Malware’s Journey from Hobby to Profit-Driven Attacks

by Ken Bechtel on March 24, 2014

While most of my posts focus on malware attacking systems today, the history of malware is a fascinating topic that provides insights into the current landscape. As one of the authors of the Avien Malware Defense Guide , I contributed to the book's chapter on history and will be leveraging and...

Announcing Tenable SecurityCenter CV Version 4.8

by Aarij Khan on March 20, 2014

Tenable is excited to announce the general availability of SecurityCenter Continuous View (SC CV) version 4.8. This latest update to the SecurityCenter product family is the latest step in Tenable’s history of innovation and market leadership. SecurityCenter CV 4.8 is the first product in the...

SANS ICS Summit 2014 Conference

by Paul Asadoorian on March 20, 2014

I've been in the security community for quite some time (15+ years in fact). And while that's not world record, I have heard more than my fair share of security horror stories. Everything from crashing entire server farms to wiping out email for large organizations, and those are just my own horror stories. I knew there was a gap between security and the ICS world, but it goes deeper than that. Devices, systems and software we label "control systems" have a lot of responsibility. They run the electrical grid, water supplies, and oil supplies of the world. And while strides have been made to improve ICS security, we still have a ways to go. Conferences such as this one, well attended by those responsible for security in ICS/SCADA environments, itself is comforting.

Auditing Network Devices Without Scanning

by Jack Daniel on March 18, 2014

Nessus can now perform configuration auditing against device configuration files, rather than the systems themselves. Users can make proposed changes in the configurations and test the security of the changes before they go into production, making it easier to test and deploy securely configured devices throughout the network

Wrangling Snakes

by Ken Bechtel on March 13, 2014

Ken Bechtel inaugurates the Tenable Network Security, Inc. Indicators of Compromise and Malware discussion group with advice on how to detect Uroburos aka snake compromised Windows host on your network. He addresses both file and registry modifications as well as network traffic in order for the best chance at detecting compromised machines.

Security Metrics: What is a "Metric"?

by Marcus J. Ranum on March 13, 2014

In this blog series on SecurityWeek, Tenable CSO Marcus Ranum advises security professionals on how they can create and share metrics in their jobs. These metrics can create better understanding and awareness about the success of their approaches, as well as allow them to build support for programs...

Taking Nessus Perimeter Service to the Next Level

by Jeffrey Man on March 11, 2014

There are several organizations who fit the mold of having just one Nessus scanner. The fact that they own and operate just one scanner is fantastic, it means they have the capability to discover vulnerabilities in their environment, and for most small to mid-sized companies can perform internal scans on a regular basis and react on the results.

New Nessus MDM Integration: MobileIron

by Paul Asadoorian on March 11, 2014

Nessus now supports the MobileIron MDM platform. This new support complements Nessus' existing MDM platform support for Apple Profile Manager, Microsoft Exchange via Active Directory, and Good Technology Good for Enterprise.