Announcing Singapore MAS Technology Risk Management Dashboard

by Dick Bussiere
July 1, 2014

Tenable is pleased to announce a dashboard designed to assist our Singapore Financial Services Industry customers to comply with the Monetary Authority of Singapore Technology Risk Management Guidelines.

The Monetary Authority of Singapore (MAS) has published a refreshed set of Technology Risk Management (TRM) Guidelines. These TRM Guidelines have a strong regional and global impact, and now affect any organization that can be classified as a Financial Institution (FI), not just banks. Types of organizations impacted include:

Announcing SEC OCIE Dashboards for Financial Services

by Aarij Khan
June 11, 2014

Tenable is excited to release a set of dashboards, reports and components that help our financial services customers collect and document necessary data for the SEC Office of Compliance Inspection Examinations Risk Alert. The Risk Alert includes an Appendix that is a sample request for documents and information, which the SEC OCIE can use to evaluate the organization’s security program. This content leverages Tenable Network Security’s SecurityCenter Continuous View (CV) along with its Continuous Monitoring framework to ease the effort needed to follow the guidelines in the Risk Alert.

Understanding NIST’s Cybersecurity Framework

by Cris Thomas
April 8, 2014

NIST’s Cybersecurity Framework (CSF) is likely to become the basis for what's considered commercially reasonable in regards to securing an organization’s infrastructure. For this reason alone companies should pay close attention to the CSF and, even if they don’t follow it completely, should at least understand where they are deficient and why.

Announcing Tenable SecurityCenter CV Version 4.8

by Aarij Khan
March 20, 2014

Tenable is excited to announce the general availability of SecurityCenter Continuous View (SC CV) version 4.8. This latest update to the SecurityCenter product family is the latest step in Tenable’s history of innovation and market leadership. SecurityCenter CV 4.8 is the first product in the industry to integrate vulnerability, threat and compliance management, introducing several features that enable security teams to accelerate security forensic analysis and incident response.

ThreatConnect: Indicator for Suspicious Behavior and Malware

by Paul Asadoorian
February 19, 2014

Information about threats comes from many different sources. Several third parties, such as ThreatConnect, offer such information which can be used as indicators for suspicious behavior and/or malware in your environment. ThreatConnect technology can be integrated with Tenable's SecurityCenter and Nessus products as follows:

Detecting Snowden - The Insider Threat

by Paul Asadoorian
February 12, 2014

Tenable's scanning, sniffing, and logging products can comprehensively identify a variety of potentially malicious activity, including activity generated by malicious insiders like Edward Snowden. Tenable's SecurityCenter Continuous View solution can further automate the detection of events coming from scanners, intrusion detection systems, malware, compliance violations, and much more.

SANS 6 Categories of Critical Log Information

by Manish Patel
January 24, 2014

New Dashboard – SANS 6 Categories of Critical Log Information

The SANS Critical Controls are guidelines for strengthening an organization’s security defenses through continuous and automated monitoring.  The SANS guidelines continue to gain traction across all types of organizations and have demonstrated measureable reduction in security risk.

Tenable Launches “Straight Talk About PCI” Discussion Forum

by Jeffrey Man
December 19, 2013

Have you ever tried to navigate the PCI website and gotten lost and confused?

Are you part of the 99% of companies that must traverse the PCI Compliance landscape as part of the “Self-Assessment” or “do-it-yourself” crowd?

Have you been overwhelmed by vendor claims of “PCI made easy” or “PCI Compliance in 10 minutes” or “PCI in a Box”?

Does it bother you that the answers to your questions are often tied to the product/solution the vendor is selling?