Tenable Facilitates Detection of OpenSSL Vulnerability Using Nessus and Nessus Perimeter Service

by Jeffrey Man on April 9, 2014

Facilitate easy detection of the OpenSSL Heartbeat vulnerability in your enterprise Tenable Network Security® released plugins for the detection of the OpenSSL heartbeat vulnerability (aka the “Heartbleed Vulnerability”) on the 8th of April for Nessus® and the Passive Vulnerability Scanner™ (PVS™). A plugin for detecting the vulnerability in Apache web server logs has also been added to the Log Correlation Engine™ (LCE™) and available for reporting in SecurityCenter™ and SecurityCenter Continuous View™. Details about the vulnerability can be found in a blog by Tenable’s Ken Bechtel, Beware of...

Tenable Launches “Straight Talk About PCI” Discussion Forum

by Jeffrey Man on December 19, 2013

Have you ever tried to navigate the PCI website and gotten lost and confused? Are you part of the 99% of companies that must traverse the PCI Compliance landscape as part of the “Self-Assessment” or “do-it-yourself” crowd? Have you been overwhelmed by vendor claims of “PCI made easy” or “PCI Compliance in 10 minutes” or “PCI in a Box”? Does it bother you that the answers to your questions are often tied to the product/solution the vendor is selling? Are you the one with a burning question, but can’t seem to find the right person to ask? Have you asked the question and gotten the trademark “...

The Exploitation of Exploit Frameworks

by Paul Crutchfield on June 24, 2013

At the recent Gartner Security and Risk Summit, one of the presenters recommended using an exploit framework to prioritize vulnerabilities. The idea is to use the exploits to automatically verify vulnerabilities as part of the vulnerability management process. Simple in theory, bad in practice. Tenable’s developers spend a lot of time tuning our scanning technology to yield accurate and effective results without adversely impacting our customer network infrastructures. Exploiting vulnerabilities works against this and introduces undesired political ramifications for our customers. Nessus is...

Prove You’re Watching 100% of your Network

by Ron Gula on June 11, 2013

How hard is it for you to prove that you are performing vulnerability scans, network monitoring and log analysis for 100% of your network? If your organization hasn’t automated this process, or it is relying on periodic manual processes, chances are you are blind in some areas and don’t know it.

Log Correlation Engine 4.2 Released

by Jack Daniel on May 29, 2013

Tenable has released the Log Correlation Engine, version 4.2. This major release provides several significant new features and enhancements, including: Automatic Asset Discovery Assets are detected and identified through inspection of log files. Logs from systems including DNS and DHCP servers, firewalls, and web filters will include information on all devices actively communicating on the network. LCE 4.2 uses this information to deliver complete asset discovery. User Account Enumeration User accounts are continuously discovered through log analysis and are identified for audit and reporting...

Why is outcome based security monitoring so critical with “Big Data”?

by Manish Patel on December 10, 2012

At the recent 2012 ITSAC conference in Baltimore, John Streufert, the Director of the National Cyber Security Division of DHS, outlined five recommendations for achieving continuous monitoring. These were: Scan daily, at least every 36 to 72 hours Focus on attack readiness Fix daily Grade personally Hold managers responsible While the above are a key component of the government’s CyberScope program, which mandates monthly reports, many organizations internally perform real-time or near daily security assessments. Yet, this becomes overwhelming with “Big Data”. As a result, many organizations...

Monitoring the Life of a Java Zero-Day Exploit with Tenable USM

by Randal T. Rioux on October 25, 2012

Not too long ago, CVE-2012-4681 (US-CERT Alert TA12-240A and Vulnerability Note VU #636312) was issued for a flaw discovered in Oracle Java (JDK and JRE 7 U6 and before), as well as version 6 U34 and before. This is a client-side vulnerability, which requires a user to initiate activity to be exploited. I will avoid dissecting the flaw in detail, as this information is widely available on the Web (a particularly good write-up is here ). Keep in mind that Java is platform independent, and so is this exploit. The example here uses Internet Explorer on Windows 7 (with Java SE 7u3). However, Linux and OS X users shouldn’t feel excluded on this one! With Tenable's Unified Security Monitoring (USM) platform, comprised of SecurityCenter (SC), the Passive Vulnerability Scanner (PVS), and the Log Correlation Engine (LCE), we can track this exploit from start to finish.

Remote Access Woes: Microsoft Windows Remote Desktop Protocol (RDP)

by Paul Asadoorian on June 15, 2012

The Trouble with Remote Access Remote access protocols are certainly one of the long-standing topics discussed when it comes to information security. Most security practitioners have had to deal with the threats and risks posed by the wide range of protocols used to remotely manage and access systems, including Telnet, SSH, RDP, and even third-party providers such as GoToMyPC. Convenience is heavily weighed against security, as users and administrators require access to the systems, yet security in the forms of authentication and encryption seemingly "get in the way." This debate has come up in my career more times than I care to remember. When I first set out to help make systems more secure, one of the first actions I proposed was to remove Telnet from all of my UNIX (Solaris and Linux at the time) systems. Turns out it was a valuable lesson for me as I learned that while technically not so challenging, convincing 25 or more developers that they had to use an SSH client rather than the built-in Telnet utility was the most challenging aspect of that project. The same debate occurred later in my career when I was tasked with helping the newly-created Windows systems administrators group secure their brand-new Windows domain environment. I had a similar conversation about Microsoft Terminal Services, which uses the RDP (Remote Desktop Protocol). At the time, in the default configuration, an attacker could perform MiTM attacks to obtain the username and password, in addition to logging the keystrokes sent to the systems being managed. Again, technically there was an easy fix (change some settings on the servers, and use a compatible client on the management systems). However, the real challenge was persuading the administrators to make the switch, as they had always just used the default configuration and, by their own account, "nothing bad ever happened." In this case, I had to use a demo and perform an attack, with permission, of course, against an administrator. Once they saw it, the progression to a properly-configured and more secure RDP implementation was underway immediately.

Annoy, Attribute, and Attack

by Dale Gardner on May 28, 2012

Annoy, attribute, and–with care–attack the attackers who are attacking you. In this RSA presentation, Tenable Product Evangelist and PaulDotCom Host Paul Asadoorian is joined by colleague John Strand to discuss and demonstrate Offensive Countermeasures: Making Attacker's Lives Miserable. Watch now on YouTube.

Predicting Attack Paths

by Ron Gula on April 2, 2012

Tenable has published a technical paper titled “ Predicting Attack Paths ” that describes how to leverage active and passive vulnerability discovery technology to identify in real-time Internet facing services, systems and clients on your network that can be exploited in a variety of scenarios.