Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 20

Welcome to the Tenable Network Security Podcast - Episode 20

Announcements

Interview: Mike Murray

mikemurray.jpg


Mike Murray is currently the managing partner of Michael Murray and Associates, as well as a founder in a new company called Mad Security. He has spent his entire career in information security, from his work in the late 90's as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group. Mike's interests and aptitudes are broad - he and his team at Michael Murray and Associates, LLC focus on assisting information security organizations with their human systems, from their information security awareness to their organizational design and efficiency and the career paths of the individuals within the industry. His focus at Foreground Security is to lead Foreground's security engagements and training organization, assisting with curriculum and methodology development, staff development, and security planning and execution. Mike is a widely reknowned speaker, and his talks on a wide variety of topics have been seen at major conferences like RSA, SOURCE, InfoSecurity Canada and Defcon. Mike's thoughts on security can be found on his blog at Episteme.ca, and his work on helping build careers can be found at ConnectedCareer.com. He has written technical articles in publications including BusinessWeek Online and Sys Admin, as well as a regular column on The Ethical Hacker Network.

Stories

  • One Exploit Should Not Ruin Your Day - This post by Dino Dai Zovi re-itterates, quite well in fact, much of the post-Aurora Exploit banter. It boils down to this: If you let one unpatched vulnerability be the gateway to your network and all its information, you've for bigger problems than just patching that one vulnerability. Dino goes on to say that network and information segmentation can go a long way to protecting your assets.
  • Undisclosed Breaches - This article details how in certain circumstances, a credit card company does not have to disclose the merchant that may have been the cause of a data breach. This seems silly to me, as a consumer I want to know which merchant was at fault, so I can find an alternate merchant to do business with. Breaches happen, and its important that we know at least who is involved so we can make intelligent decisions.
  • Four Steps For Trimming Patch Management Time - This article covers some common sense tips for implementing the patch management process. How to prioritize the deployment and make sure that you test the patches. For priority, sure, you definitely want to have a sense of what can be patched, how long it takes, and what the impact will be. However, this is still just skirting the issue. Client software is the real problem, so fix it. If you are running your business and relying on Internet Explorer 6 to interact with a web application running vulnerable code, thats the real problem (not your patch management process). While there will be costs involved, your choice of the software you use has more of an impact on the security of your organization than does how fast you can patch the browser. There are other vulnerabilities lurking out there, some of which the bad guys have written exploits for, so you have to do better than just applying patches. Also, this article covers how you should go about "testing the patch". I'd also add that you need to make sure the patches have been applied to all of the systems correctly.

Download Tenable Network Security Podcast Episode 20