The Importance of Identity and Access Management (IAM) in Cloud Infrastructure
July 7, 2021How to manage human and service identities, and their entitlements, to secure your cloud infrastructure.
Elon Musk and YouTube Advertising Scams: Fake SpaceX “Coin” Promoted in Ads During Cryptocurrency Videos
June 24, 2021Scammers are on pace to steal nearly $1 million USD from unsuspecting users through a popular decentralized finance protocol, Uniswap, by abusing YouTube to promote a fake SpaceX coin as part of ads a...
10 Reasons Why Websites STILL Get Hacked
June 21, 2021Even with all of the cybersecurity solutions on the market today, websites are still getting hacked by attackers. Find out how your organization could be exposed to hackers
Configuring The Ports That Nessus Scans
June 21, 2021When only select ports require scanning, use these easy steps to define themWhen assessing targets with a network scanner like Nessus, a common question is "How do I control the ports that Nessus test...
Why Privileged Access Management (PAM) Fails Cloud Infrastructure…and What to do About it
June 20, 2021PAM, its challenges for AWS, GCP and Azure environments — and CIEM as a solution.
False Negatives in Attack Surface Mapping
June 10, 2021Attack surface mapping tools can miss assets for a wide variety of reasons. Here we list 15 such scenarios, including a broken DNS server, the use of round-robin DNS and ephemeral infrastructure.
A Powerful Tenable.asm Feature: HTML Search
June 7, 2021Find out why Tenable.asm’s HTML search capability is so practical and powerful, as it offers nearly infinite flexibility to build whatever search you need to and report on it expeditiously.
Zero Days Do Not Wait for CVEs
June 3, 2021Learn why an attack surface map can provide invaluable and unique help in detecting zero day vulnerabilities.
Using AWS Condition Context Keys to Reduce Risk: A Least Privilege Cheat Sheet
May 25, 2021As strong advocates of least privilege, we believe these AWS keys can be quite effective — if they can be easily understood. Here’s a handy guide.
The Right Way to do Attack Surface Mapping
May 21, 2021The key to mapping out your attack surface accurately is to scan all of your organization's assets, develop an asset inventory list and find shadow IT.
Least Privilege Policy: Automated Analysis Trumps Native AWS Tools
May 18, 2021Here’s what you need to know about AWS methods for granting and controlling access, plus native tools for detecting and repairing excessive permissions.
Passive DNS Is the Wrong Way To Do Attack Surface Mapping
May 13, 2021When identifying a corporate attack surface, passive DNS can be useful but it won’t be comprehensive by itself, so it should be part of a more holistic program.