False Negatives in Attack Surface Mapping
Attack surface mapping tools can miss assets for a wide variety of reasons. Here we list 15 such scenarios, including a broken DNS server, the use of round-robin DNS and ephemeral infrastructure....
A Powerful Tenable.asm Feature: HTML Search
Find out why Tenable.asm’s HTML search capability is so practical and powerful, as it offers nearly infinite flexibility to build whatever search you need to and report on it expeditiously....
ゼロデイは CVE を待たない
Learn why an attack surface map can provide invaluable and unique help in detecting zero day vulnerabilities....
The Right Way to do Attack Surface Mapping
The key to mapping out your attack surface accurately is to scan all of your organization's assets, develop an asset inventory list and find shadow IT. ...
Passive DNS Is the Wrong Way To Do Attack Surface Mapping
When identifying a corporate attack surface, passive DNS can be useful but it won’t be comprehensive by itself, so it should be part of a more holistic program....
Active Directory のプライマリグループ ID 攻撃: 関連する脅威をどう防御するか
The Primary Group ID in Active Directory, created to help manage access to sensitive resources, has become a critical vulnerability that attackers can exploit to escalate privileges without leaving a trace.The Primary Group ID in Active Directory was originally developed to support the UNIX POSIX mo...
Active Directory の Kerberos 認証前攻撃を阻止する方法
Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication.As part of the Kerberos authentication process in Active Directory, there is an initial request to authenticate without a password. This is an artifact left over from Kerberos versio...
Crawling Is the Wrong Way To Do Attack Surface Mapping
When analyzing methods to identify assets, crawling should be one tool in the toolbox, but not the only one. If you use crawling exclusively, you’ll likely miss a lot of assets....
「VPR」とは何か。「CVSS」とはどう違うのか。
このブログシリーズでは、さまざまな観点からVPR(脆弱性の優先度評価)について詳しく説明します。Part one will focus on the distinguishing characteristics of VPR that make it a more suitable tool for prioritizing remediation efforts than the Common Vulnerability S...
Tenable Lumin でプロセスの整合性におけるリスクを把握
成熟したリスクベースの脆弱性管理を実践するには、ビジネスシステムのリスクとプロセスの整合性のリスクを評価する 2 つのリスク指標が不可欠です。Tenable Lumin の新しい評価成熟度スコアは、両方に対する知見を提供します。Risk-based vulnerability management requires metrics addressing two types of r...
Nessus Home、Nessus Essentialsに改名
We’ve given Nessus Home a refresh, and we’re excited to share with you the new and updated free vulnerability assessment solution, Nessus Essentials. As part of the Nessus family, Nessus Essentials is a free vulnerability assessment solution for up to 16 IPs that provides an entry point into th...
予測に基づいた優先順位付けに関する 16 の質問に対する回答
Earlier this year, Tenable introduced Predictive Prioritization, a groundbreaking, data science-based process that re-prioritizes each vulnerability based on the likelihood it will be leveraged in an attack. Here, we answer your 16 most pressing questions about what this capability me...