Tenable Blog

Every major breach starts with a reconnaissance effort, which usually involves a port scan. It’s therefore safe to assume that port scans are the most likely precursor to an attack, and yet results from a port scan are rarely viewed with the same level of urgency as some other high profile vulnerabilities. It’s time to take a different approach and to have a policy-based approach for open ports.

The result from a port scan is just another result buried under a million other results

Traditionally, business executives have been concerned with revenue, market share, competitive threats, expenses and economic indicators. Today, inundated with frequent headlines about high profile security breaches, cybersecurity has joined their list of concerns. Executives need to know if their organizations are managing cyber risk effectively, and they must be able to communicate that information upward to their board members who have the responsibility for risk oversight.

“As a business or as an individual you have to make a choice. Should I do this thing—whatever it is—on my computer and on my network or on a cloud computer on a cloud network,” asked Bruce Schneier (@schneierblog), CTO of Resilient Systems, Inc., in our conversation at the 2015 RSA Conference in San Francisco.

Whatever you choose, you’re going to be making a trade-off. Schneier recommends you first look at who your adversaries are.

The perception that you only need to monitor traffic that’s happening on your network is extremely limiting, since customers are communicating “out of band” on many channels—such as Wi-Fi and Bluetooth—that you may not be monitoring, said Jayson E. Street (@jaysonstreet), infosec ranger at Pwnie Express in our conversation at the 2015 RSA Conference in San Francisco.

At the 2015 Security B-Sides conference in San Francisco, I caught up with Dave Lewis (@gattaca), global security advocate for Akamai, and Bill Brenner (@billbrenner70), senior technical writer for Akamai, for a conversation about big cloud mistakes. Here are their four suggestions on what to avoid.