Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable at SOURCE Boston

Tenable is again returning to the SOURCE Boston conference, held at the Seaport Hotel from April 21-23. This year Tenable will be delivering three presentations: Tenable CEO Ron Gula will be presenting a talk titled “How to Detect Penetration Testers” on Wednesday from 10:00am to 10:50 am; Carole Fennelly and Kelly Todd will be participating in the Vulnerability Management panel on Thursday from 10:00 to 10:50; and Paul Asadoorian will be presenting a talk titled “Embedded System Hacking and My Plot to Take Over the World” from 2:00 to 2:50 on Thursday. This blog provides a brief overview of these presentations.

Ron Gula’s talk, “How to Detect Penetration Testers” describes methods of detecting authorized penetration testers from a variety of technical and political aspects. Very often audit organizations feel the need to run a “surprise” audit on one of their divisions. This is intended to see how the target organization reacts to an unannounced penetration attempt, but very often results in disrupted production services and a lot of political finger pointing. This presentation provides tips and insights to make better use of firewall logs, netflow data and systems logs both to protect from situations that will embarrass the security program as well as protect resources from the real intruders.


Carole Fennelly will be moderating a panel discussion on vulnerability management that covers various aspects of the vulnerability management cycle: initial detection of anomalies and vulnerabilities; the assignment of common names for easy identification, using available information to gather appropriate remediation measures, pros and cons of patch testing, and how vulnerability management can be improved as an overall process. Panelists include HD Moore of Metasploit; Chris Wysopal of Veracode, Steven Christey and Bob Martin of MITRE Corporation, Jonathan Klein of Broadridge Financial Solutions and Kelly Todd of OSVDB. The goal of this panel is to determine what works, what doesn't work and what can be done to help improve processes, procedures and remediation techniques.

Paul Asadoorian’s presentation, “Embedded System Hacking and My Plot to Take Over the World” analyzes common vulnerabilities in popular embedded systems that carry sensitive data every day. Embedded systems simplify tasks for the end user but typically implement very little security. This presentation will demonstrate the abundance of these systems and vulnerabilities by using public source and new scanning methods. Solving the problem is more difficult but starts with changing both the developers and user's perception of embedded systems technology. This presentation will cover:

  • Finding embedded system vulnerabilities on a large scale
  • Ways to exploit embedded vulnerabilities and hide from the end user
  • Why controlling embedded systems is so powerful (and how they could be used to take over the world)
  • Ways to mitigate the potential threat
  • Explore some longer term solutions for embedded systems security

If you are attending SOURCE Boston, we hope you can stop by one of our presentation or visit the Tenable booth on the Mezzanine level (booth #5) to pick up some of the latest information about upcoming Tenable products!

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.