Edits and Contributions: Paul Asadoorian
The transition to cloud services is well underway, bringing with it traditional and new security challenges. Nessus is evolving to address these challenges. Unlike traditional environments, cloud services require a modified approach to scanning - users can't simply point their scanners to services such as Amazon AWS, and not expect to be throttled, if not outright blocked.
Facilitate easy detection of the OpenSSL Heartbeat vulnerability in your enterprise
A recently discovered vulnerability, identified as Common Vulnerabilities and Exposures (CVE) CVE-2014-0160, but more commonly called HeartBleed Vulnerability, has been acknowledged by the Open SSL Organization and the Finnish Cert Team. This is an attack against the transport layer security protocol (TLS/DTLS) hearbeat extension.
NIST’s Cybersecurity Framework (CSF) is likely to become the basis for what's considered commercially reasonable in regards to securing an organization’s infrastructure. For this reason alone companies should pay close attention to the CSF and, even if they don’t follow it completely, should at least understand where they are deficient and why.
This maintenance release addresses the following issues:
Improvements were also made including:
In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs and funding requests.
When you start your metrics program, you will find that a great deal of information can be gleaned from existing data that gets stored in various places....