Tenable Research Podcast

EXPLORE

Society & Culture

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/d6/b4/80/d6b480b6-65ed-0c2a-1c8b-1d71ab51a3ed/mza_9254674591005467724.jpg/600x600bb.jpg

Tenable Research Podcast

Tenable Research

37 episodes

8 months ago

This month we talked to Tenable’s director of research product management Ray Carney and Eric Hoffman, director of partnerships and alliances at Greynoise, about the formation of a new research alliance program. Announced in mid October, this is intended to facilitate collaboration and information sharing between industry partners, and support best-practice coordinated vulnerability disclosure in order to promote increased cooperation in order to reduce an attacker's free time. Follow along...

Show more...

All content for Tenable Research Podcast is the property of Tenable Research and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

This month we talked to Tenable’s director of research product management Ray Carney and Eric Hoffman, director of partnerships and alliances at Greynoise, about the formation of a new research alliance program. Announced in mid October, this is intended to facilitate collaboration and information sharing between industry partners, and support best-practice coordinated vulnerability disclosure in order to promote increased cooperation in order to reduce an attacker's free time. Follow along...

Show more...

Episodes (20/37)

Tenable Research Podcast

Research Alliance Program - Shared Intelligence and Insight

This month we talked to Tenable’s director of research product management Ray Carney and Eric Hoffman, director of partnerships and alliances at Greynoise, about the formation of a new research alliance program. Announced in mid October, this is intended to facilitate collaboration and information sharing between industry partners, and support best-practice coordinated vulnerability disclosure in order to promote increased cooperation in order to reduce an attacker's free time. Follow along...

3 years ago

30 minutes

Tenable Research Podcast

What is Exposed Externally That You’re Unaware Of, What Can Attackers See - and How to Manage Your Exposure

After we discussed the concept of Exposure Management on our last podcast, this time we welcome back Tenable’s senior principal security advocate Nathan Wenzler to discuss the concept of how you can determine your level of exposure, what has led to this level of vulnerability, and what options are available to you to better manage this. Follow along for more from Tenable Research: Subscribe to the blogFollow Tenable's Zero Day team on Medium

3 years ago

40 minutes

Tenable Research Podcast

Understanding and Achieving Exposure Management

The concept of Exposure Management has become more and more prominent in recent months, as users understand how much they are exposed to attack, how they can protect their assets and what it takes to achieve a level of compliance. In this podcast, we talk with Tenable’s senior principal security advocate Nathan Wenzler about the concept of Exposure Management, what it is, and what businesses need to do to adopt it. Follow along for more from Tenable Research: Subscribe to the blogFol...

3 years ago

35 minutes

Tenable Research Podcast

Reviewing 90 Day Responsible Disclosure Policies in 2022

In the field of responsible disclosure, a policy of 90 days to publicly disclose vulnerabilities has been created by industry. This time period should allow the researcher to disclose the vulnerability to the recipient company, giving them time to push a fix out before the original flaw can be announced. However are we in a time where this time period still works? Some vulnerabilities can be fixed fairly rapidly as we work in cloud environments, while others can be more challenging to fix -...

3 years ago

33 minutes

Tenable Research Podcast

Unsophisticated Extortion - Reflecting on the LAPSUS$ Group

In the first few months of 2022, the LAPSUS$ Group made a major splash in the cybersecurity headlines as it conducted a series of attacks on the likes of Nvidia, Microsoft and Okta. However a few months later, they had disappeared and arrests were reported soon afterwards. In a new blog, Tenable’s senior research engineer Claire Tills looked at the efforts of LAPSUS$ and what its motivations were, and how it is viewed now, and joins us on this podcast to discuss the extortion group further....

3 years ago

22 minutes

Tenable Research Podcast

Understanding the Ransomware Ecosystem

Beyond the success of its impact, a lucrative criminal ecosystem has been developed for ransomware. This has seen ransomware-as-a-service (RaaS) creating an ecosystem utilizing multiple players, while the concept of double extortion has emerged, which involves exfiltrating data from victim organizations and publishing teasers about these breaches on the dark web. In this new edition of the Tenable Research podcast, we talk with senior staff research engineer Satnam Narang about a new white ...

3 years ago

28 minutes

Tenable Research Podcast

BIG-IP and Microsoft Fixes and AWS Hot Patches

This month we talk to Tenable research manager Scott Caveza about three recent patching stories, where F5 and Microsoft offered fixes in a regular cycle, and how Amazon Web Services released hot patches to repair earlier vulnerabilities in fixes for Log4J. F5 BIG-IP Patch Hot Patches for Log4J May Patch TuesdayCVE-2021-36942 Follow along for more from Tenable Research Subscribe to the blogFollow Tenable's Zero Day team on Medium

3 years ago

23 minutes

Tenable Research Podcast

The State of OT Security, a Year Since Colonial Pipeline

On this edition of the podcast, we look at the conversation around operational technology (OT) and attacks on critical infrastructure, as we mark a year since the Colonial Pipeline incident. We’re joined by Tenable’s VP of operational technology Marty Edwards to talk about lessons learned, what work there is still to be done by practitioners, industry and researchers, and where the problems remain. Tenable blog - Securing Critical Infrastructure its Complicated Amit Yoran Testimony Vid...

3 years ago

35 minutes

Tenable Research Podcast

Spring4Shell and Patches for VMware and Microsoft

This month we take a deep dive into the most recent Java related vulnerability, and ask what the situation was with this, how it got confused with another vulnerability, and how significant it is to the wider threat landscape - or was it just riding on the memory of Log4J? We also look at the April patches from Microsoft, and two lots of fixes from VMware. Spring4Shell FAQ: Spring Framework Remote Code Execution Vulnerability Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs ...

3 years ago

31 minutes

Tenable Research Podcast

Security Research: How to Get the Job, and What to Expect

Have you ever sat in the audience at a conference, watched a video of a presentation, or listened to an interview on a podcast or TV, and seen a researcher and thought ‘how do I get to do that?’ Tenable now has a wide selection of researchers, covering security response, zero day research, audit and compliance and writing software plugins. With more companies employing full time researchers now, we talked to two from Tenable about what the job entails, what you need to know to get hired, ...

3 years ago

51 minutes

Tenable Research Podcast

The Remaining Top Vulnerabilities, and Important Patches

This month we look at newly-released, important-rated patches from Microsoft, and a new blog from Tenable’s Security Response Team where more vulnerabilities from 2021 were discussed, and why they did not make the final top five in our Threat Landscape Retrospective. March Patch Tuesday Behind the Scenes: How We Picked 2021's Top Vulnerabilities – and What We Left Out 2021 Threat Landscape Retrospective

3 years ago

23 minutes

Tenable Research Podcast

Renaud Deraison - Nessus, Tenable and His Future

This month we talk to Renaud Deraison, outgoing CTO and a co-founder of Tenable, who talks about his time developing Nessus from an open source scanner in 1998 to the development of Tenable over the past 20 years, and what the future looks like for him. Nessus Professional Tenable Research Tenable Blog

3 years ago

29 minutes

Tenable Research Podcast

Important Patches and Critical Vulnerabilities - SAP, Cisco and Microsoft

This month we look at new patches released by Cisco, Microsoft and SAP, and while there were some very critical vulnerabilities patched, we also saw Microsoft change tact with a significantly reduced patch bundle and with no critical patches released. Patch Tuesday Blog SAP Patches Internet Communication Manager Advanced Desync (ICMAD) Vulnerabilities Threat Landscape Retrospective Download Page Critical Flaws in Cisco Small Business Routers Tenable Research Podcast...

3 years ago

20 minutes

Tenable Research Podcast

Black History Month: Pioneers, Hidden Figures and Diversity

As it is Black History Month in North America in February, we talked to the co-chairs of Black@Tenable, the diversity and inclusion group for African-American employees of Tenable, about the recognition of black leaders in technology, efforts to increase the hiring of people of color in cybersecurity, and how the industry is responding to that. Tenable Homepage Tenable Careers Black History Month

3 years ago

25 minutes

Tenable Research Podcast

The Threats, Vulnerabilities, Attacks and Incidents That Made 2021

In our first look at the research highlights of 2022, we take a deep dive into Tenable’s 2021 Threat Landscape Retrospective, and look at the incidents, attacks and notable vulnerabilities that made up the past year. We also look at new advisories from January 2022, with new patches from Microsoft and ZoHo, and the new CVEs in Apache Log4j 1.x. Threat Landscape Retrospective Download Page TLR Webinar Registration Page TLR Blog Post PrintNightmare CVE 2021-36958 Tenable L...

3 years ago

43 minutes

Tenable Research Podcast

Log4J, Fixes For ZoHo and SonicWall and December Microsoft Patches

This month we take a look back at the impact of Log4J and how both the industry and Tenable were able to respond to this major incident that affected so many users globally. There are also fresh fixes from SonicWall and ZoHo for ManageEngine, and the final batch of patches from Microsoft as it rounds off a quieter year. Proof-of-Concept for Critical Apache Log4j Remote Code Execution Vulnerability Available (Log4Shell) Log4j Resource Page Log4J Tenable Webinar SonicWall Urges Users to...

3 years ago

40 minutes

Tenable Research Podcast

Will the CISA Directive Create a More Secure Government?

The recent Binding Operational Directive from CISA will see a number of U.S. government departments receive better instruction on which vulnerabilities need to be patched, and to do so within a six month time frame. On this episode of the Tenable Research podcast, we talk to Nathan Wenzler and Seth Matheson about what the vulnerabilities are, how they are determined, who is affected and what this could mean for other governments around the world, and other businesses also. Show refer...

3 years ago

35 minutes

Tenable Research Podcast

Common Attacks on Active Directory

This time we’re joined by Tenable’s security strategist Sylvain Cortes, as we look at the types of attacks being targeted at Active Directory, how attackers look to get a foothold into enterprise networks by exploiting AD, and what steps you can take to better secure yourself and your AD environment Active Directory is Now in the Ransomware Crosshairs How to Protect Active Directory Against Ransomware Attacks How to Strengthen Active Directory and Prevent Ransomware Attacks

3 years ago

32 minutes

Tenable Research Podcast

Patches for Apache and VMware, and October Patch Tuesday

This month we look at patches from Apache and VMware, an example of very rapid response to a researcher’s findings, and another quiet month from Microsoft’s Patch Tuesday, with guests Claire Tills and Satnam Narang from Tenable's Security Response Team. CVE-2021-22005: Critical File Upload Vulnerability in VMware vCenter ServerCVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server ExploitedMicrosoft’s October 2021 Patch Tuesday Addresses 74 CVEs (CVE-2021-40449)CVE-2021-34527: Micros...

4 years ago

22 minutes

Tenable Research Podcast

OMIGOD: Critical Vulnerabilities in Atlassian, OMI and Microsoft, and Remote Working Trends

This month we review new blogs from Tenable’s Security Response Team on a vulnerability in Atlassian’s Confluence Server, review what made cybersecurity say “OMIGOD” and look at another light load of patches from Microsoft. We also look at new research - commissioned by Tenable and conducted by Forrester - on remote working statistics, and look at technology investment and attack trends which were discovered. Show References: Atlassian Confluence OGNL Injection Vulnerability Exploited in th...

4 years ago

1 hour 6 minutes