Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Securing a Happy Valentine’s Day

People approach security much the same way they do love. Some are romantics. Others are realists. To celebrate Valentine’s Day, here are inspirations by Tenable’s team of security experts.

Tough Love

by Jack Daniel, Technical Product Manager

Valentine's Day is supposed to be a day celebrating love, but I ask organizations to celebrate by not loving their security environment. Love means overlooking the little faults, finding odd behaviors endearing, and certainly not looking to upgrade. That sounds too much like what we already see in problem environments and is the opposite of what we need to secure our systems and networks. We need to find and root out faults and inconsistencies, and continuously improve ourselves and our systems. But it's still cool to pick up flowers (or better yet, bourbon) on your way home.

Ode to Syslogs

by Marcus Ranum, CSO

It's been 28 years, and syslogs are still as beautiful and interesting as the day I first discovered them. For being there when I needed them, and standing by me in my dark hours, I will always love my logs.

The Quest for APTs

by Ron Gula, CEO

The hunt for malware on your network is not unlike a quest for love. We look in all the usual places to find something interesting, not knowing exactly what we are looking for until we find our ideal match. You might have a phone number of a person you want to meet and this is much like having an indicator of an IP or a hash to find some malware. Finding real evasive malware that doesn’t fit any of your indicators is also like the unexpected sparks that fly when you meet that special someone for the first time. So while you are writing Valentine’s Day cards to your auditors and your CIO, don’t forget to leave a note in a README file somewhere on your network for the malware writer who you know is on your network, but you haven’t found yet.

Show Your Router Some Love

by Paul Asadoorian, Product Evangelist

My Valentine’s Day security thoughts are deeply rooted in embedded systems, specifically those found on almost every high-speed Internet connection. Attackers are reported to have compromised these systems, and turned them into port scanning machines, looking for port 80 and 8080. There is a long history of reported vulnerabilities, and associated attacks against routers used by many to protect their home Internet connections. The scary thing is that they often go unpatched, as firmware updates must be applied manually, and the typical home user is not aware that firmware updates even exist. So, this Valentine’s day, show your routers some love, change those default passwords and update your firmware. Your router will love you back in return.

Users Complete Me

by Space Rogue/C. Thomas, Technical Manager

It’s all about the users. We forget that sometimes. We protect our networks and our data, erect firewalls, conduct audits, examine logs, and install patches. Why? It’s our users. Deep down we really do love them. Yes, they choose weak passwords, they click on stuff, and they use their phones to connect to every WiFi network they see. But we still love them. We try to talk to them about SSL and they give us that oh-so-cute, deer-in-the-headlights look with their "But, but, Instagram...," reply. Sure, sometimes they forget their password, for the fifth time, this week, and yes we get angry with them. We complain to our other infosec friends about just how clueless our cute little users are but once in a while we get a suspected phishing email reported to us before they clicked on anything and well, that just makes it all seem better. So this Valentine’s Day, despite our cold curmudgeonly hearts, and those disapproving looks when you told us your computer was running slow, we want you to know, we do love all of you users. You are why we are here.

Don’t Share with Friends and Family

by Kenneth Bechtel, Malware Research Analyst

Today the majority of malware infects via drive-by downloads. That means infection by visiting compromised legitimate websites or clicking links distributed with social engineering in mind. When clicking that link on your favorite social network or email, ask yourself: “Does this sound legitimate, is it something the poster would normally post or say? Is it something cryptic—‘You'll never believe what happened next’?” Are you expecting an invoice from that company you never heard of? Why risk your computer and your online reputation? A little common sense still goes a long way. Your friends and loved ones will love it when you DON'T share malware infections with them, they may appreciate this advice as well.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training