Predicting Attack Paths
Tenable has published a technical paper titled “Predicting Attack Paths” that describes how to leverage active and passive vulnerability discovery technology to identify in real-time Internet facing services, systems and clients on your network that can be exploited in a variety of scenarios.
Tenable customers can leverage Nessus active vulnerability scanning and PVS continuous passive network monitoring to accomplish this sort of security analysis. Vulnerability data from these sources is managed and analyzed with SecurityCenter. In the paper we offer easy steps to leverage SecurityCenter’s ability to categorize assets based on their exploitability, their level of trust with other systems and if the exploits are client-side vectors or server-side vectors.
The paper also details many different methods in which this information can be leveraged for dashboards, reports, real-time alerts and 3D visualization, such as shown in this screen shot below:
If you are experienced with penetration testing, need to demonstrate security to penetration testers or want to measure how exploitable your network is, this paper will help you leverage Tenable solutions to present clear and comprehensive results that can dramatically increase and demonstrate the security of your network.
In addition to the paper, Tenable has also added an "Attack Path Analysis" playlist of videos to our Tenable Youtube Channel.
Related Articles
Tenable One Exposure Management Platform: Unlocking the Power of Data
November 3, 2022When our data engineering team was enlisted to work on Tenable One, we knew we needed a strong partner. Here’s how we selected Snowflake to help us deliver on the promise of exposure management.
New Data Reveals Company Size May Be Tied To Remote-Worker Cybersecurity Practices
November 15, 2021Employees at the largest firms are least likely to adhere to wifi and password security guidelines.
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
November 22, 2024Don’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against cyberattacks.
Active Directory Under Attack: Five Eyes Guidance Targets Crucial Security Gaps
November 21, 2024A landmark global report from cybersecurity agencies emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the first of our two-part series, we offer five steps you can take today to shore up your AD defenses.
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
November 21, 2024A landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on.
- Data Visualization
- Passive Network Monitoring