False Negatives in Attack Surface Mapping
June 10, 2021Attack surface mapping tools can miss assets for a wide variety of reasons. Here we list 15 such scenarios, including a broken DNS server, the use of round-robin DNS and ephemeral infrastructure.
A Powerful Tenable.asm Feature: HTML Search
June 7, 2021Find out why Tenable.asm’s HTML search capability is so practical and powerful, as it offers nearly infinite flexibility to build whatever search you need to and report on it expeditiously.
Zero Days Do Not Wait for CVEs
June 3, 2021Learn why an attack surface map can provide invaluable and unique help in detecting zero day vulnerabilities.
The Right Way to do Attack Surface Mapping
May 21, 2021The key to mapping out your attack surface accurately is to scan all of your organization's assets, develop an asset inventory list and find shadow IT.
Passive DNS Is the Wrong Way To Do Attack Surface Mapping
May 13, 2021When identifying a corporate attack surface, passive DNS can be useful but it won’t be comprehensive by itself, so it should be part of a more holistic program.
Primary Group ID Attack in Active Directory: How to Defend Against Related Threats
April 27, 2021The Primary Group ID in Active Directory, created to help manage access to sensitive resources, has become a critical vulnerability that attackers can exploit to escalate privileges without leaving a ...
How to Stop the Kerberos Pre-Authentication Attack in Active Directory
April 27, 2021Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication.As part of the Kerberos authentication process in Active Directory, there is an in...
Crawling Is the Wrong Way To Do Attack Surface Mapping
March 23, 2021When analyzing methods to identify assets, crawling should be one tool in the toolbox, but not the only one. If you use crawling exclusively, you’ll likely miss a lot of assets.
What Is VPR and How Is It Different from CVSS?
April 16, 2020This blog series will provide an in-depth discussion of vulnerability priority rating (VPR) from a number of different perspectives. Part one will focus on the distinguishing characteristics of VPR th...
Am I Smart or Just Lucky? Understanding Your Process Integrity Risk with Tenable Lumin
January 27, 2020Business system risk and process integrity risk are two essential metrics for a mature risk-based vulnerability management practice. With new assessment maturity scoring, Tenable Lumin now gives you i...
Nessus Home Is Now Nessus Essentials
May 15, 2019We’ve given Nessus Home a refresh, and we’re excited to share with you the new and updated free vulnerability assessment solution, Nessus Essentials. As part of the Nessus family, Nessus Essentia...
Here Are the Answers to 16 Predictive Prioritization Questions
April 8, 2019Earlier this year, Tenable introduced Predictive Prioritization, a groundbreaking, data science-based process that re-prioritizes each vulnerability based on the likelihood it will be leveraged i...