Tenable Blog

No matter which product you have, Nessus®, SecurityCenter™, SecurityCenter CV™, or Passive Vulnerability Scanner™, Tenable can determine if you are at risk of “drowning.”

The DROWN CVE-2016-0800 vulnerability is a cross protocol vulnerability that enables an attacker to decrypt TLS connections between up-to-date clients and servers by sending packets to any server that supports SSLv2 using the same private key.

Protecting your network against attackers is only part of the equation. You have probably seen the statistics. Research tells us that attackers spend an average of 200 days inside a network before being discovered. Prevention isn’t enough. Even with expert staff and sophisticated security solutions in place, can you confidently answer the question, “Am I compromised?” You need a way to proactively hunt for attackers who may have eluded your protective defenses.

“Know yourself” is millennia-old advice, yet today’s IT environments almost always violate this principle. With the widespread popularity of mobile devices, cloud services, and virtualized infrastructures, it’s now incredibly easy for employees and others to introduce new devices or applications to the IT environment without the knowledge or consent of IT. Traditional security tools don’t provide visibility into these areas, so these unknown devices, applications, and services expose organizations to risk and probable attacks.

As pressure grows on the federal government to strengthen cybersecurity in the wake of the OPM attacks, agencies are challenged to find and deploy the best, most efficient security programs to protect private personal information (PPI) and sensitive data. They are also under the gun to demonstrate compliance with standards such as the NIST Cybersecurity Framework, NERC, FISMA and HIPAA.