Tenable Network Security Podcast - Episode 59
Welcome to the Tenable Network Security Podcast - Episode 59
Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst
Special Guest: Carlos Perez, Lead Vulnerability Research Engineer
Announcements
- Don't forget to sign up for Advanced SIEM Webinar Series - November through December
- Be certain to check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials.
- We're hiring! - Visit the web site for more information about open positions.
- You can subscribe to the Tenable Network Security Podcast on iTunes!
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make various announcements, provide Nessus plugin statistics and more!
Stories
- Nessus Plugin 50658: Stuxnet Detection (uncredentialed check) - Stuxnet has been one of the most talked about pieces of malware this year. Nessus can now detect Stuxnet on the network!
- Passwords Are Not Safe - Each week I keep seeing more powerful GPUs, cheaper prices on the hardware, and more software becoming available for intense password cracking. You could build a machine with multiple CPUs, tons of RAM, and multiple GPU cards for well under $5,000 and crack passwords at lightning speed. I think we need to move beyond passwords and require another form of authentication in addition to the password. This seems so simple, why don't we do it?
- "That's Too Hard" - We've all heard it before, the "that's too hard" excuse when it comes to information security. A much better excuse is "That doesn't align with our business goals or acceptable risk levels". Dave outlines several common areas where the "it's too hard" excuse comes in, such as application whitelisting, secure coding, and outbound network ACLs and filtering. He also mentions the "cowboy culture in IT". I agree, some administrators are too quick to pull the trigger and change management can help. However, I've been in a situation where I had to jump in and "save the day" (capes may have even been involved) and my entire group was labeled as "cowboys". This really hurt our reputation in the organization and made things difficult for us for quite some time. Be careful with change management and cowboys, because it is a double-edged sword.
- On Security Conference Themes: Offense *Versus* Defense – Or, Can You Code? - I agree, offense is sexy, it's definable, and it's demonstrable. However, what about defense? Many security conferences are filled with talks about the latest and greatest ways in which to penetrate systems. That's great, and don't get me wrong, I love talking about offense. However, defense is important, except it's not as sexy, not as definable (well, at least it's different for each person/organization), and it's not as demonstrable. One of the things I will be working on in the next few months: making defense sexy.
- Nessus Parsing 101 - This is a great little write-up that shows you how to implement some Bash scripts to do basic parsing of NBE files. While I use many different methods to parse, sort and create reports from Nessus results, sometimes a quick and dirty Bash command is the best method, and this tutorial does a nice job!
Related Articles
Tenable Network Security Podcast Episode 198 - "PCI Discussion Featuring Jeffrey Man"
February 13, 2014<p></p>
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- Podcast