Taking IBM QRadar SIEM One Step Further Using Tenable.ad
If you can't continuously monitor Active Directory, it's impossible to achieve full visibility into your evolving attack surface. Here's how combining Tenable.ad with IBM QRadar can help. It's no secret that CISOs are constantly challenged with new cyberthreats across an expanding attack surface. T...
An Introduction to “Scan Everything”
A “scan everything” approach tests and triages every asset to understand your organization’s risk and how to reduce risk quickly and efficiently. ...
Configuring The Ports That Nessus Scans
When only select ports require scanning, use these easy steps to define themWhen assessing targets with a network scanner like Nessus, a common question is "How do I control the ports that Nessus tests during a scan?" This blog covers a number of options, including:How to limit the port scan Choosin...
False Negatives in Attack Surface Mapping
Attack surface mapping tools can miss assets for a wide variety of reasons. Here we list 15 such scenarios, including a broken DNS server, the use of round-robin DNS and ephemeral infrastructure....
A Powerful Tenable.asm Feature: HTML Search
Find out why Tenable.asm’s HTML search capability is so practical and powerful, as it offers nearly infinite flexibility to build whatever search you need to and report on it expeditiously....
Zero Days Do Not Wait for CVEs
Learn why an attack surface map can provide invaluable and unique help in detecting zero day vulnerabilities....
The Right Way to do Attack Surface Mapping
The key to mapping out your attack surface accurately is to scan all of your organization's assets, develop an asset inventory list and find shadow IT. ...
Passive DNS Is the Wrong Way To Do Attack Surface Mapping
When identifying a corporate attack surface, passive DNS can be useful but it won’t be comprehensive by itself, so it should be part of a more holistic program....
Primary Group ID Attack in Active Directory: How to Defend Against Related Threats
The Primary Group ID in Active Directory, created to help manage access to sensitive resources, has become a critical vulnerability that attackers can exploit to escalate privileges without leaving a trace.The Primary Group ID in Active Directory was originally developed to support the UNIX POSIX mo...
How to Stop the Kerberos Pre-Authentication Attack in Active Directory
Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication.As part of the Kerberos authentication process in Active Directory, there is an initial request to authenticate without a password. This is an artifact left over from Kerberos versio...
Crawling Is the Wrong Way To Do Attack Surface Mapping
When analyzing methods to identify assets, crawling should be one tool in the toolbox, but not the only one. If you use crawling exclusively, you’ll likely miss a lot of assets....
What Is VPR and How Is It Different from CVSS?
This blog series will provide an in-depth discussion of vulnerability priority rating (VPR) from a number of different perspectives. Part one will focus on the distinguishing characteristics of VPR that make it a more suitable tool for prioritizing remediation efforts than the Common Vulnerability S...