Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast Episode 184 - "Video Killed the Network Security Star"

Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.

Announcements

Discussion & Highlighted Plugins

  • Passive Vulnerability Scanning Use Cases - You can use Tenable's Passive Vulnerability Scanner (PVS) to support many different efforts in your network security strategy. For example, as part of a vulnerability assessment, PVS solves many problems. There are many points where a network vulnerability scanner can plug in and start scanning, but sometimes it's tough to know where to start. With PVS, you can set it up ahead of time and review a list of collected vulnerabilities before the audit or assessment officially begins. Intrusion monitoring also can make use of passively collected vulnerabilities, using them to correlate to intrusion events and identify other systems with the same vulnerabilities used by attackers to gain access to your network. See Ron Gula's blog post "Adding Passive Vulnerability Scanning To Your Security ToolKit" for more information.
  • "Patches Break Things!" - Believe me, I've been there. I was a Windows systems administrator, and then a UNIX/Linux systems administrator. I've applied my share of patches that have blown things up. Fast forward to today: We just can't afford to wait and test every patch, or have really long patch cycles for everything. We need multiple patch cycles. For example, when it comes to Adobe, you've got to be fast and furious with your patching. Adobe Reader should be an easy win – go ahead and push out those patches. Chances are that breaking Reader won't disrupt business operations (in some cases it may). Another strategy with merit is to patch users in groups. I had forgotten about this strategy, but nothing wrong with segmenting your users and constantly rolling out patches, watching for gotchas. Also, don't forget you can use Nessus for Auditing Adobe Reader JavaScript Settings, in addition to finding out if it's patched.
  • Video Killed the Network Security Star - Two sets of plugins this week deal with video teleconferencing vulnerabilities from Cisco and Polycom. I've personally discovered and exploited similar vulnerabilities on enterprise networks. Attackers come in all different shapes and sizes. While most threats are malware based, you can't disregard the possibility of espionage or targeted attacks, which can be far reaching and damaging. For example, an attacker snooping in on conversations with your company. Groups of attackers are out there collecting information about your organization and selling it to other groups of attackers who use the information to exploit you. Don't give them an opportunity to snoop; patch and harden your video teleconferencing systems!

New & Notable Plugins

Nessus

General

Passive Vulnerability Scanner

SecurityCenter Apps

Security News Stories

  1. Tenable Network Security Executives Win Prestigious Ernst and Young Entrepreneur of the Year® 2013 Maryland Award
  2. Security Spending on the Rise as Threats Proliferate
  3. Look at risk before leaping into BYOD, report cautions
  4. Experts praise Pentagon's march to security standards
  5. Defending against web-based malware: Spot the smoke, don't wait for fire
  6. After Ten Years, Cracks In Microsoft's Patch Program
  7. iOS 7 patches 80 vulnerabilities
  8. Linus Torvalds Admits He's Been Asked to Insert Backdoor Into Linux
  9. Chaos Computer Club: iPhone 5S finger-sniffer COMPROMISED
  10. How I hacked SIM cards with a single text - and the networks DON'T CARE
  11. Flaw In iOS 7 Lets Attackers Take Control Of Users' iPhones

 

 

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.