Tenable Blog

I recently worked with a customer who asked for advice on the following “virus” events:

They were seeing “virus” traffic more or less continually. If you run a network IDS, and operate a busy email server, you will likely sniff virus traffic contained in inbound email messages.

Last week Microsoft released 13 security bulletins covering 34 vulnerabilities, much to the delight of overworked system administrators who now have to roll out and test the patches in their environment. Organizations are most likely at different stages in the patch deployment process, some may still be testing and some may have the patches rolled out to the entire environment. What all organizations have in common is the need to verify that patches have been installed properly. Nessus has several features, including credentialed scanning and plugins that list missing patches and can assist in the patch verification process. We have produced a short video that demonstrates how to run this type of scan:

Tenable Network Security was ranked 290th on the Deloitte 2009 Technology Fast 500™ program. This program ranks the fastest growing companies in technology, media, telecommunications, life sciences and clean technology in North America. Rankings are based on the percentage of fiscal year revenue growth during the past five years. Tenable’s revenue grew 441% during this period.

Black Tuesday

This month Microsoft released 13 new security advisories. While 13 sounds like a moderate number, digging into each of the security advisories reveals that each one actually patches multiple vulnerabilities, bringing the grand total to 34 individual vulnerabilities. Couple that with the recent Adobe announcements disclosing 29 vulnerabilities with the Adobe Reader product and release of the associated patches and administrators have their work cut out for them (note that Nessus plugins have been released to detect these vulnerabilities, refer to plugin id 42119 and 42120). Assessing the risk for your organization when there are this many patches in common software can be a daunting task, but an important one. While both Microsoft and Adobe attach a severity rating to each advisory, organizations need to evaluate the risk each vulnerability poses to their specific environment and implement a patching cycle that is most effective at reducing risk for them. For example, the Microsoft IIS FTP server remote exploit vulnerability has a “critical” rating, but if you are already implementing mitigating factors, or are not running IIS on mission critical systems, then you will want to focus your efforts on getting other patches tested and installed first.

Welcome to the Tenable Network Security Podcast - Episode 7

Announcements

• New blog post going up today on the experiences at Cyberdawn, a cyber exercise that puts hackers against defenders in a realistic environment.
• Attention Security Center customers! A new version of Security Center, 3.4.5, has been released and is available for download in the customer support portal (Security Center customers can find the release notes the discussion portal). It includes such improvements as web application scanning support.
• Paul Asadoorian was interviewed on Securabit Episode 40 and discusses all things Nessus and some of the features in our enterprise products such as Security Center and the Passive Vulnerability Scanner (PVS)
• Paul Asadoorian spoke at the Louisville Infosec conference on web application security on October 7, 2009
• As always be sure to check out our blog at http://blog.tenablesecurity.com

Interview: John Bos - Cybrex, LLC

John Bos joins us to talk about his 10 years of experience with the Defcon CTF and his team "sk3wl0fr00t".