CTO Universe

Best Practices for Managing Vulnerabilities in the Cloud–Part 1

Prisma Clud

MAY 2, 2024

If you’ve ever questioned the importance of vulnerability management, consider these facts: 26,447 vulnerabilities were disclosed in 2023—1,500 more than in 2022. Three new vulnerabilities are discovered every 3 hours. Does your team have a plan to effectively manage vulnerabilities in the cloud?

Cloud

Cloud Serverless Applications System

Optimizing PCI compliance in financial institutions

CIO

JANUARY 4, 2024

This is where a Common Controls Assessment (CCA) can play a pivotal role. The CCA allows overarching enterprise functions and IT shared services to be assessed separately from the business unit’s products/applications that require PCI security compliance.

Compliance

Compliance Architecture Resources Authentication

Tenable Is Named a Leader in Vulnerability Risk Management by Independent Research Firm

Tenable

SEPTEMBER 20, 2023

“Tenable sets the tone for proactive security,” according to the Forrester Wave™: Vulnerability Risk Management, Q3 2023 Tenable was among 11 significant vendors evaluated by Forrester against 28 vulnerability risk management criteria and was found to be a Leader with the top score for both the current offering and strategy categories.

Research

Research Report Generative AI Programming

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Prisma Cloud: Darwin Release Introduces Code-to-Cloud Intelligence

Prisma Clud

OCTOBER 18, 2023

Code misconfigurations, insecure APIs, unpatched vulnerabilities, exposed secrets … the list goes on. This approach won’t scale — not when you consider that hackers can exploit new vulnerabilities within 15 minutes after they’re announced. They span a network of vendors, partners and open-source ecosystems.”

Software Review

Software Review Cloud Innovation Applications

How to make your web application more secure by using Interactive Application Security Testing (IAST) – PART 3 of Application Security Testing series

Xebia

JUNE 19, 2023

Lastly, we will have some fun by trying out the IAST solution of Contrast Security against a vulnerable Java application. It is even possible to break the build if there are security vulnerabilities found or compare results from different environments. Client-side code is not scanned for vulnerabilities.

Applications

Applications Testing How To Tools

Tenable Nessus Expands Attack Surface Coverage with Web Application Scanning

Tenable

AUGUST 30, 2023

Even then, it’s difficult to gain a complete picture from an array of siloed solutions, possibly leaving the organization exposed to unknown risks. What is needed is a fast, easy way to proactively find, prioritize and remediate vulnerabilities — on whatever attack surface they may be found.

Applications

Applications Study Open Source Report

Security Update for Ivanti Standalone Sentry

Ivanti

MARCH 20, 2024

We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards and industry best practices. As part of the continued hardening of our solutions, the Ivanti team in partnership with third-party researchers identified a new vulnerability. We are reporting it as CVE-2023-41724.

Research

Research Programming Meeting Resources

Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)

Tenable

FEBRUARY 13, 2024

5 Critical 66 Important 2 Moderate 0 Low Microsoft addresses 73 CVEs, including two zero-day vulnerabilities that were exploited in the wild. of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 21.9%. It was assigned a CVSSv3 score of 7.6 and is rated moderate.

LAN

LAN Windows Azure Internet

Master Cloud Computing Risks with a Proactive, End-to-End Approach

Prisma Clud

DECEMBER 7, 2023

Until now, Accenture leaned on an array of multivendor solutions, coupled with its expertise, innovation and custom-built automation, to give its clients a smooth and secure path to the public cloud. Misconfigurations and vulnerabilities, insecure APIs and other issues increase risk to the enterprise.

Cloud

Cloud Data Center Network Applications

Security Update for Ivanti Neurons for ITSM

Ivanti

MARCH 20, 2024

We continue to invest significant resources to ensure that all our solutions meet our own high standards and industry best practices. As part of our review and testing of our code, the internal Ivanti team discovered a new vulnerability in Ivanti Neurons for ITSM. We are reporting it as CVE-2023-46808.

Software Review

Software Review Cloud Programming Testing

Nessus 10.0: Vulnerability Assessment for Today’s Dynamic Environments

Tenable

NOVEMBER 2, 2021

Today’s challenging and dynamic environment demands a new approach to vulnerability assessment. . Here are five key elements to consider as you adapt your vulnerability assessment strategy to the new world of work: Portability is key. A vulnerability management solution needs to be made to move.

Compliance

Compliance Research Report Meeting

Attack Surface Risk, Challenges and Changes

Palo Alto Networks

MAY 16, 2023

As the number of connected devices and online services continues to grow, identifying all of these assets and potential vulnerabilities is a challenge. Expanding Use of Networking Equipment – VPNs are used as a protective component, but are often vulnerable to compromise.

Systems Review

Systems Review Software Review Internet Cloud

Tenable Bolsters Its Cloud Security Arsenal with Malware Detection

Tenable

MAY 1, 2024

Combined with its cutting-edge, agentless vulnerability-scanning technology, including its ability to detect anomalous behavior, this new capability makes Tenable Cloud Security a much more complete and effective solution. Tenable Cloud Security is enhancing its capabilities with malware detection. Read on to find out how.

Malware

Malware Cloud Linux Analysis

Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407)

Tenable

MARCH 12, 2024

2 Critical 57 Important 0 Moderate 0 Low Microsoft addresses 59 CVEs in its March 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities. of the vulnerabilities patched this month, followed by Remote code execution (RCE) at 30.5%. This vulnerability was assigned a CVSSv3 score of 8.1

Windows

Windows Azure Authentication Infrastructure

Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Ivanti

FEBRUARY 8, 2024

We have been following our product incident response process and rigorously assessing our products and code alongside world-class security experts and collaborating with the broader security ecosystem to share intelligence. These vulnerabilities do not impact any other Ivanti products or solutions. and 22.5R1.2) and 22.6R1.7).

Policies

Policies Technical Advisors Software Review Technical Review

Why Network Penetration Testing Is an Essential Cybersecurity Practice

Kaseya

AUGUST 24, 2023

Read on to understand the risks associated with not doing so and discover the one solution at the forefront of helping you stay vigilant. Businesses hire security experts who scan their networks for vulnerabilities and simulate realistic cyberattacks on their infrastructure to see if it is good enough to hold off real attempts.

Network

Network Testing Compliance Infrastructure

What Is Vulnerability Management? Definition, Process Steps, Benefits and More

Kaseya

JANUARY 25, 2024

Vulnerability management is a cybersecurity strategy that enables organizations to identify, prioritize and mitigate security risks across their IT environment on an ongoing basis. Without vulnerability management, businesses are susceptible to security attacks that can prove to be very costly. What is vulnerability management?

Weak Development Team

Weak Development Team Software Review Systems Review Hardware

What Is Vulnerability Management? Definition, Process Steps, Benefits and More

Kaseya

JANUARY 25, 2024

Vulnerability management is a cybersecurity strategy that enables organizations to identify, prioritize and mitigate security risks across their IT environment on an ongoing basis. Without vulnerability management, businesses are susceptible to security attacks that can prove to be very costly. What is vulnerability management?

Weak Development Team

Weak Development Team Software Review Systems Review Hardware

4 Use Cases for ServiceNow SecOps – VR, SIR, and TI

Perficient

DECEMBER 8, 2022

While there are many ways that a data breach can happen, the most common are phishing, email compromise, software vulnerability, compromised credentials, and insider threats. Proactive measures include Vulnerability Response (VR) and Configuration Compliance. 60% of breaches are due to unpatched vulnerabilities.

VR

VR Software Review Technical Review Systems Review

How to Perform Efficient Vulnerability Assessments with Tenable

Tenable

SEPTEMBER 12, 2023

Policy configuration choices in vulnerability assessment tools like Tenable Nessus, Tenable Security Center and Tenable Vulnerability Management enable security professionals to effectively gather data that can be analyzed to aid in prioritizing remediation. Three things to avoid when performing a scan 1.

Performance

Performance How To Policies Authentication

How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform

Tenable

FEBRUARY 29, 2024

Discover how purpose-built solutions for OT/IoT exposure management can help organizations enhance visibility, prioritize cybersecurity efforts and communicate cyber risk effectively across organizational silos. Data silos – As security organizations add point solutions to address specific security gaps, data becomes trapped in silos.

IoT

IoT How To Enterprise Organization

From Vulnerability Discovery to Remediation: How Tenable and HCL BigFix Can Help

Tenable

JUNE 30, 2021

Reducing the time required to move from vulnerability assessment to remediation is a never ending challenge for most organizations. Here's how the integration between Tenable and HCL BigFix can help you quickly correlate vulnerabilities and patches to reduce risk.

Systems Review

Systems Review Technical Review Organization Tools

Tenable Security Center Integration into Tenable One Delivers Full Exposure Management for On-Prem Customers

Tenable

MAY 9, 2023

The launch of the Tenable One Exposure Management Platform in October 2022 ushered in a new era of proactive, preventive cybersecurity for users of Tenable Vulnerability Management (formerly Tenable.io). Here’s what you need to know. This is an important step for defenders looking to take a proactive approach to exposure management.

Analysis

Analysis Analytics Cloud Programming

Level Up Your Cloud Security Strategy

Tenable

JANUARY 22, 2024

Jargon, acronyms, solutions, oh my! Additionally, cloud service providers (CSPs) like Amazon Web Services’ (AWS) Solution Architect certification , also provide comprehensive training. Resolution #2: Be less vulnerable Seemingly small vulnerabilities can open the door to costly attacks.

Cloud

Cloud Strategy Weak Development Team Policies

Journey to Containerized Workloads: Security Pitfalls and How To Dodge Them With Tenable Cloud Security

Tenable

SEPTEMBER 6, 2023

As companies adopt containers in the cloud, they often unwittingly adopt vulnerabilities along the way. When using prebuilt public images, it can be unclear if the image has been recently maintained, if it meets your company’s security requirements or if it has been compromised with hidden vulnerabilities.

Cloud

Cloud How To Policies DevOps

Top DevSecOps Tools for 2023 to Move Your Security Left

Perficient

JANUARY 27, 2023

Static code analysis: The suite includes a static code analyzer that can find and report on potential bugs, security vulnerabilities, and coding standards violations in your code. Clair Clair is an open-source tool developed by CoreOS that is used to find vulnerabilities in container images.

Tools

Tools Software Review Open Source SDLC

How To Secure Your IT, OT and IoT Assets With an Exposure Management Platform: Complete Visibility with Asset Inventory and Discovery

Tenable

MARCH 20, 2024

This creates the need for specialized solutions tailored to specific enterprise requirements. Maintain an inventory of assets and risk details Asset details play a key role in supporting various functions across the organization, but are vital to effectively scale prioritization and remediation of security risks.

IoT

IoT How To Network Tools

Building Resilient OT Environments: Safeguards for Electric Utilities

Tenable

JANUARY 9, 2024

Organizations that adopt the latest vulnerability management best practices will be best prepared to reduce risk and mitigate possible damage. The convergence of legacy systems with newer architectures creates a web of vulnerabilities within utility infrastructures susceptible to malware and cyberattacks.

Energy

Energy Malware Infrastructure Industry

CISA and NSA Release Top 10 Cybersecurity Misconfigurations: How Tenable Can Help

Tenable

OCTOBER 19, 2023

Read this blog to learn more and see how Tenable technologies can help discover, prevent and remediate these misconfigurations. This advisory underscores the fundamental need for organizations to have good cyber hygiene that addresses misconfigurations and vulnerabilities.

Software Review

Software Review Systems Review Technical Review Network

What Is the Lifespan of a Vulnerability?

Tenable

JUNE 8, 2020

In the second of our three-part series on persistent vulnerabilities, Tenable Research examines survival data to assess how effectively traditional remediation tactics are combating the attacker's advantage. . Last week, we unveiled a new report from Tenable Research which explores the issue of common persistent vulnerabilities.

Trends

Trends Research Analysis Organization

How Better DEX Benefits People + Performance: 3 Key Use Cases

Ivanti

FEBRUARY 9, 2024

Adopting a digital employee experience (DEX) solution delivers benefits for everyone in an organization, from the C-suite on down. A DEX solution provides contextual insights and intelligent automation capabilities that allow an IT team to proactively detect and resolve security vulnerabilities and other IT issues.

Performance

Performance Metrics Study Organization

Ivanti Secure Access CVE-2023-38041

Ivanti

OCTOBER 20, 2023

At Ivanti, we are committed to delivering innovative, high-quality and secure solutions for our customers. We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards. We encourage customers to download the latest releases of ISAC 22.6R1 (Windows) - to remediate the issues.

Windows

Windows Innovation Programming Meeting

Prevent multicloud risks with new Lacework enhancements

Lacework

OCTOBER 24, 2023

Today, Lacework is extending its mission to provide teams with unified visibility of assets, misconfigurations, vulnerabilities, secrets, threats, and anomalous activity for all their cloud deployments. This dramatically simplifies policy management and improves accuracy of security and compliance assessments.

Google Cloud

Google Cloud Weak Development Team Azure Windows

CVE-2023-35078 - New Ivanti EPMM Vulnerability

Ivanti

JULY 24, 2023

We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards. A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9

Mobile

Mobile Internet Resources Meeting

IDC Ranks Tenable Number One in the Worldwide Vulnerability Management Market Share for 2019

Tenable

JUNE 3, 2020

IDC’s first-ever market share report for the worldwide device vulnerability management market ranks Tenable as #1 in market share for 2019 and credits the company for extending its reach far beyond vulnerability management. Instead, security teams must understand the full context of each vulnerability. CVSS alone is failing you.

Marketing

Marketing Machine Learning Artificial Inteligence Research

Streamline Risk Management with Context-Based Risk Prioritization

Prisma Clud

NOVEMBER 9, 2023

The tools might, for example, provide data about vulnerabilities, overly permissive credentials and intrusion attempts, but this information, presented as individual data points, has little value. Teams need the ability to assess potential threat pathways before threat actors can exploit them.

Weak Development Team

Weak Development Team Software Review Cloud Compliance

Cut Through the Marketing Hype: Determine Which Vulnerability Assessment Tool Is Right for Your Organization?

Tenable

JULY 14, 2021

Not all scanning solutions are created equal…. The vulnerability assessment market has changed dramatically over the past several years. The problem is, there's no one clear definition of what it means to assess and manage vulnerabilities. Of course, the vulnerability assessment solution, itself, isn't enough.

Organization

Organization Marketing Tools Research

Introducing Tenable Cloud Security Agentless Assessment for Microsoft Azure

Tenable

MAY 3, 2023

Tenable Cloud Security users now can quickly connect their Azure cloud accounts to perform cloud security posture management, including scanning for security vulnerabilities, misconfigurations and compliance. For years, thousands of customers have relied on Tenable to help them scan and manage vulnerabilities in their cloud infrastructure.

Azure

Azure Cloud Weak Development Team Policies

Tenable Rated Highest Among 'Customers’ Choice' Vendors in Product Capabilities in the 2020 Gartner Peer Insights 'Voice of the Customer' Report

Tenable

JULY 13, 2020

The report analyzes more than 555 reviews and ratings in the vulnerability assessment market in the 12-month period ending Feb. out of 5 stars in the 2020 Gartner Peer Insights "Voice of the Customer": Vulnerability Assessment report. Reducing Cyber Exposure Through Tenable Solutions".

Report

Report Systems Review Transportation Systems Administration

Why You Need to Stop Using CVSS for Vulnerability Prioritization

Tenable

APRIL 27, 2020

Most cybersecurity teams rely on the Common Vulnerability Scoring System (CVSS) to prioritize their vulnerability remediation efforts. But, they fail to realize that CVSS is an outdated, ineffective method that causes them to waste the majority of their valuable time on vulnerabilities that pose little to no risk.

Machine Learning

Machine Learning Artificial Inteligence Research Policies

Identities: The Connective Tissue for Security in the Cloud

Tenable

NOVEMBER 27, 2023

When implementing and configuring a cloud security solution, it’s easy to get overwhelmed by the sheer volume of “things” to monitor. Cloud security teams must manage each resource's service identity, as well as scan them for vulnerabilities and misconfigurations.

Cloud

Cloud DevOps Software Review Infrastructure

How to Identify Your Organization’s Attack Surface

Ivanti

OCTOBER 5, 2023

More specifically, you must identify what lurks below the surface — the endpoints, vulnerabilities and other attack vectors that expose your environment. Each area focuses on a specific use case: CAASM for assets and vulnerabilities, EASM for external assets and DRPS for digital assets.

How To

How To Technical Review Systems Review IoT

Security updates for Ivanti Connect Secure and Ivanti Policy Secure

Ivanti

DECEMBER 4, 2023

At Ivanti, we are committed to delivering innovative, high-quality and secure solutions for our customers. We continue to invest significant resources to ensure that all our solutions continue to meet our own high standards. We encourage customers to download the latest releases of ICS and IPS to remediate the issues.

Policies

Policies Innovation Programming Meeting

Why IT leaders are putting more business spin on security spend

CIO

APRIL 13, 2023

To better focus security spend, some chief information security officers (CISOs) are shifting their risk assessments from IT systems to the data, applications, and processes that keep the business going. “If As a result, they use benchmarks as a rough guide to budgeting, relying primarily on their own risk assessments.

Security

Security Budget Firewall Tools

Best Practices for Managing Vulnerabilities in the Cloud–Part 1

Optimizing PCI compliance in financial institutions

Webinars

Trending Sources

Tenable Is Named a Leader in Vulnerability Risk Management by Independent Research Firm

Webinars

Prisma Cloud: Darwin Release Introduces Code-to-Cloud Intelligence

How to make your web application more secure by using Interactive Application Security Testing (IAST) – PART 3 of Application Security Testing series

Tenable Nessus Expands Attack Surface Coverage with Web Application Scanning

Security Update for Ivanti Standalone Sentry

Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412)

Master Cloud Computing Risks with a Proactive, End-to-End Approach

Security Update for Ivanti Neurons for ITSM

Nessus 10.0: Vulnerability Assessment for Today’s Dynamic Environments

Attack Surface Risk, Challenges and Changes

Tenable Bolsters Its Cloud Security Arsenal with Malware Detection

Microsoft’s March 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-21407)

Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways

Why Network Penetration Testing Is an Essential Cybersecurity Practice

What Is Vulnerability Management? Definition, Process Steps, Benefits and More

What Is Vulnerability Management? Definition, Process Steps, Benefits and More

4 Use Cases for ServiceNow SecOps – VR, SIR, and TI

How to Perform Efficient Vulnerability Assessments with Tenable

How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform

From Vulnerability Discovery to Remediation: How Tenable and HCL BigFix Can Help

Tenable Security Center Integration into Tenable One Delivers Full Exposure Management for On-Prem Customers

Level Up Your Cloud Security Strategy

Journey to Containerized Workloads: Security Pitfalls and How To Dodge Them With Tenable Cloud Security

Top DevSecOps Tools for 2023 to Move Your Security Left

How To Secure Your IT, OT and IoT Assets With an Exposure Management Platform: Complete Visibility with Asset Inventory and Discovery

Building Resilient OT Environments: Safeguards for Electric Utilities

CISA and NSA Release Top 10 Cybersecurity Misconfigurations: How Tenable Can Help

What Is the Lifespan of a Vulnerability?

How Better DEX Benefits People + Performance: 3 Key Use Cases

Ivanti Secure Access CVE-2023-38041

Prevent multicloud risks with new Lacework enhancements

CVE-2023-35078 - New Ivanti EPMM Vulnerability

IDC Ranks Tenable Number One in the Worldwide Vulnerability Management Market Share for 2019

Streamline Risk Management with Context-Based Risk Prioritization

Cut Through the Marketing Hype: Determine Which Vulnerability Assessment Tool Is Right for Your Organization?

Introducing Tenable Cloud Security Agentless Assessment for Microsoft Azure

Tenable Rated Highest Among 'Customers’ Choice' Vendors in Product Capabilities in the 2020 Gartner Peer Insights 'Voice of the Customer' Report

Why You Need to Stop Using CVSS for Vulnerability Prioritization

Identities: The Connective Tissue for Security in the Cloud

How to Identify Your Organization’s Attack Surface

Security updates for Ivanti Connect Secure and Ivanti Policy Secure

Why IT leaders are putting more business spin on security spend

Stay Connected