Tenable blog
How To Clean Up Your Cloud Environment Using Tenable Cloud Security
DOJOSEC - Compliance Presentation
The next DOJOSEC is this week. I've been invited to speak about the latest compliance trends in PCI and FDCC. Also presenting will be Shaf Ramsey of TechGaurd Security and Dale Beauchamp of the Transportation Security Administration. Mr. Ramsey will discuss the future of virtual worlds such as HIPIH...
Marcus Ranum PaulDotCom Interview on Penetration Testing
Tenable's CSO, Marcus Ranum, was recently interviewed on the PaulDotCom Security Weekly podcast. They discussed a wide range of topics regarding penetration testing, secure coding, Marcus's "6 Dumbest Ideas" in computer security and much more.Full PaulDotCom show notes.Direct link to the show's MP3 ...
PCI Executive Roundtables in New York and Atlanta
Tenable Network Security has partnered with IANS to sponsor two executive level PCI discussions in New York City and Atlanta. Both events are this week, and we have limited seating available for corporations who are facing the challenges of being and demonstrating PCI compliance. Questions to be ans...
Nessus turns 10 !
Ten years ago today, I announced the initial public release of Nessus on the bugtraq mailing list. The initial version would run only on Linux and was bundled with 50 plugins (vulnerability checks) written in C. At that time I was 18 and I had no idea I would still work on it years later (or that an...
Being the Caveman - Tenable Style
After reading Richard Bejtlich's "Be the Caveman" blog post about the convicted hacker Robert Moore, I felt it would be interesting to show how unifying vulnerability monitoring, configuration auditing, passive network discovery and log analysis helps organizations detect intruders. This b...
Using Nessus Configuration Audits To Test FDCC Compliance
Tenable has recently announced FDCC audit policies for Nessus ProfessionalFeed and Security Center users. These policies help government organizations test Windows XP Pro and Vista desktops against OMB's required configuration settings. This blog entry describes how this testing can be performed wit...
Digital Bond OPC Hardening Guide
If you are using Nessus to audit a control system network, Digital Bond has recently released a set of guidelines (part 1, 2 and 3) for securing OPC servers. These guidelines include three Nessus configuration audit policies (for use with Direct Feed subscriptions) to test OPC servers running under ...
Finding Sensitive Data as a Consultant with Nessus
There are many consultants that use Nessus to scan a customer network for vulnerabilities and report a laundry list of security issues which need to be fixed. Another valuable service that can be performed by a consultant is to audit where sensitive data resides in an organization and what sort of a...
CIS Certified Windows 2003 Member Server Audits
Tenable Network Security was recently awarded Center for Internet Security (CIS) certification to perform audits of Windows 2003 Member Servers through Nessus Direct Feed and/or Security Center agent-less scans. Windows 2003 Member Servers are Windows 2003 operating systems which host applications ...