Nessus 5.2.6 is now available for download.
While most of my posts focus on malware attacking systems today, the history of malware is a fascinating topic that provides insights into the current landscape. As one of the authors of the Avien Malware Defense Guide, I contributed to the book's chapter on history and will be leveraging and expanding on some of that content here to give context to where we are today.
With the new compliance plugin and audit file for the Brocade Fabric OS (FOS), Tenable customers can now audit their Brocade FOS configurations for industry best practices and a number of different checks.
Tenable is excited to announce the general availability of SecurityCenter Continuous View (SC CV) version 4.8. This latest update to the SecurityCenter product family is the latest step in Tenable’s history of innovation and market leadership. SecurityCenter CV 4.8 is the first product in the industry to integrate vulnerability, threat and compliance management, introducing several features that enable security teams to accelerate security forensic analysis and incident response.
I've been in the security community for quite some time (15+ years in fact). And while that's not world record, I have heard more than my fair share of security horror stories. Everything from crashing entire server farms to wiping out email for large organizations, and those are just my own horror stories. I knew there was a gap between security and the ICS world, but it goes deeper than that. Devices, systems and software we label "control systems" have a lot of responsibility. They run the electrical grid, water supplies, and oil supplies of the world. And while strides have been made to improve ICS security, we still have a ways to go. Conferences such as this one, well attended by those responsible for security in ICS/SCADA environments, itself is comforting.
Nessus can now perform configuration auditing against device configuration files, rather than the systems themselves. Users can make proposed changes in the configurations and test the security of the changes before they go into production, making it easier to test and deploy securely configured devices throughout the network
Ken Bechtel inaugurates the Tenable Network Security, Inc. Indicators of Compromise and Malware discussion group with advice on how to detect Uroburos aka snake compromised Windows host on your network. He addresses both file and registry modifications as well as network traffic in order for the best chance at detecting compromised machines.
In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs and funding requests.
There are many important and useful tools related to the metrics landscape; let's take a look at some of them and how they fit together. For the sake of this discussion, I'll stick with the definition of “metrics” that I offered previously:
There are several organizations who fit the mold of having just one Nessus scanner. The fact that they own and operate just one scanner is fantastic, it means they have the capability to discover vulnerabilities in their environment, and for most small to mid-sized companies can perform internal scans on a regular basis and react on the results.