Tenable Events

Tenable Awarded Common Criteria Certification EAL2+

by Jennifer Collis on November 15, 2012

We are pleased to announce that Tenable Network Security has been awarded Common Criteria certification, again meeting the rigorous security requirements defined by the Common Criteria for Information Technology Security Evaluation. Tenable’s Unified Security Monitoring (USM) platform has been certified under Common Criteria (CC) Evaluation at Evaluation Assurance Level Two Augmented with Flaw Remediation (EAL2+). The Target of Evaluation (TOE) includes all the elements that comprise a full deployment of Tenable’s USM platform, including SecurityCenter, Nessus vulnerability scanner, Log...

DerbyCon 2012 Nessus User Group Meeting

by Paul Asadoorian on October 3, 2012

DerbyCon 2.0 - The Reunion While I'll do my best not to get "all sentimental," it seems you just can't help it when you're writing about the DerbyCon security conference. DerbyCon takes place each September in Louisville, KY, and has grown to house over 1500 hackers and security professionals in a relaxed and fun environment. There was plenty to do, including visit the lock pick village, be transformed into a zombie by a professional make-up artist, attend a wide array of talks, and much more. The conference truly feels like you're getting together with your friends and family. Throughout the entire conference, even through the wee hours of the morning, folks were gathered in the hallways and lobbies talking about security, educating each other, and sharing ideas. The presentations received excellent reviews, and ran the gamut from big-name speakers, such as Jeff Moss and Kevin Mitnick, to lesser-known folks sharing some cutting-edge research. If you want to read more about DerbyCon, you can visit their web page and view videos of all the talks on Irongeek's website .

Black Hat 2012

by Paul Asadoorian on August 1, 2012

Conferences Fuel Your Passion Few things spark your passion for information security the same way as a conference. It’s inspiring to talk to so many different people in the industry and listen to a variety of talks, all in one place. I had the chance to personally meet many readers of the Tenable blog and listeners of the Tenable podcast. I also heard some great talks as well. Here are some highlights. Smashing the Future for Fun and Profit I was really excited to see the folks on this panel come together and "talk shop." It’s a rare opportunity to see Jeff Moss (Dark Tangent), Adam Shostack, Marcus Ranum, Bruce Schneier, and Jennifer Granick all share the same stage! This did not happen by chance, as this panel brought back five of the original speakers Jeff Moss assembled at the first two Black Hat conferences held in 1997 and 1998. I've had the unique opportunity to interview each of the 2012 panel members individually, so I was particularly interested to see how their thoughts, ideas, and opinions would converge. I was not disappointed. The topics ranged from software security, the government’s role in security, consumerism and how ease of use impacts security, the vulnerability market, and so much more. Jennifer Granick was an outstanding moderator (which was not an easy task by any stretch!). The big question for me was, “What changed?” Jeff had a great anecdote. He said we don't really solve the problems, but we just run away from them and they seem to go away. We've just been able to run faster. I reviewed the topics presented at the first Black Hat conference in 1997 , and I couldn't agree more. Vulnerabilities in TCP/IP, secure coding, and over-reliance on firewalls all made the list — topics we still discuss, and problems we still run from today.

Decoding IPv6: Four Misconceptions that Security Execs Need to Know

by Ron Gula on February 29, 2012

IPv6. It’s big, unavoidable, exciting, and concerning… The Internet protocol that we’ve come to know and love (IPv4) is about to get a facelift (or, at least a serious shot of HGH). The tech community is bracing for a wild ride ahead -- guaranteed to be riddled with successes, failures, and security snafus as IPv6 is rolled out. In fact, we just saw the first DDoS attack targeting IPv6 networks earlier this month -- making this a very timely topic.

Not All ‘Cybers’ Are Created Equally

by Susan Brown on February 29, 2012

By Marcus Ranum, Tenable CSO What do these four terms have in common? Cyberwar, Cybercrime, Cyberespionage, and Cyberterror. They all start with the word ‘Cyber’ They’re all bad stuff And they’re all consistently confused with each other, despite significant differences (and sometimes conflicts) between them Many people already know my position on ‘Cyberwar’ but things have changed significantly over the past four years in IT and physical security, technology, the government, and the military. The actual ‘Cyber’ landscape is much more nuanced than many seem to realize, which has created an unnecessary public perception of extreme vulnerability (which can lead to fear, which can be dangerous).

At RSA: New data reinforces intimate stories of career stress and burnout

by Jack Daniel on February 24, 2012

In the last year, I’ve been part of a panel of security experts that has gathered at various security events to share what we’ve learned about stress and burnout in the IT security industry, and to help people identify when they, or somebody they know, are at risk. We’ve conducted surveys to find out more about these risks and their causes, but the heart of these sessions are the compelling anecdotes from the security professionals who share personal stories of depression or anger, as well as their scars, both emotional and physical. Our presentations and discussions have been a developing project, each session building off of what we learn at every event before it. I’ll be moderating a panel again on this topic at RSA, and we will be revealing original research on career burnout and the causes of stress for security professionals.

Tenable Network Security Showcase - Chicago 2011

by Paul Asadoorian on November 1, 2011

Join Tenable co-founders Ron Gula and Renaud Deraison, along with Tenable CSO Marcus Ranum and Product Evangelist Paul Asadoorian for a private network security event on November 16, from 8:00 am to 2:00 pm at the Whitehall Hotel in downtown Chicago. Topics we will discuss during this FREE event include: Taking Scanning to the Next Level: How Adding Passive Scanning to your Active Scanning Strategy can Change your Insight to the Enterprise Advances in the state-of-the-art of SIEM: Adding Policy-Centric Knowledge Assessing Web Applications in the Enterprise: Integrating System, Network, Logs...

Black Hat 2011: The Rise Of The Machines

by Paul Asadoorian on August 10, 2011

I attended the Black Hat Briefings this year after teaching the "Advanced Vulnerability Scanning Using Nessus" course. There were several really great presentations covering a wide range of topics. My only wish is that I could have cloned myself and attended more of the talks! Following is a recap of the presentations I attended: Tenable CEO/CTO Ron Gula presenting in the vendor area at Black Hat, showcasing SecurityCenter, the Passive Vulnerability Scanner, Nessus, and the Log Correlation Engine being used together to detect targeted attacks against systems. Don Bailey - War Texting Weaponizing Machine 2 Machine Several of the presentations this year centered on the topic of embedded systems. This is right up my alley, as I've always had a fascination with embedded computing. Don gave some great examples of embedded systems, including:

Advanced Vulnerability Scanning Using Nessus Course

by Paul Asadoorian on June 30, 2011

We are excited to announce that SANS is partnering with Tenable Network Security to bring you “Advanced Vulnerability Scanning Techniques Using Nessus” as part of the SANS Hosted Series of courses. This class is part of a brand new series of vendor specific classes SANS is offering to compliment your needs for training outside of SANS vendor neutral courses.