Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable Network Security Podcast - Episode 20

Welcome to the Tenable Network Security Podcast - Episode 20

Announcements

Interview: Mike Murray

mikemurray.jpg


Mike Murray is currently the managing partner of Michael Murray and Associates, as well as a founder in a new company called Mad Security. He has spent his entire career in information security, from his work in the late 90's as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group. Mike's interests and aptitudes are broad - he and his team at Michael Murray and Associates, LLC focus on assisting information security organizations with their human systems, from their information security awareness to their organizational design and efficiency and the career paths of the individuals within the industry. His focus at Foreground Security is to lead Foreground's security engagements and training organization, assisting with curriculum and methodology development, staff development, and security planning and execution. Mike is a widely reknowned speaker, and his talks on a wide variety of topics have been seen at major conferences like RSA, SOURCE, InfoSecurity Canada and Defcon. Mike's thoughts on security can be found on his blog at Episteme.ca, and his work on helping build careers can be found at ConnectedCareer.com. He has written technical articles in publications including BusinessWeek Online and Sys Admin, as well as a regular column on The Ethical Hacker Network.

Stories

  • One Exploit Should Not Ruin Your Day - This post by Dino Dai Zovi re-itterates, quite well in fact, much of the post-Aurora Exploit banter. It boils down to this: If you let one unpatched vulnerability be the gateway to your network and all its information, you've for bigger problems than just patching that one vulnerability. Dino goes on to say that network and information segmentation can go a long way to protecting your assets.
  • Undisclosed Breaches - This article details how in certain circumstances, a credit card company does not have to disclose the merchant that may have been the cause of a data breach. This seems silly to me, as a consumer I want to know which merchant was at fault, so I can find an alternate merchant to do business with. Breaches happen, and its important that we know at least who is involved so we can make intelligent decisions.
  • Four Steps For Trimming Patch Management Time - This article covers some common sense tips for implementing the patch management process. How to prioritize the deployment and make sure that you test the patches. For priority, sure, you definitely want to have a sense of what can be patched, how long it takes, and what the impact will be. However, this is still just skirting the issue. Client software is the real problem, so fix it. If you are running your business and relying on Internet Explorer 6 to interact with a web application running vulnerable code, thats the real problem (not your patch management process). While there will be costs involved, your choice of the software you use has more of an impact on the security of your organization than does how fast you can patch the browser. There are other vulnerabilities lurking out there, some of which the bad guys have written exploits for, so you have to do better than just applying patches. Also, this article covers how you should go about "testing the patch". I'd also add that you need to make sure the patches have been applied to all of the systems correctly.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training