Tenable Blog

Tenable Network Security announced today it has established a strategic partnership and technology development agreement with In-Q-Tel. In-Q-Tel is the not-for-profit, strategic investment firm that works to identify, adapt, and deliver innovative technology solutions to support the missions of the U.S. Intelligence Community. Under the terms of the agreement, Tenable will develop secure audit and remediation capabilities that will assist intelligence agencies in continuously outpacing emerging cyber threats.

Passwords are Like Underwear, and It's Laundry Day

Perhaps one of the most easily overlooked security problems in the industry is password security. I'm not referring to the stored end-user password problems (discussed here), but the default (or weak) usernames and password combinations used to protect common administrative interfaces to applications and systems.

The problem stares us in the face every day, each time we log into a router, database management system, or remote access console and enter a password. Often we put a lot of time and effort into securing the end user-facing passwords, such as implementing account lockout password policies and forcing them to change their passwords at a regular interval. I find it ironic that the applications and devices used to run the organization often do not implement the same controls. Hundreds of applications and/or devices are known to be deployed with default passwords, and if not changed before or immediately after they are plugged into the network, can present serious risk to the organization.

Default credentials are considered "low-hanging fruit" for two reasons. First, they are easily exploitable by an attacker and can often lead to a serious security breach. Second, once you've identified the problem, it is easy to fix by setting a more secure password.

I am extremely pleased to announce that Tenable has received its first institutional round of funding: a $50 million investment from Accel Partners. The investment will help us continue to develop and improve our solutions and improve our customers’s experience.

Tenable celebrates its 10^th anniversary this month. During that time, we’ve made Nessus the number one trusted vulnerability scanner in the world with more than 1 million users across 150 countries. We did this though a combination working closely with our community and continually adding improvements to make our users’s lives easier and through our own innovation to push Nessus to do even more than vulnerability assessments. Today, Nessus not only detects vulnerabilities, it finds malware, botnets, credit cards, configurations that will get you hacked or fined and most recently, issues with your iPhone and Android devices.

Tenable’s SecurityCenter, our enterprise platform for Nessus, has also become the preferred enterprise security solution for nearly 1,000 enterprise customers including the entire U.S. Department of Defense. We have changed the vulnerability management paradigm through our unique combination of scalable network vulnerability monitoring, vulnerability scanning and log management. It has helped our customers break down traditional security silos, have a unified view of their security posture and respond quicker to incidents and audits than was previously thought possible. 

Earlier today, Tenable Network Security revealed it had been named as one of the fastest-growing private companies by Inc. Magazine in its annual Inc. 5000 ranking. We're proud to note Tenable's performance — 259% sales growth over a three year period — earned an overall ranking of #15 among security companies, and #19 in the metropolitan Baltimore area.

Announcements

• Tenable Network Security Unveils SecurityCenter Continuous View
• Tenable Network Security Receives Highest Rating of "Strong Positive" in Leading Analyst Firm Vulnerability Assessment MarketScope Report
• BYOD: Bring Your Own Devastation?
• We're hiring! - Visit the Tenable website for more information about open positions.
• Check out our video channel on YouTube which contains new Nessus and SecurityCenter 4 tutorials.
• Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
• Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
• You can subscribe to the Tenable Network Security Podcast on iTunes!