Compliance Monitoring

Detecting the Amazon Web Services Cloud Attack with Nessus

by Manish Patel on June 20, 2014

On June 17 th , a planned attack against hosting provider, Code Spaces , brought the company to its knees and resulted in the company shutting down its business. In this case, the attacker gained access to the company’s Amazon EC2 control panel and left messages asking for reply back via email. The response to the email eventually triggered a Distributed Denial of Service (DDoS) attack with the attacker demanding a large fee for resolution. Once the hosting provider realized that that attacker had access to the AWS control panel, Code Spaces changed passwords to take back control of their...

Detecting Credit Cards, SSNs and other Sensitive Data on UNIX/Linux Systems

by Paul Asadoorian on June 16, 2014

Nessus, Nessus Enterprise and Nessus Enterprise Cloud users can now remotely scan UNIX and Linux systems for the presence of sensitive information such as credit/debit card numbers, SSNs, company confidential information, and more. What Can I Discover? New configuration auditing capabilities have been added for Nessus users to remotely check UNIX and Linux systems for the presence of sensitive information. This capability has been available on Windows systems for some time; you can refer to the blog post titled " Detecting Credit Cards, SSNs and other Sensitive Data at rest with Nessus " for...

Open and Secure? SANS Reports on the InfoSec Challenges of Higher Education

by David Schreiber on June 13, 2014

Earlier this year, SANS Institute agreed to coordinate a study of the state of information security in the higher-education sector. Tenable signed on as a co-sponsor of this research project and is eagerly anticipating SANS’ forthcoming report on this subject – the report will be shared with the public during a webcast at 1 pm ET on June 17. Register for the webcast . To add credibility and greater insight to the survey and report, SANS had Virginia Tech CISO and SANS instructor Randy Marchany co-author the report. Randy will also lead the June 17 webcast, which will feature Paul Asadoorian,...

Cybersecurity Is About Attitude, Culture -- Not Strictly Compliance

by Jeffrey Man on April 10, 2014

Posted originally on Wired, InnovationInsights blog How do you avoid becoming the Next Big Retail Breach Target? There are plenty of points — and counterpoints — on the topic. As a cybersecurity professional who has specialized in compliance with the Payment Card Industry (PCI) Data Security Standard for more than a decade, I have a great deal of thoughts to share. So consider this the first of a five-part blog in which I’ll lend my perspective about the state of systems protection in the retail industry — and how to safeguard your business. In all that I’ve read, there’s too much emphasis on...

Tenable Launches “Straight Talk About PCI” Discussion Forum

by Jeffrey Man on December 19, 2013

Have you ever tried to navigate the PCI website and gotten lost and confused? Are you part of the 99% of companies that must traverse the PCI Compliance landscape as part of the “Self-Assessment” or “do-it-yourself” crowd? Have you been overwhelmed by vendor claims of “PCI made easy” or “PCI Compliance in 10 minutes” or “PCI in a Box”? Does it bother you that the answers to your questions are often tied to the product/solution the vendor is selling? Are you the one with a burning question, but can’t seem to find the right person to ask? Have you asked the question and gotten the trademark “...

Nessus Audits HP ProCurve Routers

by Paul Asadoorian on November 26, 2013

A new plugin for auditing HP ProCurve routers is available for Nessus customers. Nessus allows you to assess the security of your configurations on HP ProCurve products, including routers, switches, and wireless access points.

Nessus Helps Harden FireEye Appliances

by Paul Asadoorian on November 22, 2013

A new compliance plugin for FireEye appliances is now available for Nessus customers. This new functionality allows auditing of FireEye instances against best-practice hardening guidelines, ensuring that the security appliance and the data contained therein is secure.