Tenable in the News

Face-off: Who should be in charge of cybersecurity?

by Paul Asadoorian on June 1, 2009

In a recent video interview Bruce Schneier, CTO of BT Global Services, and our very own Marcus Ranum, CSO here at Tenable Network Security discussed the new cybersecurity czar position and how it may, or may not, help to improve the overall state of information security. Download the full video and listen to Bruce and Marcus discuss their different viewpoints on the issue.

Cloud Computing Security

by Ron Gula on January 12, 2009

I was recently asked by Carpathia Hosting to contribute to an eBook being written by their CTO, Jon Greaves. The book is titled 'The Datacenter of the Future'. The initial chapter describes the evolution of security and privacy as we've progressed from issues such as the Morris worm of 1988 to today's "it's in the cloud" attitude. There are some very good insights in the chapter which explain how the past evolution of technology will influence the types of offerings ISPs and hosting companies will provide in the next decade. My contribution was to answer specific questions on how cloud...

Risky Business #85 Podcast - Metasploit, IPv6 and Marcus Ranum

by Ron Gula on October 28, 2008

Episode #85 of Risky Business is now available and features an interview with Tenable's CSO Marcus Ranum. Also featured are a discussion with H.D. Moore about Metasploit 3.2's new features and license as well as a senior Microsoft executive who discusses last weeks out-of-band MS08-067 patch release.

Risky Business #66 -- Interview with Marcus Ranum

by Ron Gula on June 18, 2008

Episode #66 of IT Radio 's Risky Business is now online. This installment features a discussion of smart phone security, wireless complacency issues, forensics for mobile devices and a discussion of this week's information security news stories. Tenable's Chief Security Officer, Marcus Ranum, is also interviewed regarding the effectiveness (or lack thereof) of penetration testing. including some of the negative impact it can have on employee morale. The MP3 audio stream can be downloaded here . To play the recording in your browser, visit the show link here .

CIO Blogathon - Open Source in the Enterprise

by Ron Gula on May 29, 2008

I recently got invited to contribute to a new blog at CIO online about open source in the enterprise. User's of Nessus know that Tenable focuses on as many platforms as possible to test for security issues, including open source OSes like SuSE, Red Hat and FreeBSD. Nessus is also available for many of these platforms. Our enterprise customers also know that we take logs from Apache, MySQL, Sendmail and many other open source applications very seriously. This is something new for CIO, but other contributers include folks from IBM, MySQL, the 451 Group, Novell and many other users who manage or...

Risky Business -- Episode #59

by Ron Gula on April 23, 2008

Tenable Network Security recently began sponsoring the Risky Business podcast with Patrick Gray. Episode 59 is now online. This latest installment includes: A review and commentary of the week’s security news. Jeremiah Grossman of Whitehat Security talks about some of the very latest web vulnerabilities including Cross Site Request Forgery attacks. Patrick Gray interviews me about Tenable, our work in the logging and correlation space and the Nessus vulnerability scanner. If interested in the podcast, it is at the following link: http://www.itradio.com.au/security/?p=68

A big red 'X'

by Ron Gula on November 13, 2007

I was recently forwarded a link to a BBC video which demonstrates how a user on a wireless network can attack another user and break into their system. In the video, the attacker uses Nessus and Metasploit to identify some security issues in the remote computer, and then break into it. My favorite line is when the analyst points to the "big red X" in the Nessus report and says that "here is a problem". If only it were this simple when managing 1000s of computers or more in a large enterprise. I would have rather seen them speak about how monitoring an unsecured wireless network can passively...

SC Magazine Awards Time

by Ron Gula on October 15, 2007

It's time once again to vote for your favorite security companies and products with SC Magazine.Tenable has submitted the Nessus 3 Vulnerability Scanner for the 'Best Audit/Vulnerability Assessment' award as well as the Tenable Security Center and Log Correlation Engine solution for the 'Best Event Management' award. If Tenable has helped your organization manage its security and compliance, or helped your service provide value to its customers, casting your vote at SC Magazine can help recognize the hard work, research, support and development performed by Tenable employees every day. To...

Tenable products Officially in Common Criteria Evaluation

by Ron Gula on April 4, 2007

On March 21st, Tenable announced that our products were officially under NIAP Common Criteria evaluation. Tenable is scheduled to complete the certification this year. This was good news to our United States DOD customers, but we also received a wide variety of feedback and comments which is the focus of this blog. Common Criteria in the DOD If you are not familiar with the concept of NIAP, the DOD can only officially acquire products that have gone through this sort of evaluation. In reality, organizations can get a waiver if they want to purchase something that has not been certified. Most...