Nessus Amazon AWS Auditing Now Available

by Mehul Revankar
April 22, 2014

Edits and Contributions: Paul Asadoorian

The transition to cloud services is well underway, bringing with it traditional and new security challenges. Nessus is evolving to address these challenges. Unlike traditional environments, cloud services require a modified approach to scanning - users can't simply point their scanners to services such as Amazon AWS, and not expect to be throttled, if not outright blocked. 

Understanding NIST’s Cybersecurity Framework

by Cris Thomas
April 8, 2014

NIST’s Cybersecurity Framework (CSF) is likely to become the basis for what's considered commercially reasonable in regards to securing an organization’s infrastructure. For this reason alone companies should pay close attention to the CSF and, even if they don’t follow it completely, should at least understand where they are deficient and why.

PVS 4.0.2 is now available for download

by Sherry Quinn
April 2, 2014

This maintenance release addresses the following issues:

  • An expired PVS license or activation code sends the user to the Quick-Setup wizard to allow entry of the new license
  • Hosts with Internet facing vulnerabilities were missing the “External Access” tag
  • Filtering issue on the “Affected Host List” was fixed
  • Dependency issue causing some false positives was fixed
  • Improvements were also made including:

    True White-Knuckled Stories of Metrics in Action: Sylvan

    by Marcus J. Ranum
    April 2, 2014

    In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs and funding requests.

    When you start your metrics program, you will find that a great deal of information can be gleaned from existing data that gets stored in various places....