Tenable Blog

Recently, a Tenable customer asked me if we had any plans or capability to perform brute force password cracking with Nessus. For those familiar with Nessus, this wasn't about testing for default user accounts during a network scan. The customer was asking to obtain the encrypted password databases from Windows and UNIX and try to brute-force their contents offline to find weak passwords. This particular customer was running several different password cracking tools across several different operating systems.

One of Tenable's advisors, Gene Kim, CTO of Tripwire and lead researcher of the IT Process Institute's "IT Controls Benchmark Survey", was recently interviewed by Richard Stiennon about how IT Controls not only help run networks more efficiently, but how they can make a network more secure.

Tenable has had many of our customers call in to discuss ways they can look throughout their enterprise to find the latest round of security issues from the last "Microsoft Tuesday". Here is a quick list of things you can look for with our products:

Recently, Tenable was asked about detecting DNS servers that were configured to respond to DNS "recursion" queries.

Tenable released a TASL script for the Log Correlation Engine that can use netflow, sniffed network sessions, firewall logs and even network IDS logs to help identify botnets, maleware and zombie networks.