Tenable Blog

With Tenable’s Nessus, security and compliance teams can audit and inventory devices and software to identify what is malicious, abnormal or out-of-compliance. However, do you ever need to pinpoint the offending system or software to its user?

At Tenable, we’ve heard from customers who are looking for a unified framework that enables multi-vendor, cross-platform network system collaboration among IT infrastructure, network policy, identity and access management, and other IT operations.

A critical vulnerability in bash (Bourne Again SHell) versions through 4.3, the default shell for many Linux and other Unix distributions (including Mac OS X), presents a critical security concern for network-attached devices that use bash, especially those with an attack vector that can be exploited remotely (e.g., web servers, SSH servers, and likely much more). The key focus is that the attacker has to have a remote interface that will call bash to exploit the vulnerability. The bigger concern is that in the Unix world, that includes a lot of services.

The Payment Card Industry has been shaken recently by numerous breaches that have successfully exploited malware on Point-of Sale (POS) systems to steal payment card data at retailers of all sizes around the country. Backoff and BlackPOS are two of the latest variations of memory scraping malware that targets POS systems and is responsible for the theft of cardholder data in over 1,000 organizations in the U.S. alone.

The security ramifications of the "Internet of Things" (IoT) is a hot topic lately. That’s not to say the security community has not been aware of this problem; and dealing with it for some time (or ignoring it as the case may be). Back in 2007 I wrote a book about hacking Linksys home-based routers. It gave me a look inside an embedded system and provided me the foundation to begin to analyze security of such devices. What I have found since then, and other security researchers have highlighted, is a bit frightening.

Should your board of directors be managing your security?

This is not a rhetorical question. Ensuring a good security posture requires that your board of directors and senior management are on board and support your efforts at securing corporate data.

Let’s pose a few questions:

Why you want your board of directors involved?

One fundamental reason is to provide ‘peace of mind’ to your board. Involving them fulfills their due diligence and demonstrates a standard of due care.