Insider Threats in Active Directory: How to Safeguard Privileged and Non-Privileged User Accounts
April 27, 2021In this post, we define privileges related to Active Directory and highlight the key security risks of internal privileged and non-privileged user groups. What do we mean by “privileges”? For the pu...
Primary Group ID Attack in Active Directory: How to Defend Against Related Threats
April 27, 2021The Primary Group ID in Active Directory, created to help manage access to sensitive resources, has become a critical vulnerability that attackers can exploit to escalate privileges without leaving a ...
How to Stop the Kerberos Pre-Authentication Attack in Active Directory
April 27, 2021Here’s a look at how to safeguard your Active Directory from the known roasting attack on Kerberos Pre-Authentication.As part of the Kerberos authentication process in Active Directory, there is an in...
Securing Active Directory: How to Prevent the SDProp and adminSDHolder Attack
April 27, 2021Attackers can get into your Active Directory by leveraging the SDProp process and gaining privileges through the adminSDHolder object. Here's how to stop them. Attackers use every possible trick and ...
Securing Active Directory: 3 Ways to Close the No-Password Loophole
April 27, 2021Any Active Directory user can have their password requirements negated with a simple command. Here’s how to identify these gaps before an attacker does. With Active Directory being around for so long...
Busting 5 Common Myths About Vulnerability Assessment
April 8, 2021Don't let misconceptions stand in your way – get the facts on five common myths about vulnerability assessment. The simple truth of vulnerability assessment is that it's not always an easy task to ac...
Crawling Is the Wrong Way To Do Attack Surface Mapping
March 23, 2021When analyzing methods to identify assets, crawling should be one tool in the toolbox, but not the only one. If you use crawling exclusively, you’ll likely miss a lot of assets.
The Growth of Vulnerability Assessment: A Look at What Nessus Offers Today
March 11, 2021The Nessus team continues to develop advanced assessment capabilities, including visibility into new operating systems, exploitable vulnerabilities and container instances. When Renaud Deraison first...
Introducing Tenable.ep: The First Risk-Based VM Platform as Dynamic as Your Attack Surface
February 23, 2021Conquering your cyber risk requires a new approach to vulnerability management. With Tenable.ep, security teams gain a single, flexible license that enhances visibility and eliminates friction, so you...
Learn the Language of Vulnerability Assessment: Key Security Terms You Should Know
February 22, 2021Your introduction to vulnerability assessment doesn't have to be confusing – let's go over the key terms. When you're new to vulnerability assessment (VA) – or any other area of cybersecurity, for th...
Cloud Security: Why You Shouldn’t Ignore Ephemeral Assets
February 17, 2021Your scheduled vulnerability scans may not catch short-lived cloud assets, creating opportunities for cybercriminals to exploit security gaps. The elastic nature of cloud environments all...
NERC CIP-008-6: How Power Grid Operators Can Improve Their Incident Reporting
February 3, 2021The new NERC CIP-008-6 regulation challenges power grid operators to differentiate attempts to compromise their environment from other non-malicious cyber incidents. Here’s how Tenable can help.