You always want to know what is attached to your network. And whether it could be vulnerable or not.
Read more in my article on the Tripwire State of Security blog.
You always want to know what is attached to your network. And whether it could be vulnerable or not.
Read more in my article on the Tripwire State of Security blog.
Dell Technologies has announced a raft of new cybersecurity resources to help customers simplify zero-trust adoption and improve their cyber resiliency. These include a new Zero Trust Center of Excellence for validating a zero-trust architecture for commercial enterprises, as well as new security advisory/vulnerability management services and products designed to enhance cybersecurity across hardware, firmware, software, and object storage.
The malicious variant distributed spyware to collect personal data and send it to the hacker
Benjamin Balder Bach discovered that Django incorrectly handled certain
internationalized URLs. A remote attacker could possibly use this issue to
cause Django to crash, resulting in a denial of service.
Anticipate likely attacks. Proactively reduce your exposure. Communicate with your key stakeholders.
Today, Tenable is proud to announce the Tenable One Exposure Management Platform, which unifies a variety of data sources into a single exposure view to help organizations gain visibility, prioritize efforts and communicate cyber risks.
Tenable One combines broad vulnerability coverage — spanning IT assets, cloud resources, containers, web apps and identity systems — and builds on the speed and breadth of vulnerability data from Tenable Research. Tenable One offers cybersecurity teams a contextual view of all assets and associated software vulnerabilities, configuration vulnerabilities and entitlement vulnerabilities, whether on-premises or in the cloud, to help them understand where they are most exposed to risk.
To say that the attack surface is growing is an understatement. A Microsoft Risk IQ study released in April found that every minute over 117,00 new hosts are created, 613 new domains are added and 375 new threats are released. Plus, the number of new vulnerabilities continues to grow – with 12,380 new CVEs published in the first half of 2022, a 31% jump over the 9,420 published in the same period last year. To combat this problem, the average large organization uses more than 130 different cybersecurity point solutions, each with its own analytics, and no consistent reporting. All of these tools can lead to duplicate and ineffective programs, with no clear path forward to tangibly reduce risk or succinctly communicate an organization’s security status.
The Tenable One Exposure Management Platform helps to eliminate the noise by bringing an organization’s entire attack surface — whether on-premises or in the cloud — into a single, unified view. This helps security leaders, practitioners and incident responders reduce the risk of an attack by drawing upon the industry’s largest vulnerability management data set and analyzing it in the context of the relationships between assets, exposures, privileges and threats across attack paths.
The Tenable One Exposure Management Platform is built on a foundation of six existing Tenable products:
Tenable Lumin
Tenable.io Vulnerability Management
Tenable.io Web Application Scanning
Tenable.cs Cloud Security
Tenable.ad Active Directory Security
Tenable.asm Attack Surface Management
Providing flexibility in deployment, it comes in two versions — Standard and Enterprise. Tenable One Enterprise Edition adds attack path analysis and attack surface management functionality to the Standard Edition.
Tenable One aggregates the cyber risk analytics data derived from each of these products and analyzes it to provide three types of insights:
cyber risk guidance: in the form of exposure views;
breach and attack mitigation via attack path analysis; and
a centralized view of assets in a comprehensive asset inventory.
Source: Tenable, October 2022
The Tenable One Exposure Management Platform provides the following key benefits:
Comprehensive visibility: Tenable One helps cybersecurity teams gain a unified view of all assets and associated software vulnerabilities, configuration vulnerabilities and entitlement vulnerabilities, whether on-premises or in the cloud, to allow them to understand where they are exposed to risk. It also continuously monitors the internet to rapidly discover and identify all external-facing assets to eliminate areas of known and unknown security risk. This helps reduce the time and effort required to understand the complete attack surface, eliminate blind spots, and build a baseline for effective risk management.
Predict and prioritize:The platform helps security leaders anticipate the consequences of a cyberattack by drawing upon the industry’s largest data set and combining it with an understanding of the relationships between assets, exposures, privileges and threats across an attack path. Tenable One significantly improves cyber risk prioritization to help cybersecurity teams continuously identify and focus on the exploitable attack and breach pathways that create the most risk. This provides more accurate and predictive remediation insights to eliminate windows of risk with the least amount of effort to help prevent attacks.
Effectively communicate cyber risk: Tenable One provides security executives and business leaders with a centralized and business-aligned view of cyber risk, with clear key performance indicators (KPIs) to show progress over time and benchmarking to compare against external peers. The platform provides actionable insights into an organization’s overall cyber risk, as well as the ability to drill into departmental or operational units. This delivers accurate business-aligned cyber risk assessments to improve overall communication and collaboration among different constituencies, which saves time, improves investment decisions, supports insurability and drives improvement over time — all while tangibly reducing risk to the organization.
Source: Tenable, October 2022
As the above image shows, exposure views provide a unified global exposure score drawn from a variety of different data sources. They enable focused security efforts through clear, concise insight into an organization’s security exposure — enabling security pros to answer such critical questions as:
how secure are we?;
where do we stand in our preventative and mitigation efforts?; and
how are we doing over time and what are the key events?
Security practitioners and managers will have full visibility into their attack surface, along with a unified view of all assets. They will be able to prioritize their efforts in remediating software, configuration and entitlement vulnerabilities. Such comprehensive visibility and prioritization enables security teams to understand their attack surface as the attackers see it, eliminate blind spots and build a baseline for effective risk management while improving decision making.
Security managers and incident response teams can use Tenable One’s contextual view of threats, assets and privileges to focus available resources on their organization’s most pressing security needs. Such focus will help these teams eliminate windows of risk and efficiently allocate resources to remediate and respond. Tenable One allows IR teams to anticipate the consequences of an attack by giving them a contextual understanding of the relationships between assets, users and privileges across the entire attack surface. The clear and easily communicated KPIs provided by Tenable One offer insights into progress over time and provide benchmarked comparisons within the organization.
CISOs, business information security officers (BISOs) and security executives require accurate risk assessments to improve investment decisions, evaluate insurability, meet regulatory and compliance requirements and drive organizational improvement. Tenable One provides these executives with actionable metrics they can use to measure, compare and communicate cyber risk to non-technical execs and operating teams. A unified view of cyber risk with clear KPIs allows executives to measure progress over time and make benchmarked comparisons against industry peers and within the organization. The goal? To help security leaders answer the question “how secure are we?”
One important point for Tenable.ep customers: With the launch of Tenable One, you will be automatically upgraded to Tenable One Standard Edition at no additional cost. With this upgrade, you can continue to take full advantage of all capabilities in Tenable.ep today, plus Exposure View and Asset Inventory available in Tenable One. Please reach out to your Tenable representative for more information.
Read the blog, Exposure Management: Reducing Risk in the Modern Attack Surface
Download the white paper, 3 Real-World Challenges Facing Cybersecurity Leaders: How an Exposure Management Platform Can Help
Visit the Tenable One product page, https://www.tenable.com/products/tenable-one
Cybersecurity organizations struggle with reactive and siloed security programs and with a sprawl of point tools that generate heaps of fragmented data but few insights. Here we explain why they need an exposure management platform that provides comprehensive visibility and allows them to anticipate threats, prioritize remediation and reduce risk.
IT environments with well-defined on-premises boundaries have gone the way of the rotary phone. Why? Line up the usual suspects: Cloud, mobility, continuous software delivery, IoT and all the other modern technologies and processes that have come about in the last several years.
As a result, IT environments have become complex, distributed, hybrid and loosely coupled – making them incredibly difficult to secure. This ever-expanding and convoluted attack surface offers cybercriminals plenty of blind spots and gaps to exploit.
In this new world, cybersecurity organizations continue to struggle with security programs that are reactive and siloed, and with a sprawl of point tools generating mounds of fragmented data that’s often impossible to easily correlate and difficult to draw meaningful insights from.
As IT environments evolve and become more complex, so do the tools and techniques needed to secure and protect all of our assets. Vulnerability management has served us well for better understanding the security posture of traditional IT assets, such as servers, workstations or network devices. But the transition to cloud platforms, microservices, web applications, connected operational technology devices and identity services requires more and more specialized tools that can safely and correctly assess each of these technologies to determine where they may pose risk to the organization.
Exposure management is the more modern version of this sort of siloed assessment methodology, where the data of each assessment tool and technique can be brought together and analyzed to see the relationships between each finding, allowing organizations to understand the true nature of where they may be exposed to an attack. Since attackers will commonly pivot from one type of vulnerability to another, defenders must be able to understand how all of the vulnerability and misconfiguration data they have can impact each other. Historically, this kind of aggregated, relationship-focused analysis was done manually and in an external data store where security teams have had to create their own risk relationships and leverage their personal understanding of the infrastructure. This leads to incomplete views of the environment and a very unwieldy, difficult process to try and get their arms around this problem.
There’s an answer to this thorny scenario: an exposure management program that transcends traditional vulnerability management and includes data about configuration issues, vulnerabilities and attack paths across a spectrum of assets and technologies — including identity solutions; cloud configurations and deployments; and web applications.
An exposure management program — underpinned by a technology platform and by the processes required to understand, respond to and remediate exposures — allows organizations to:
Gain comprehensive visibility across the modern attack surface
Anticipate threats and prioritize efforts to prevent attacks
Communicate cyber risk to make better decisions
This questionnaire will help you determine if you need to adopt an exposure management program:
Do the tools in your security stack interoperate and give you comprehensive insights into your exposure?
Do you have full visibility into your attack surface, from endpoints to the cloud to your on-prem environments and everywhere in between?
Can you, at any given point, prioritize your remediation efforts in a predictive manner so that you always know what you need to do first?
Are you leveraging threat intelligence to understand your threat landscape?
Can you analyze all the attack paths that can lead cybercriminals to your most critical assets?
Are you remediating issues in a timely, precise, continuous manner in a way that meets or exceeds industry benchmarks?
Can you answer with confidence and authority the question: “How secure are we?”
Are you able to clearly communicate your security status both to business executives and to your security team?
Are your decisions for resource allocation in the security organization grounded in data?
If you answered “no” to all or most of these questions, you most likely would benefit from exposure management.
A comprehensive exposure management program helps a variety of stakeholders. Here are the benefits it provides to three key constituencies.
Full visibility and understanding of the entire attack surface
Unified view of all assets — no more blind spots
Precise remediation prioritization for all types of vulnerabilities and exposures
Clarity for building a baseline for effective risk management
Improved risk decision-making
Comprehensive insight and context about threats, assets and privileges
Reduction both of risk and of needed remediation and response resources
Ability to anticipate attack consequences via a contextual view of assets and users across the attack surface
Clear, easily communicated key performance indicators (KPIs) for tracking progress over time and comparing benchmarks
Accurate risk assessments to improve decisions about investments and insurability, meet compliance requirements and drive organizational improvement
Actionable metrics to help measure, compare and communicate cyber risk to IT and security teams, as well as to non-technical executives and operating teams
A unified view of cyber risk with clear KPIs to measure progress and benchmark comparisons against industry peers and within the organization
The ability to answer the question: “How secure are we?”
An effective exposure management platform needs to offer three key features:
To quickly and smoothly understand and manage an organization’s cyber risk and its entire attack surface, and to eliminate blind spots, the platform must provide:
A unified view of all assets and associated software vulnerabilities, configuration vulnerabilities and entitlement vulnerabilities, whether on-prem or in the cloud
Continuous monitoring of the internet to rapidly discover and identify all external-facing assets to eliminate areas of known and unknown security risk
To help the security team anticipate the consequences of a cyberattack, prioritize its actions and reduce risk with the least amount of effort, the platform must:
Offer context about the interrelated assets, exposures, privileges and threats across an attack path by drawing upon the large data sets available from various point tools
Continuously identify and focus on the attack pathways that present the greatest risk of being exploited by attackers
Provide accurate and predictive remediation guidance and insights
To offer security executives and business leaders a centralized, business-aligned view of cyber risk with clear KPIs, as well as allow them to benchmark capabilities, the platform must:
Provide actionable insights into the organization’s overall cyber risk — including the value of the proactive efforts happening daily
Allow users to drill down for specifics about each department, business unit, geo-location, technology type or any other form of business operations
Help improve overall communication and collaboration among different constituencies within the organization
Offer actionable metrics that help save time, improve investment decisions, support cyber insurance initiatives and drive improvement while tangibly reducing risk
Today, Tenable launched the Tenable One Exposure Management Platform, which unifies a variety of data sources into a single exposure view to help organizations gain visibility, prioritize efforts and communicate cyber risks.
Building on proven Tenable products, Tenable One brings disparate vulnerability, misconfiguration and other security issues together into a single place, unifying the risk context across all findings and providing contextualized understanding of where the organization is most at risk. This makes it possible to equally weigh the risk of a missing patch versus a SQL Injection vulnerability versus a misconfigured container and understand which is more potentially impactful to your business. With Tenable One, organizations can take advantage of the integrations that already exist between Tenable and its partners, such as ServiceNow. It is also designed to form the foundation of an exposure management program, alongside the other security tools, processes and services already implemented within most organizations.
Download the white paper, 3 Real-World Challenges Facing Cybersecurity Leaders: How an Exposure Management Platform Can Help
View the infographic, From Risk-Based Vulnerability Management to Exposure Management: The Changing Definition of Good Cyber Hygiene
Read the blog, Introducing the Tenable One Exposure Management Platform
An ex-NSA employee has been charged with trying to sell classified data to the Russians (but instead actually talking to an undercover FBI agent).
It’s a weird story, and the FBI affidavit raises more questions than it answers. The employee only worked for the NSA for three weeks—which is weird in itself. I can’t figure out how he linked up with the undercover FBI agent. It’s not clear how much of this was the employee’s idea, and whether he was goaded by the FBI agent. Still, hooray for not leaking NSA secrets to the Russians. (And, almost ten years after Snowden, do we still have this much trouble vetting people before giving them security clearances?)
Mr. Dalke, who had already left the N.S.A. but told the agent that he still worked there on a temporary assignment, then revealed that had taken “highly sensitive information” related to foreign targeting of U.S. systems and information on cyber operations, the prosecutors said. He offered the information in exchange for cryptocurrency and said he was in “financial need.” Court records show he had nearly $84,000 in debt between student loans and credit cards.
Graham Cluley Security News is sponsored this week by the folks at Kolide. Thanks to the great team there for their support! Do you know the old thought experiment about the AI designed to make paper clips that quickly decides that it will have to eliminate all the humans to maximize paper clips? Many security … Continue reading “Kolide can help you nail audits and compliance goals with endpoint security for your entire fleet”
This blog was written by an independent guest blogger.
The last couple of months were devastating for cybersecurity. Cyber threats intensify each waking day, and criminals seem to be getting more sophisticated and better at beating the system.
For instance, the first six months of 2022 saw a whopping 40% increase in cyber-attacks from the previous year, with Ransomware being declared a state-level weapon. These attacks are causing severe disruptions to everyday lives, affecting essential services such as medical care, schools, etc. For instance, an attack on Lincoln College in the US resulted in the college closing its doors after 157 years.
Needless to say, cybersecurity threats and attacks aren’t slowing down or going away anytime soon. As the risk of cybersecurity attacks continues to grow, so have the trends predicted for cybersecurity in the next year.
Here are some of the most critical cybersecurity trends you need to keep an eye on.
Surprisingly, about 97% of people with access to the internet still cannot identify when an email is a phishing email. This is why many people will readily click on a phishing email, and thus become victims to cyberattacks.
This shows that there is a huge need for awareness, and education is crucial to identify and prevent costly identity theft and network hacks. Thankfully, many businesses today go beyond implementing strong firewalls and sophisticated IT protocols by augmenting their IT personnel’s capabilities through training to equip them with the skills needed to fight cyber-attacks.
Some institutions use classroom and web-based to promote and train cybersecurity awareness. Companies are also focusing more on how workers share and handle confidential data. For instance, many organizations are now putting a lot of effort into educating their employees on how to protect themselves from identity theft.
After all, research shows that about 80 percent of data breaches can be avoided by practicing and implementing simple cyber hygiene.
Phishing is still the most severe security threat on the internet to date — and a majority of the population is at a high risk of falling prey to this threat. Phishing emails and dangerous URLs are still common on the internet, but they are now customized, tailored, and geo-targeted.
Cybercriminals are taking the time to research and devise ways to craft polished business email compromise attacks that can fool even the best eye.
Therefore, businesses, and individuals alike, should invest time and effort into comprehensive security awareness programs to protect their data and ensure website safety.
The general data protection regulation is the decade’s most notable developments in IT across the European Union. The law is the brainchild of the EU, but it’s already having major impacts on data protection requirements across the globe.
The law imposes standard data security law on all EU countries and requires all organizations selling to EU residents to comply with its regulations regardless of their location. As such, GDPR provides uniform data protection to all consumers in the EU regions.
Since the GDPR is still fairly new, it hasn’t fully taken root, and most companies are still not ready to ensure compliance. However, companies worldwide are slowly adopting the changes to accommodate the new regulations.
According to Oracle, there are currently more than 7 billion connected Internet of Things (IoT) devices, and experts anticipate this figure to expand to 22 billion by 2025. This rapid growth of the IoT has increased the chances for cybercriminals to launch cyberattacks and data breaches.
This is why security vulnerabilities such as DoS or hijacked devices continue to plague most IoT devices on the market today. As IoT connects the real world with the virtual, home invasions are added to the list of IoT’s most terrifying potential risks. In fact, studies show that compromised routers and cameras account for a big chunk of IoT assaults worldwide.
Therefore, as the number of internet-connected devices increases, so does the threat that malicious actors can exploit to access a company’s vital infrastructure. As such, businesses must prepare and plan for this cybersecurity trend that will become more prominent in the coming years.
The last two years have seen an increase in many trends associated with remote working. For instance, there has been a huge increase in demand for cloud solutions, with many companies seeking to take a space on the cloud.
Cloud services offer great opportunities to companies, such as increased scalability and operational and cost efficiency. But these services do not offer secure authentication or audit logging, making them a prime target for cybercriminals.
Therefore, all businesses should pay attention to and consider adopting inventive and predictive cloud protection measures, such as penetration testing, to combat cybercriminals. Predictive security can help identify attacks that bypass other endpoint security measures.
Recently, the healthcare sector has been a prime target of many cyber threats. This is why many hospitals and health organizations are investing heavily in cybersecurity. By 2019, the industry was valued at about 9.78 billion, which is expected to increase to $33.65 billion by 2027.
Data breaches are the leading threat in the healthcare industry. In the last three years alone, about 11.7 billion records have been stolen or exposed by cyber criminals. Consequently, healthcare organizations are increasingly putting more emphasis on their digital security requirements and pushing growth for the healthcare sector’s cybersecurity market.
Mobile technology is rapidly evolving; today, one can use their mobile devices to do plenty of tasks remotely. For instance, the rise of remote working has made employees rely more on their mobile devices to connect and communicate with one another. These small devices can store massive amounts of sensitive personal data.
Cybercriminals have recognized this and have escalated their targeting of mobile devices. For example, research shows that 6 out of 10 children aged 8 to 12 are exposed to cyber threats through their mobile devices.
Organizations must guarantee that their data security teams add additional layers of protection to mobile devices. Due to the current era of accelerating digital transformation, hackers’ attack methods are becoming more inventive.
Keeping track of these trends will allow you simplicity in managing your remote employees while protecting your company data.
The recent evolution of cyber threats has made the role of artificial intelligence (AI) and Machine Learning (ML) more proactive. Many organizations are adopting the power of technology to automate several aspects of their cybersecurity efforts, such as threat detection.
If well utilized, ML can help simplify various processes, which makes them simpler, more efficient, and less costly. For example, ML can help develop patterns and manipulate large data sets into algorithms.
Therefore, incorporating ML hence enables cybersecurity systems to assess attack trends and understand the habits of cyber criminals. This helps to prevent similar assaults in the future and decreases the time required for cybersecurity professionals to do basic duties.