In this introductory course for Tenable.sc (formerly SecurityCenter) participants will learn to create scans for vulnerability data acquisition and use analysis tools and asset lists for basic data analysis. Participants will become familiar with Predictive Prioritization by utilising the Vulnerability Priority Rating (VPR), learning about reporting options available and performing basic report creation and report dissemination. Hands-on exercises related to the discussed topics will be performed throughout the class in a lab environment.

Session Details

• 9:00AM - 9:45AM | Introduction to Tenable.sc
• 10:00AM - 10:45AM | Complementing Tenable.sc with Tenable.io
• 11:00AM - 11:45AM | Vulnerability scanning
• 12:00PM - 1:00PM | Lunch break
• 1:00PM - 1:45PM | Asset lists
• 2:00PM - 2:45PM | Vulnerability analysis
• 3:00PM - 3:45PM | Dashboards
• 4:00PM - 4:45PM | Reports

In this introductory course for Tenable.io users, students will learn how to gather and share vulnerability data, contextualise and analyse that data and easily distribute reports to key stakeholders. Participants will become familiar with Predictive Prioritization by utilising the Vulnerability Priority Rating (VPR) score and the Lumin interface to identify and track assets. Hands-on exercises related to the discussed topics will be performed throughout the class in a lab environment.

Session Details

• 9:00AM - 9:45AM | Introduction to Tenable.io
• 10:00AM - 10:45AM | Asset discovery methods
• 11:00AM - 11:45AM | Asset tracking in practice
• 12:00PM - 1:00PM | Lunch break
• 1:00PM - 1:45PM | Managing assets, asset reporting
• 2:00PM - 2:45PM | Vulnerability management and assessment overview
• 3:00PM - 3:45PM | Vulnerability assessment methods, measuring assessment success
• 4:00PM - 4:45PM | Vulnerability analysis

Ready to take your Tenable.sc (formerly SecurityCenter) skills to the next level? In this advanced course, we will discuss how to perform host-by-host security data reporting and how to generate warning indicator dashboards and alerts, as well as how to measure key performance indicators (KPIs) in your infrastructure using Assurance Report Cards. Participants will learn advanced scanning techniques to minimise network impact, maximise scan performance, scan fragile environments and assess compliance. Hands-on exercises related to the discussed topics will be performed throughout the class in a lab environment. PREREQUISITES: Assumes operational familiarity of scanning with Tenable.sc

Session Details

• 9:00AM - 9:45AM | Dashboards and alerts
• 10:00AM - 10:45AM | Custom reporting
• 11:00AM - 11:45AM | Assurance Report Cards
• 12:00AM - 1:00PM | Lunch break
• 1:00AM - 1:45PM | Advanced scanning
• 2:00PM - 2:45PM | Scan policy tuning
• 3:00PM - 3:45PM | Policy and compliance auditing
• 4:00PM - 4:45PM | Complementing Tenable.sc with Tenable.io

How do your assessment practices stack up against those of  your competitors? Assessment Maturity is a key metric in Tenable Lumin that provides an aggregated bird's-eye view of one facet of a good cyber hygiene programme, namely how thoroughly organisations assess their network. This view takes into account the following factors: scanning frequency; the percentage of an organisation's assets that are actively scanned; the usage of authenticated scans; and the percentage of plugins included in an organisation’s scan policies. These attributes are distilled into a single assessment maturity score that can be benchmarked against industry peers and the general population. The reasoning behind this metric, and some key insights, will be illustrated in detail. In this session you’ll learn:

• How thoroughly do organisations scan their assets?
• Are some device types scanned more or less often than others?
• How does assessment maturity vary across organisations?

Are you looking to build and execute a pragmatic vulnerability management transformation programme for your organisation? Understanding the business impact of vulnerabilities, prioritising remediation, coordinating activities and continuous improvement are core aspects of a sound vulnerability management strategy. Undertaking such an effort often requires you to incorporate multiple processes and integrations across your organisation. For many, this effort can include customer integrations or manual interventions which can slow the process, reduce consistency and provide poor metrics to motivate your stakeholders. Failure hardens silos, fosters a blame culture and increases risk. Success drives a cultural change in the business that reduces risk and encourages collaboration. We’ll explore how Tenable and ServiceNow have worked together in customer environments to radically reduce remediation times and demonstrate the value of a vulnerability management programme to business stakeholders. In this session you’ll learn:

• How to change the culture in the wider business around vulnerability management
• How to demonstrate the business risk context of a vulnerability
• How to drive measurement and continual improvement in processes and risk posture

Create, develop and enhance your security programme from top to bottom with these simple approaches and techniques. Setting yourself up for success correctly in the long term is often complicated and misunderstood, especially when dealing with today’s modern attack surface. Whether you have inherited a programme, have a disjointed programme or are simply building out your own programme, understanding the key success factors and the programme blueprints is essential. In this session, we will provide a blueprint and structure to follow while building your vulnerability management programme. We will outline big and small examples of project success and discuss simple feature enhancements. In this session you’ll learn:

• How and when to use the Tenable resources and techniques available to you to get the most out of your security programme
• Ways to approach all landscapes — including virtual machines (VM), containers, web applications and the cloud — with a new level of certainty
• Tips and tricks based on proven success stories and methods, latest product feature utilisation and strategy insights

Is your business doing vulnerability management as an audit tick-box exercise or are they really serious about securing the environment? As a veteran Cybersecurity Consultant, Steve Gillham has seen it all. In this session, we’ll discuss how to find all your assets (even those no one else knows about), why manipulating the results to meet audit points is dangerous, why frequency of scanning is important and how you can work smarter by using Tenable’s Vulnerability Priority Rating (VPR) to reduce the risk of a breach. In this session you’ll learn:

• How to use VPR to make your business more secure more quickly
• Why using VPR is a smarter way to tackle the problem of fixing millions of vulnerabilities
• How to create dashboards for displaying information beyond the normal vulnerability management metrics

Back in the day, before bug bounty programmes, vulnerability disclosure was an extremely risky venture for vendors and researchers alike. Public zero-day disclosures were prevalent and full-time bug hunting wasn’t a career like it is today. In this session, we’ll discuss the evolution of bug hunting and vulnerability disclosure practices over time, the pros and cons of various disclosure policies, bug bounty programmes and the experiences and insights of Tenable’s Zero Day Research team when interacting with vendors. Understanding vulnerability disclosure from a researcher's perspective is important for any security team that want to effectively field external vulnerability reports. In this session you’ll learn:

• The pros and cons of “responsible” versus “full disclosure” policies
• The benefits and drawbacks of bug bounty programmes
• Best practices for handling and fielding reports from external researchers

During this session, we’ll look at how companies have traditionally prioritised vulnerabilities — and the patching processes they have built to remediate them. We will discuss why these processes are unworkable in the modern world and don't have the desired effect of reducing risk sufficiently. We will also explore how these processes could be reworked using Tenable’s Predictive Prioritization and discuss how to use virtual patching to target the important vulnerabilities first whilst reducing downtime to the business caused by deploying large numbers of individual patches. In this session you’ll learn:

• Real-life applications of Tenable’s Predictive Prioritization
• Practical ways to rework your remediation processes
• The business benefits of changing your approach to vulnerability prioritisation

Exploit Kits (EK) represent one of the most common client-side attacks targeting the user. While EK activity has declined in the past 18 to 24 months, these tools still pose a threat to organisations, having been repurposed to deliver cryptomining payloads, among other examples. In this session, we’ll explore which EKs have had the highest level of activity thus far in 2019 and the vulnerabilities they are exploiting. Armed with this information, defenders can focus remediation efforts on eliminating EKs as a risk. In addition, we will show how Tenable’s Vulnerability Priority Rating (VPR) integrates threat-centric intelligence to automate this effort. In this session you’ll learn:

• Which CVEs are most commonly targeted by threat actors using Exploit Kits
• How defenders can eliminate EKs as an imminent threat by selective remediation of key vulnerabilities
• How Tenable capabilities can help with identification of these risks and their prioritisation for mitigation

Secure transport is a crucial part of IT security in any corporate environment. The widespread adoption of agile practices means small independent teams develop and manage their tooling, causing deployed setups of Secure Sockets Layer/Transport Layer Security (SSL/TLS)-based services to diverge. While online tools are available for monitoring SSL/TLS configurations, assets in restricted network zones are harder to monitor. In the session, we’ll discuss our Tenable.sc-based solution to help with TLS/SSL monitoring. We’ll show how we integrate external tools with Nessus, using custom Nessus Attack Scripting Language (NASL) plugins and audit files, to provide a comprehensive and insightful vulnerability assessment and configuration monitoring process. We’ll show how the depth and quality of your Cyber Exposure data could be improved using already-deployed Nessus products and how we approach monitoring of proprietary assets. In this session you’ll learn:

• How to approach monitoring of SSL/TLS-based services
• How to enhance Nessus and Tenable.sc capabilities by deploying custom audit files and NASL plugins
• How to assess the cost effectiveness of developing custom solutions

Cybercriminals are leveraging sophisticated tools to automate their attacks. For them, unattended attacks executed at machine speed are a powerful advantage. To defend against these attacks, security operations center (SOC) teams need to incorporate integration, automation and orchestration as core defence strategies. In this session you’ll find out how security information and event management (SIEM) and security orchestration, automation and response (SOAR) technologies from Splunk — integrated with Tenable.sc and all your other security tools — can help SOC teams respond to threats and attacks at machine speed. In this session you’ll learn how our joint offering helps you to:

• Automatically feed security and vulnerability status/context data directly into the SIEM environment to quickly generate well-qualified events and alerts
• Automate decision making and orchestrate your entire suite of security tools in customisable playbooks
• Utilise this power combination of tools to reduce costs while increasing the SOC’s response speed, effectiveness and coverage

Persistent vulnerabilities are a common phenomenon across the industry, with some examples lingering over years in end-user environments. In this session, we’ll explore what characterises a persistent vulnerability, what you can expect during its lifecycle and how widespread these are. Further, we will discuss the lessons we can learn from investigating the overall trends on vulnerability remediation data. We will present a vulnerability survival view, then define persistence and delve into some of its causes using example CVEs. Finally, we will touch on the importance of economic incentives for defensive strategies. In this session you’ll learn:

• What lessons can be drawn from the remediation velocity of vulnerabilities
• Which factors influence the persistence of vulnerabilities and inhibit remediation — across the global user population
• Why it's important to think about economic incentives for defensive strategies and prioritisation

Awareness of the vulnerability and exploit ecosystem and supply chain — and understanding the economic incentives driving the players — is important to help cybersecurity professionals evaluate and act on information from the media, vendors and threat intelligence providers. In this session, we’ll share highlights from our recent research into cybercrime economics. Using Open Source Intelligence (OSINT) data — including Darknet, threat Intelligence, third-party reports and research and media articles — the study examines the available data on vulnerability research, exploit development and cybercrime economics to compile a supply chain model with associated economic data. We also look at the role bitcoin plays in enabling the black market in cybercrime, especially in the exploit market and related threat types, such as Exploit Kits. In this session you’ll learn:

• What the actual end-to-end ecosystem for vulnerabilities and exploits looks like
• How the industry and community intersect with the threat ecosystem when it comes to vulnerability research
• How much a vulnerability or an exploit is worth on the open market, and how such knowledge can be used to better manage vulnerabilities

Translating security data into a metric you can use to provide a clear, concise answer about the state of your organisation’s security posture is a massive challenge. With the introduction of the Cyber Exposure Score — an essential feature of Lumin — Tenable are delivering that metric. In this talk, we will take a deep dive into the data science underpinning the Cyber Exposure Score and discuss how you can use the score to measure and manage security programme effectiveness. In this session you’ll learn:

• What factors influence the Cyber Exposure Score
• How the Cyber Exposure Score is calculated
• Tenable’s vision for the future of the Cyber Exposure Score

How to Win Friends and Influence People, released in 1936, is one of the most influential and bestselling non-fiction books ever. The principles espoused by author Dale Carnegie remain as relevant today as they ever were for those of us working to remediate vulnerabilities, when working relationships with IT operations teams are often put to the test. Whether you’re grappling with operational priorities, colliding egos or any number of other interpersonal challenges, you’ll find value in honing your non-technical skills. This is especially true when it comes to collaborating with your IT administrators and managers to remediate those vulnerabilities with a high Vulnerability Priority Rating (VPR). In this session you’ll learn:

• The timeless principles of How to Win Friends and Influence People — and how to put them into practice in your vulnerability remediation efforts
• Why you should never say, "you're wrong"
• The only way to get “the best” of an argument

Regulators keep raising the bar while hackers increase their fraudulent activities. As a result, it is very hard for cybersecurity professionals to cope with a wide list of requirements — especially in large, heavily regulated enterprises with thousands of assets to protect. In this session, we’ll explore how to automatically create customised audit files based on the nature of each asset, launch compliance checks using Tenable.sc (formerly SecurityCenter) APIs and monitor the lifecycle of deviations using a customised cockpit. In this session you’ll learn:

• Ways to leverage APIs in Tenable.sc
• How to manage the complete lifecycle for compliance deviations
• How to build customised and automated compliance checks depending on the nature of the asset