CTO Universe

Strengthening the Nessus Software Supply Chain with SLSA

Tenable

APRIL 16, 2024

You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. At Tenable, protecting our software supply chain is a top priority. Let’s look more closely at each one of these elements.

Software Review

Software Review Software Systems Review Guidelines

Tenable Announces Support for Microsoft Azure Linux: A New Way to Achieve Secure Container Development

Tenable

MAY 24, 2023

In this blog, we explain key features of Azure Linux and how Tenable can support the security needs of Microsoft customers. Microsoft Azure Linux is a newly launched container host that provides reliability and consistency from cloud to edge across the Azure Kubernetes Service (AKS), AKS-HCI, and Azure Arc products.

Linux

Linux Azure Development DevOps

Cybersecurity Snapshot: Cyber Pros Say How AI Is Changing Their Work, While the FBI Reports Ransomware Hit Critical Infrastructure Hard in 2023

Tenable

MARCH 8, 2024

Phobos ransomware hitting critical infrastructure, emergency services And we’re returning to the topic of how ransomware gangs have their sights set on critical infrastructure targets. The chart below shows the percentage of cybersecurity pros that support more than one functional area. What’s new? For starters, version 2.0

Infrastructure

Infrastructure Report Software Review Artificial Intelligence

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Mind the Gap: How Existing Vulnerability Frameworks Can Leave an Organization Exposed

Tenable

MAY 9, 2023

This is the second of a four-part series examining the period of time between when a vulnerability is first discovered and when it is fully disclosed on the National Vulnerability Database. In this installment, we explore how common industry frameworks leave security teams with blind spots — and discuss how Tenable can help.

Organization

Organization Research Linux Software

CVE-2022-37958: FAQ for Critical Microsoft SPNEGO NEGOEX Vulnerability

Tenable

DECEMBER 21, 2022

Valentina Palmiotti, a security researcher on IBM Security’s X-Force Red team discovered that CVE-2022-37958 could lead to RCE. Microsoft re-evaluated the vulnerability and changed its classification from Information Disclosure to RCE, its severity to Critical and assigned a CVSSv3 score of 8.1 Why did its classification change?

Windows

Windows SMB Authentication Research

Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security

Tenable

APRIL 19, 2024

AI developers offer little transparency into their work, especially in areas like training data and methods, which makes it difficult to evaluate the safety of their systems. CIS Benchmarks are secure-configuration guidelines for hardening products against cyberattacks. Incidents of malicious AI use are rising quickly. CIS MariaDB 10.6

Artificial Inteligence

Artificial Inteligence Trends Technical Advisors Analysis

Are You Ready for the Next Log4Shell? Tenable’s CSO and CIO Offer Their Advice

Tenable

DECEMBER 6, 2022

Tenable CIO Patricia Grant and CSO Robert Huber share insights and best practices to help IT and cybersecurity leaders and their teams weather the next cyber crisis of Log4j proportions. Now, the one-year anniversary of the earth-shaking Log4j event offers an opportunity to take stock and ponder key questions, such as: “What did we learn?”

Policies

Policies Software Exercises Organization

Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action

Tenable

APRIL 12, 2024

Tenable CEO and Chairman Amit Yoran said in a statement that it’s not surprising to learn that Midnight Blizzard’s intrusion campaign escalated after its initial discovery. One fourth of respondents view AI as more advantageous for attackers. All impacted federal agencies have been notified.

Generative AI

Generative AI Malware Trends Government

Patch Tuesday’s Impact on Cybersecurity Over the Years

Tenable

DECEMBER 22, 2022

Source: Tenable Research, December 2022. Source: Tenable Research, December 2022. Rather than grouping sets of vulnerabilities according to affected products, the Update Guides are provided for each vulnerability individually. Source: Tenable Research, December 2022. Tenable’s Patch Tuesday workflow.

Weak Development Team

Weak Development Team Metrics Research Systems Review

How to Choose an OT Cybersecurity Solution Vendor

Tenable

NOVEMBER 4, 2021

As cyberattacks in critical infrastructure, such as those on the Colonial Pipeline, make headlines, cybersecurity experts must address the risk that this esoteric environment poses to their company. Investors, board members, customers and employees rely on their cybersecurity managers to protect them. is a leader. .

Systems Review

Systems Review Development Team Review Technical Review Software Review

Cybersecurity Snapshot: Cyber Engineers and Architects Saw Salaries Spike in 2022

Tenable

FEBRUARY 24, 2023

compared with 2021, which ranks sixth on the list of fastest-growing tech salaries by occupation Among certifications, CompTIA Security+ was the most popular cybersecurity one, ranking third on the list of technical certifications with 16% of respondents having it The average tech salary across all roles grew 2.3%

Security

Security Engineering Technical Review IoT

Cybersecurity Snapshot: U.S. Gov’t Revises, Seeks Input on Security Assessment Questionnaire for Software Vendors

Tenable

NOVEMBER 24, 2023

government will evaluate the security practices of its software vendors – and offer your two cents. CISA has just updated a draft of the “ Secure Software Development Attestation Form ,” which it initially published in April – and is requesting feedback on it. Dive into six things that are top of mind for the week ending November 24.

Software Review

Software Review Software Insurance Software Development

Cybersecurity Snapshot: CISOs Value Prevention Over Response, While CISA Urges Cyber Teams To Prep for Quantum Attacks

Tenable

AUGUST 25, 2023

3 – CISA to AI vendors: Put security at the heart of your software Artificial intelligence tools are, at their core, software products, and as such their developers must build them secure by design. To get all the details, read the joint alert , announcement and factsheet , and visit CISA’s “ Post-Quantum Cryptography Initiative ” homepage.

Malware

Malware Artificial Inteligence Open Source Artificial Intelligence

The benefit of seniority ought to be bandwidth

David Heinemeier Hansson

JANUARY 22, 2024

Juniors are judged on effort, seniors are judged on outcomes. That’s a common and useful heuristic for evaluating employees. It neatly separates productivity from effectiveness, and places a premium on the latter. The best of them all encompass the ideal of being managers of one. That’s not tenable.

Organization

Mind the Gap: A Closer Look at the Vulnerabilities Disclosed in 2022

Tenable

MAY 9, 2023

In this installment, we take a closer look at the vulnerabilities disclosed in 2022 — and discuss how Tenable can help. It is necessary to look at the results of observation objectively, because you, the experimenter, might like one result better than another —Richard P. The CVE database is managed by MITRE.

Research

Research Organization Analysis Fashion

How to Make the Most of Your Nessus Trial

Tenable

OCTOBER 1, 2020

In this post we'll take an in-depth look at what you can do with Nessus during your trial to get the most out of your evaluation. Getting started: Tenable Community. Beginning your Nessus Professional trial requires creating a Tenable Community account before you install the software. Why is this important?

Software Review

Software Review How To Policies Network

Cybersecurity Snapshot: Cyber Pros Taxed by Overwork, Understaffing and Lack of Support, as Stress Takes a Toll

Tenable

SEPTEMBER 8, 2023

50 respondents polled by Tenable, August 2023) (34 respondents polled by Tenable, August 2023) (92 respondents polled by Tenable, August 2023) For more information about OT cybersecurity, check out these Tenable videos: Tenable.ot Security Spotlight - Episode 1: The Ransomware Ecosystem Tenable.ot

Technical Review

Technical Review Systems Review Software Review Survey

Cybersecurity Snapshot: Log4j Anniversary, CI/CD Risks, Infostealers, Email Attacks, OT Security

Tenable

DECEMBER 9, 2022

1 - One year after Log4j crisis, what have we learned? One year later, we’ve learned from recently released Tenable telemetry research that Log4j’s Log4Shell remains very much an issue. One year later, we’ve learned from recently released Tenable telemetry research that Log4j’s Log4Shell remains very much an issue.

Software Review

Software Review SMB Malware Development Team Review

Cybersecurity Snapshot: ChatGPT-like Tools Will Boost Developers’ Speed – and Amplify Cyber Risk

Tenable

JULY 7, 2023

1 – McKinsey: Generative AI will empower developers, but mind the risks Generative AI tools like ChatGPT will supercharge software developers’ productivity, but organizations must be aware of and mitigate the AI technology’s security and compliance risks. Dive into six things that are top of mind for the week ending July 7.

ChatGPT

ChatGPT Generative AI Tools Software Review

Cut Through the Marketing Hype: Determine Which Vulnerability Assessment Tool Is Right for Your Organization?

Tenable

JULY 14, 2021

The problem is, there's no one clear definition of what it means to assess and manage vulnerabilities. And of those that do, there's certainly no universal agreement on the best way to quantify that risk, which leads to muddled attempts to effectively prioritize remediation efforts. Not all vendors take a risk-based approach.

Organization

Organization Marketing Tools Research

Thank You to Our Customers: Tenable Recognized as a March 2019 Gartner Peer Insights Customers’ Choice

Tenable

MARCH 20, 2019

Thank you to all the customers who took the time to share your experience working with Tenable, and for trusting us to help you understand and reduce your cybersecurity risk. At Tenable, our customers are at the heart of what we do. Of those reviewers, 130 customers gave Tenable five out of five stars!

Security

Security Systems Review Technical Review Software Review

How Organizations Can Reduce the Economic Incentives of Vulnerabilities

Tenable

JUNE 10, 2020

In the last of our three-part series, Tenable Research evaluates the prevalence of vulnerabilities across the global population, as well as the implications of those findings on attackers' economic incentives. This is the third and final installment of our blog series on persistent vulnerabilities and their causes.

Organization

Organization Research Internet Strategy

Cybersecurity Snapshot: Insights on Hive Ransomware, Supply Chain Security, Risk Metrics, Cloud Security

Tenable

NOVEMBER 25, 2022

For more information, watch this video by Justin Hall, a senior research manager at Tenable: To learn more about Hive and ransomware in general, check out these resources: “ Hive claims ransomware attack on Tata Power, begins leaking data ” (Bleeping Computer). Product evaluation. Functional testing.

Metrics

Metrics Cloud Backup Software Review

Cybersecurity Snapshot: Tips for cloud configs, MSP vetting, CISO board presentations

Tenable

OCTOBER 28, 2022

Cybersecurity and Infrastructure Security Agency (CISA) released a set of recommended configuration baselines for the Microsoft 365 product suite. . More resources on cloud configuration best practices: “ Hardening and monitoring cloud configuration ” (SC Magazine). Recently, the U.S. Don’t enable anonymous users to start meetings.

Cloud

Cloud Malware Spyware Authentication

Cybersecurity Snapshot: GenAI Drives Broader Use of Artificial Intelligence Tech for Cyber

Tenable

OCTOBER 27, 2023

That’s one key finding of the “ State of Cybersecurity 2024 ” report from the Computing Technology Industry Association (CompTIA), which polled 511 U.S. This fact sheet will assist with better management of risk from OSS use in OT products and increase resilience using available resources,” reads the document.

Artificial Inteligence

Artificial Inteligence Artificial Intelligence Technical Review Backup

You’ve Migrated Business-Critical Functions to the Cloud…Now What?

Tenable

APRIL 20, 2022

A study commissioned by Tenable and conducted by Forrester Consulting found that, prior to the pandemic, 31% of business and security leaders had moved business-critical functions to the cloud and 48% had moved non -critical functions. Source: A commissioned study conducted by Forrester Consulting on behalf of Tenable, April 2021.

Technical Review

Technical Review Cloud Systems Review Software Review

Coding from Home: 6 Simple Hacks for Boosting Your Productivity

Tenable

APRIL 28, 2020

Working from home poses distinct challenges for engineers who rely on sustained periods of focus. Here are some survival tips from one of Tenable’s senior software engineers for staying productive in a busy household. Tenable has embraced remote work culture for many years now. and Canada. and Canada.

Games

Games Software Engineering Engineering Virtualization

What You Need to Know About Vulnerability Management Best Practices

Tenable

JUNE 19, 2019

How can CISOs and their cybersecurity teams incorporate Tenable’s Predictive Prioritization capability and the Vulnerability Priority Rating into their vulnerability management strategy? The Tenable team offers some best practices. to help security teams focus on what matters most. and Tenable.io

Malware

Malware Internet Network Authentication

Cybersecurity Snapshot: 6 Things That Matter Right Now

Tenable

SEPTEMBER 9, 2022

Guidance for evaluating IoT security tools. This new guide reflects lessons learned from recent major supply chain attacks, like the one against SolarWinds, and from the discovery of the Log4Shell vulnerability. Establishing how vulnerabilities in the product will be handled throughout its lifecycle. Source code evaluation.

Security

Security IoT Open Source Linux

Cybersecurity Snapshot: 6 Things That Matter Right Now

Tenable

AUGUST 26, 2022

A roundup of patches, trends and incidents to keep an eye on. Expect cloud workload security offerings to evolve from being siloed products into becoming integrated components of broader security and IT platforms in the next two years. billion globally on cloud workload security software in 2026, up from $2.2 And much more!

Weak Development Team

Weak Development Team Software Review Technical Review Budget

What Is IaC and Why Does It Matter to the CISO?

Tenable

FEBRUARY 1, 2022

Investing in an IaC strategy boosts the overall productivity of a business while maintaining security posture. Additionally, with cloud systems, development teams can improve security, speed and software testing, increase productivity and efficiency, reduce costs and improve delivery. And IaC provides the mechanism to do it.

Software Review

Software Review DevOps Infrastructure Scalability

Spotlight on France: COVID-19 Response Reveals a Disconnect Between Cybersecurity and the Business

Tenable

NOVEMBER 9, 2020

The study, The Rise of the Business-Aligned Security Executive - a Spotlight on French Organizations, was conducted by Forrester Consulting on behalf of Tenable. . Meanwhile, 90% of French organizations have experienced at least one business-impacting 1 cyberattack in the past 24 months and 40% have experienced five or more.

Study

Study IoT Strategy Report

Spotlight on Germany: A Business-Cyber Disconnect Puts Organizations at Risk

Tenable

NOVEMBER 9, 2020

The self-reported data is drawn from The Rise of the Business-Aligned Security Executive — a Spotlight on German Organizations. The commissioned study of 103 business and cybersecurity leaders in Germany was conducted by Forrester Consulting on behalf of Tenable. . And the concerns extend beyond remote employees.

Organization

Organization Study Report Strategy

5 Tech Support Factors to Look for When Choosing a VM Solution

Tenable

AUGUST 5, 2019

In my experience running Technical Support for Tenable, I’ve gained valuable insight into what makes a strong vendor/customer relationship. But, after making a critical decision for your security infrastructure, after the product is installed, Technical Support is where the rubber meets the road. Full-time technical support engineers.

Technical Support

Technical Support Knowledge Base Engineering Training

Cybersecurity Pros Face Significant Challenges with OT Security: Ponemon Report

Tenable

APRIL 5, 2019

A new report from Ponemon Institute and Tenable reveals that 62% of organizations in industries relying on operational technology experienced two or more business-impacting cyber attacks in the past 24 months. Source: Cybersecurity in Operational Technology: 7 Insights You Need To Know , Ponemon Institute and Tenable, April 2019.

Report

Report Survey Systems Review Technical Review

Learn the Language of Vulnerability Assessment: Key Security Terms You Should Know

Tenable

FEBRUARY 22, 2021

Some may only have minor negative effects on performance or affect only a small portion of the network. Arguably the best-known measurement for evaluating these threats is the Common Vulnerability Scoring System (CVSS), 1 a scale devised by the Forum of Incident Response and Security Teams (FIRST) cybersecurity organization.

Malware

Malware Spyware Compliance Network

Spotlight on Mexico: It's Time for Cyber and Business Leaders to Align

Tenable

NOVEMBER 9, 2020

With cyberattacks on the rise, a new study shows how a disconnect between cyber and business executives is putting organizations in Mexico at risk. . The data is drawn from The Rise of the Business-Aligned Security Executive — a Spotlight on Mexican Organizations. Identity theft (29%). Loss of employee data (28%).

Study

Study Survey Metrics Malware

Metrics and Maturity: Benchmarking Your Cyber Exposure Over Time

Tenable

APRIL 23, 2019

The constant changes taking place in your attack surface represent the biggest challenge in achieving an accurate evaluation of your risk reduction over time. It’s also worth monitoring three KPIs most often used to measure the financial consequences of a cyber attack: loss of revenue; loss of productivity; and. Taming the Scope.

Metrics

Metrics Technical Review Software Review Systems Review

Testing Failure Scenarios With Feature Flags

LaunchDarkly

MAY 23, 2019

One of the most important considerations when designing a system is its capacity to handle failures. However, when it comes to designing for failure, one hurdle is ensuring its testability. One of these was to isolate our data exporting functionality into a separate service. The most obvious way to test this is manually.

Testing

Testing Quality Assurance System Architecture

AWS Access Analyzer Just Got Better, So Did Tenable Cloud Security

Tenable

NOVEMBER 27, 2023

Tenable Cloud Security allows you to easily use this API as part of its code scanning functionality. With an SCP, you can set a limit on the potential permissions given to identities within an account (it’s evaluated as part of AWS’s policy evaluation logic ). Find out how and why it’s important.

AWS

AWS Cloud Policies Software Review

Tenable Wrapped: A Look Back at Our Industry Recognition in 2023

Tenable

DECEMBER 18, 2023

Respected analyst firms and industry experts once again validated the exceptional quality, innovation and performance of Tenable products. Tenable is wrapping up another year with an impressive collection of milestones, awards and recognitions from some of the most demanding and rigorous analysts and industry experts.

Security

Security Industry Analysis Innovation

Thank You to Our Customers: Tenable Recognized as a March 2019 Gartner Peer Insight Customers’ Choice

Tenable

MARCH 20, 2019

Thank you to all the customers who took the time to share your experience working with Tenable, and for trusting us to help you understand and reduce your cybersecurity risk. At Tenable, our customers are at the heart of what we do. Of those reviewers, 130 customers gave Tenable five out of five stars!

Security

Security Systems Review Technical Review Software Review

Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We Left Out

Tenable

MARCH 11, 2022

One of them — CVE-2020-1472, aka Zerologon — even carried over to the 2021 top five). On the other hand, 2021 was more about clusters of vulnerabilities that illustrated the cybersecurity landscape. On the other hand, 2021 was more about clusters of vulnerabilities that illustrated the cybersecurity landscape. Tenable VPR *.

Windows

Windows Groups LAN Authentication

How to Audit Microsoft Azure with Tenable Solutions

Tenable

NOVEMBER 26, 2019

Let's walk through how to audit Azure with Tenable. Previously, compliance support in Tenable products was limited to the items and capabilities offered in the TNS Azure Best Practice audit files. Below is a closer view of one of the results. The plugin requires one of two supported credential sets. Check Overview.

Azure

Azure How To Authentication Compliance

Strengthening the Nessus Software Supply Chain with SLSA

Tenable Announces Support for Microsoft Azure Linux: A New Way to Achieve Secure Container Development

Webinars

Trending Sources

Cybersecurity Snapshot: Cyber Pros Say How AI Is Changing Their Work, While the FBI Reports Ransomware Hit Critical Infrastructure Hard in 2023

Webinars

Mind the Gap: How Existing Vulnerability Frameworks Can Leave an Organization Exposed

CVE-2022-37958: FAQ for Critical Microsoft SPNEGO NEGOEX Vulnerability

Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security

Are You Ready for the Next Log4Shell? Tenable’s CSO and CIO Offer Their Advice

Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action

Patch Tuesday’s Impact on Cybersecurity Over the Years

How to Choose an OT Cybersecurity Solution Vendor

Cybersecurity Snapshot: Cyber Engineers and Architects Saw Salaries Spike in 2022

Cybersecurity Snapshot: U.S. Gov’t Revises, Seeks Input on Security Assessment Questionnaire for Software Vendors

Cybersecurity Snapshot: CISOs Value Prevention Over Response, While CISA Urges Cyber Teams To Prep for Quantum Attacks

The benefit of seniority ought to be bandwidth

Mind the Gap: A Closer Look at the Vulnerabilities Disclosed in 2022

How to Make the Most of Your Nessus Trial

Cybersecurity Snapshot: Cyber Pros Taxed by Overwork, Understaffing and Lack of Support, as Stress Takes a Toll

Cybersecurity Snapshot: Log4j Anniversary, CI/CD Risks, Infostealers, Email Attacks, OT Security

Cybersecurity Snapshot: ChatGPT-like Tools Will Boost Developers’ Speed – and Amplify Cyber Risk

Cut Through the Marketing Hype: Determine Which Vulnerability Assessment Tool Is Right for Your Organization?

Thank You to Our Customers: Tenable Recognized as a March 2019 Gartner Peer Insights Customers’ Choice

How Organizations Can Reduce the Economic Incentives of Vulnerabilities

Cybersecurity Snapshot: Insights on Hive Ransomware, Supply Chain Security, Risk Metrics, Cloud Security

Cybersecurity Snapshot: Tips for cloud configs, MSP vetting, CISO board presentations

Cybersecurity Snapshot: GenAI Drives Broader Use of Artificial Intelligence Tech for Cyber

You’ve Migrated Business-Critical Functions to the Cloud…Now What?

Coding from Home: 6 Simple Hacks for Boosting Your Productivity

What You Need to Know About Vulnerability Management Best Practices

Cybersecurity Snapshot: 6 Things That Matter Right Now

Cybersecurity Snapshot: 6 Things That Matter Right Now

What Is IaC and Why Does It Matter to the CISO?

Spotlight on France: COVID-19 Response Reveals a Disconnect Between Cybersecurity and the Business

Spotlight on Germany: A Business-Cyber Disconnect Puts Organizations at Risk

5 Tech Support Factors to Look for When Choosing a VM Solution

Cybersecurity Pros Face Significant Challenges with OT Security: Ponemon Report

Learn the Language of Vulnerability Assessment: Key Security Terms You Should Know

Spotlight on Mexico: It's Time for Cyber and Business Leaders to Align

Metrics and Maturity: Benchmarking Your Cyber Exposure Over Time

Testing Failure Scenarios With Feature Flags

AWS Access Analyzer Just Got Better, So Did Tenable Cloud Security

Tenable Wrapped: A Look Back at Our Industry Recognition in 2023

Thank You to Our Customers: Tenable Recognized as a March 2019 Gartner Peer Insight Customers’ Choice

Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We Left Out

How to Audit Microsoft Azure with Tenable Solutions

Stay Connected