Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 83

Welcome to the Tenable Network Security Podcast - Episode 83

Hosts: Paul Asadoorian, Product Evangelist, Ron Gula, CEO/CTO, Carlos Perez, Lead Vulnerability Researcher

Announcements

  • A new blog post has been published:
  • Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. The latest two videos are updates to older videos and cover basic vulnerability scanning and local patch checking using Nessus.
  • We're hiring! - Visit the Tenable web site for more information about open positions.
  • You can subscribe to the Tenable Network Security Podcast on iTunes!
  • Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics and more!
  • A new Nessus plugin is being released into the feed that will identify the device type of your targets. For example, if Nessus finds that a device is running Cisco IOS, it will flag it as device type: router. This is useful when reporting, trending, and "dashboarding" with SecurityCenter.
  • A new promotion is being run: All new Nessus Professional Feed users will receive a free demo of the Nessus Perimeter Service.
  • Upcoming Product Releases: SecurityCenter 4.2 and LCE 3.6.1. One of the major new features of SecurityCenter 4.2 is the ability to share dashboards. You can visit our dashboards page for a sneak preview.

Stories


  • Using Google Web Search to Find Compromised Google Images - "...even though the image is actually hosted on a server at enterupdate.com, Google will display the image preview and site information as though it's from the referring (compromised) site." This is a pretty big problem and I hope the smart folks at Google can come up with a solution. I still like the idea of the "petri dish", and having a virtual system surf to the pages and see if it gets infected.

  • Architect of Great Firewall of China 'takes shoe to face' - "The creator of the Great Firewall of China was reportedly pelted with shoes and eggs during a visit to Wuhan University last week." I hope you treat your firewall administrators better.

  • How to stop your executives from being harpooned - First, the article talks about "spear phishing", "whales", and "harpooning" but has nothing to do with attacks on killer whales or references to Star Trek: The Voyage Home. The article does try to give us some tips on how to prevent your executives from successful social engineering attacks. Some of the advice is okay, some is just buzz words we've always heard like "user education". I do agree, by socially engineering your own users you can create a culture of awareness. I think every organization should do this. However, I also believe that it only takes one user and one skilled social engineer to have an attack be successful. This is where technology comes in to help you; unfortunately, it's typically too late. The article does say one thing that I find a bit out of place: "you can't rely on automated security tools to safeguard your user, information, and network -- you have to do hands-on investigation and monitoring as well." I think its misguided to say that you can't "rely" on automated tools. They are just that, tools, and you need people who know how to use the tools in order to get things done. When you build a house you are going to use hammers. In fact, you may even have automatic nail guns to assist you. But you can't just expect these tools to build the house... you need people with skills.

  • Cold calling scams return with a twist - I've heard this story before: a user gets a call from "Microsoft Support" and walks the user through purchasing and installing the solution. Of course, the criminal makes out with the cash and gets the user to install malware. Brilliant!

  • Sony hit again with two hacks - Do I dare say "poor Sony"? They just can't seem to catch a break this week, logging to more security breaches that hit the media this week. As if the Sony rootkit wasn't enough....

  • Battling 'Breach Fatigue' - Goes with Less Talk, More Action - "A fight breaks out between giant robots, pirates, and ninjas. Who wins?" At what point are we just talking about things that don't really matter?

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.