Tenable Blog

Intel recently announced an escalation of privilege vulnerability in the Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology firmware, versions 6 through 11.6. This vulnerability has the potential of being a proverbial big one. The vulnerability has been part of the Intel chipsets for years, specifically the Management Engine (ME).

Before diving into some initial findings of this year’s Verizon Data Breach Investigations Report (DBIR), here are a few things to remember. First, the report is a subset of all incident and breach data, not a comprehensive study. It is comprised only of Verizon customers and their partners, and should be weighted as such. Second, the DBIR data sources change and diversify every year. This needs to be taken into account when making comparisons from one year to the next. Third, while the DBIR can be extremely useful, it is not gospel.

Safeguarding a network in today’s dynamic threat environment is a formidable task. Mobile devices and an increasing dependence on the internet make the job of maintaining control of network systems and data seem nearly insurmountable. The continual discovery of product vulnerabilities and the advent of malware toolkits ensure that networks are continuously bombarded by increasingly sophisticated attacks.

Knowing what assets you have is arguably the single most important security control. If you don’t know about a server, desktop, laptop, mobile device or network device, how can you manage and secure it? For that matter, what about cloud instances, virtual machines, and containers?

Fewer than 50% of surveyed organizations have implemented automated controls to inventory the systems and devices connected to their networks

Last week the hacker group known as Shadow Brokers published on the internet a large cache of weaponized software exploits and hacking tools targeting numerous vendor products. This fifth release appears to be the largest and most damaging to date, featuring several previously unknown exploits in widely used enterprise IT products and details on alleged U.S. capabilities to access and monitor SWIFT banking transactions.