • We're hiring! - Visit the Tenable website for more information about open positions.
  • Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
  • You can find links to subscribe to Tenable's Podcast feed, YouTube Channel, Twitter and Facebook accounts at http://www.tenable.com/podcast!

Discussion

  • Tenable Network Security Validated for PCI DSS 3.0 for VMware - What does this mean for Tenable customers? What does this mean for those who have virtualization and must be PCI compliant? Overall, how do Tenable products help organization's achieve PCI compliance? (quarterly external scanning, internal scanning, share results with the QSA, internal audit, risk and compliance teams, share results using Nessus Enterprise, audit files checking for PCI compliance, SC CV assigns asset owners).
  • Nessus Leverages Threat Intelligence from ThreatGRID - "Microsoft Windows Known Bad AutoRuns (Plugin id 74442), which detects the presence of advanced malware on endpoints based on threat intelligence from ThreatGRID. The threat intelligence includes Scheduled Tasks, AutoRuns, and other Windows Registry entries" How does ThreatGRID further help organizations get a handle on malware? How can organizations better use threat intelligence to prevent breaches?
  • Detecting the Amazon Web Services Cloud Attack with Nessus - "On June 17th, a planned attack against hosting provider, Code Spaces, brought the company to its knees and resulted in the company shutting down its business." How do Tenable products help? What visibility into cloud services do we provide? Why is this important?
  • Detecting Credit Cards, SSNs and other Sensitive Data on UNIX/Linux Systems - This new feature brought up some great points about sensitive data. It's interesting, as we debated some terminology, and realized that our checks go beyond just one or two categories of data. Also, we've added support for LUHN checking on both UNIX/Linux and Windows platforms. For PCI, this is critical, ensuring cardholder data is not accessible while at rest on your systems is a compliance violation. What are some other types of data you could look for and why is it important?

Security News Stories

  1. Got a botnet? Thinking of using it to mine Bitcoin? Don't bother
  2. Major SSL flaw found in iOS, OS X
  3. Own goal as World Cup Wi-Fi passwords spilled in newspaper snap
  4. Attackers fling Stuxnet-style RATs at critical control software in EUROPE

More from the Tenable Blog