Security Strategy

When an outsider becomes a malicious insider

by Ken Bechtel
May 30, 2014

Paraphrasing what long-time penetration tester and computer security author Ira Winkler once told me, “When I do penetration tests, if I can’t get in by technical means I can always get in with social engineering.” While this may sound like advice to a fellow computer security specialist, or a warning to a network manager, it should also sound warning bells to anyone who uses a computer. By social engineering an outsider becomes a corporate insider, with all the authorities and risks.

What’s the Current State of IT Security in the Financial Services Sector? SANS Goes to the Source for the Answer...

by David Schreiber
February 24, 2014

When it comes to keeping up with advances in cybercrime, how is the financial services sector fairing? What impact are evolving regulations, industry standards, cloud services, BYOD, big data and escalating global cyber-threats having on the infosec practices and people tasked with keeping the sector secure?

To get some perspective on the current state of IT security among financial services firms, the SANS Institute completed a detailed industry-specific survey in early February 2014. Tenable co-sponsored the research project, which gathered results from over 400 respondents.

BYOD Auditing, Tenable Style

by Ron Gula
September 17, 2013

The recent release of SecurityCenter 4.7 allows organizations to combine network monitoring and MDM auditing to discover and audit all mobile devices in use, regardless if they are being managed, only used for email, or are connected directly to the network.

Adding Passive Vulnerability Scanning To Your Security ToolKit

by Ron Gula
September 16, 2013

The new PVS 4.0 annual subscription makes network monitoring available to a wide variety of security practitioners. This is a new type of product, and it has many highly-practical use cases. Read about several ways you can get your security work done quicker with PVS 4.0.

Are you Vulnerable to the IPv6 SLAAC Attack?

by Ron Gula
August 13, 2013

Recently, Neohapsis published a tool named “Sudden Six” to test if your network is vulnerable to the SLAAC attack. The tool leverages latent IPv6 connectivity that may be present in your IPv4 networked devices to alter the flow of traffic for collection and potential modification for targeted attacks.

The Critical Security Controls are Getting Traction

by Ron Gula
June 25, 2013

I’ll be honest – my first reaction when I heard about the SANS Consensus Audit Guidelines (CAG), was that our industry didn’t really need yet another framework or standard. But when I read them, I realized this was put together by experienced security professionals who all too often were successful on multiple occasions in breaking into systems during a penetration test at the same customer, or had to perform incident response for the same customer a third or fourth time.

Prove You’re Watching 100% of your Network

by Ron Gula
June 11, 2013

How hard is it for you to prove that you are performing vulnerability scans, network monitoring and log analysis for 100% of your network? If your organization hasn’t automated this process, or it is relying on periodic manual processes, chances are you are blind in some areas and don’t know it.

Is the Passive Vulnerability Scanner an Intrusion Detection System?

by Ron Gula
April 29, 2013

When I was at RSA earlier this year, I gave a variety of media interviews and product demos about Tenable solutions. I demonstrated Nessus detecting malicious processes and the Passive Vulnerability Scanner (PVS) providing an audit trail of all network activity that led up to the infection. I also showed how the Log Correlation Engine (LCE) correlated PVS logged DNS queries to known botnets.

The Big Red Button and the Kill Switch

by Marcus J. Ranum
April 25, 2013

I have no idea if I had a role in the "Internet Kill Switch" debacle, but it's possible that I was one of the pushes that got that particularly horrible ball rolling. Back in 2002, when I was between jobs, I did a talk at CSI in Chicago, about the need for organizations to be better able to react to attack, especially if they were part of critical infrastructure. At the time, I was concerned particularly with denial of service attacks; I had been thinking about them and had concluded that it's never going to be possible to completely prevent such attacks.