Tenable Blog

I am often asked, “How can I be more productive and get better results from my vulnerability scans?” This question could be the result of a failed audit, network outage or breach that was previously undetected. Traditionally, vulnerability scanning may consume a large amount of resources. Vulnerability scanning is also often perceived as being disruptive and intrusive to the environment. The Tenable.io Credentialed Scan Failures report can assist you and your organization in making better, more informed decisions on how to improve your vulnerability management program.

For anyone who has followed the the Verizon Data Breach Investigations Report (DBIR) through its many iterations, the findings for 2017 come as no surprise. Credentials theft, phishing and ransomware remain the top attack vectors, and the best defense is still to focus on the basics of cyber hygiene with the goal of achieving cyber operational excellence across the organization.

On May 1, 2017 Intel disclosed the AMT vulnerability (INTEL-SA-00075), but details of that vulnerability were not made public. However, Tenable researchers were able to overcome this challenge and make Tenable the first to deliver Intel AMT vulnerability detection capabilities to customers, just minutes after Intel’s announcement yesterday.

The new Python SDK for Tenable.io™ was designed to easily enable powerful integrations with the Tenable.io API. The aim of this blog is to demonstrate how to get the SDK up and running, launch an external network scan against one of your publicly exposed assets, then export the results in a convenient PDF file in only four lines of Python.

The SDK is designed to easily enable powerful integrations with the Tenable.io API

According to Forrester¹, software vulnerabilities are the leading method of external intrusion in a breach. This problem will continue to grow, as the sheer number and types of IT assets increase, including cloud, IoT, mobile, and containers. Organizations must deploy security solutions that have the ability to protect the full asset landscape if they are seeking an accurate understanding of their cyber exposure.