Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 59

Welcome to the Tenable Network Security Podcast - Episode 59

Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst

Special Guest: Carlos Perez, Lead Vulnerability Research Engineer

Announcements


Stories

  • Nessus Plugin 50658: Stuxnet Detection (uncredentialed check) - Stuxnet has been one of the most talked about pieces of malware this year. Nessus can now detect Stuxnet on the network!
  • Passwords Are Not Safe - Each week I keep seeing more powerful GPUs, cheaper prices on the hardware, and more software becoming available for intense password cracking. You could build a machine with multiple CPUs, tons of RAM, and multiple GPU cards for well under $5,000 and crack passwords at lightning speed. I think we need to move beyond passwords and require another form of authentication in addition to the password. This seems so simple, why don't we do it?
  • "That's Too Hard" - We've all heard it before, the "that's too hard" excuse when it comes to information security. A much better excuse is "That doesn't align with our business goals or acceptable risk levels". Dave outlines several common areas where the "it's too hard" excuse comes in, such as application whitelisting, secure coding, and outbound network ACLs and filtering. He also mentions the "cowboy culture in IT". I agree, some administrators are too quick to pull the trigger and change management can help. However, I've been in a situation where I had to jump in and "save the day" (capes may have even been involved) and my entire group was labeled as "cowboys". This really hurt our reputation in the organization and made things difficult for us for quite some time. Be careful with change management and cowboys, because it is a double-edged sword.
  • On Security Conference Themes: Offense *Versus* Defense – Or, Can You Code? - I agree, offense is sexy, it's definable, and it's demonstrable. However, what about defense? Many security conferences are filled with talks about the latest and greatest ways in which to penetrate systems. That's great, and don't get me wrong, I love talking about offense. However, defense is important, except it's not as sexy, not as definable (well, at least it's different for each person/organization), and it's not as demonstrable. One of the things I will be working on in the next few months: making defense sexy.
  • Nessus Parsing 101 - This is a great little write-up that shows you how to implement some Bash scripts to do basic parsing of NBE files. While I use many different methods to parse, sort and create reports from Nessus results, sometimes a quick and dirty Bash command is the best method, and this tutorial does a nice job!

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.