Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Research
Podcast

Research Podcast
November 8 · 30 minutes
Research Alliance Program - Shared Intelligence and Insight
This month we talked to Tenable’s director of research product management Ray Carney and Eric Hoffman, director of partnerships and alliances at Greynoise, about the formation of a new research alliance program. Announced in mid October, this is intended to facilitate collaboration and information sharing between industry partners, and support best-practice coordinated vulnerability disclosure in order to promote increased cooperation in order to reduce an attacker's free time.

  • Listen:
    • Google Podcasts
    • Spotify
    • Stitcher
    • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
October 3 · 40 minutes
What is Exposed Externally That You’re Unaware Of, What Can Attackers See - and How to Manage Your Exposure

After we discussed the concept of Exposure Management on our last podcast, this time we welcome back Tenable’s senior principal security advocate Nathan Wenzler to discuss the concept of how you can determine your level of exposure, what has led to this level of vulnerability, and what options are available to you to better manage this.

 

 

Follow along for more from Tenable Research:

Research Podcast
September 13 · 35 minutes
Understanding and Achieving Exposure Management

The concept of Exposure Management has become more and more prominent in recent months, as users understand how much they are exposed to attack, how they can protect their assets and what it takes to achieve a level of compliance.

 

In this podcast, we talk with Tenable’s senior principal security advocate Nathan Wenzler about the concept of Exposure Management, what it is, and what businesses need to do to adopt it.

 

Follow along for more from Tenable Research:

Research Podcast
August 30 · 33 minutes
Reviewing 90 Day Responsible Disclosure Policies in 2022

In the field of responsible disclosure, a policy of 90 days to publicly disclose vulnerabilities has been created by industry. This time period should allow the researcher to disclose the vulnerability to the recipient company, giving them time to push a fix out before the original flaw can be announced.

 

However are we in a time where this time period still works? Some vulnerabilities can be fixed fairly rapidly as we work in cloud environments, while others can be more challenging to fix - such as in OT. We talked to Tenable’s Ivan Belyna and Nick Miles about the evolution of the 90 day policy, and its present and future, and what use advanced disclosure is to security leaders and to the wider industry. 

Show References

 

Follow along for more from Tenable Research:

Research Podcast
August 1 · 22 minutes
Unsophisticated Extortion - Reflecting on the LAPSUS$ Group

In the first few months of 2022, the LAPSUS$ Group made a major splash in the cybersecurity headlines as it conducted a series of attacks on the likes of Nvidia, Microsoft and Okta. However a few months later, they had disappeared and arrests were reported soon afterwards.

 

In a new blog, Tenable’s senior research engineer Claire Tills looked at the efforts of LAPSUS$ and what its motivations were, and how it is viewed now, and joins us on this podcast to discuss the extortion group further.

Show References

 

Follow along for more from Tenable Research:

Research Podcast
June 8 · 29 minutes
Understanding the Ransomware Ecosystem

Beyond the success of its impact, a lucrative criminal ecosystem has been developed for ransomware. This has seen ransomware-as-a-service (RaaS) creating an ecosystem utilizing multiple players, while the concept of double extortion has emerged, which involves exfiltrating data from victim organizations and publishing teasers about these breaches on the dark web.

In this new edition of the Tenable Research podcast, we talk with senior staff research engineer Satnam Narang about a new white paper which explores the working of this ecosystem, how it works and what the economics of the model are.

Show References

Follow along for more from Tenable Research:

Research Podcast
May 23 · 24 minutes
BIG-IP and Microsoft Fixes, and AWS Hot Patches

This month we talk to Tenable research manager Scott Caveza about three recent patching stories, where F5 and Microsoft offered fixes in a regular cycle, and how Amazon Web Services released hot patches to repair earlier vulnerabilities in fixes for Log4J.

  • Listen:
    • Google Podcasts
    • Spotify
    • Stitcher
    • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
May 13 · 35 minutes
The State of OT Security, a Year Since Colonial Pipeline

On this edition of the podcast, we look at the conversation around operational technology (OT) and attacks on critical infrastructure, as we mark a year since the Colonial Pipeline incident.

We're joined by Tenable's VP of operational technology Marty Edwards to talk about lessons learned, what work there is still to be done by practitioners, industry and researchers, and where the problems remain.

Show References

Follow along for more from Tenable Research:

Research Podcast
April 21 · 31 minutes
Spring4Shell and Patches for VMware and Microsoft

This month we take a deep dive into the most recent Java related vulnerability, and ask what the situation was with this, how it got confused with another vulnerability, and how significant it is to the wider threat landscape - or was it just riding on the memory of Log4J?

We also look at the April patches from Microsoft, and two lots of fixes from VMware.

Show References

Follow along for more from Tenable Research:

Research Podcast
March 28 · 51 minutes
Security Research: How to Get the Job, and What to Expect

Have you ever sat in the audience at a conference, watched a video of a presentation, or listened to an interview on a podcast or TV, and seen a researcher and thought ‘how do I get to do that?’

Tenable now has a wide selection of researchers, covering security response, zero day research, audit and compliance and writing software plugins.

With more companies employing full time researchers now, we talked to two from Tenable about what the job entails, what you need to know to get hired, and what a typical day or week looks like. Joining this month are research senior managers Ivan Belyna and Jesus Garcia Galan.

 

Show References

 

Follow along for more from Tenable Research:

Research Podcast
March 21 · 24 minutes
The Remaining Top Vulnerabilities, and Important Patches

This month we look at newly-released, important-rated patches from Microsoft, and a new blog from Tenable's Security Response Team where more vulnerabilities from 2021 were discussed, and why they did not make the final top five in our Threat Landscape Retrospective.

Show References

Follow along for more from Tenable Research:

Research Podcast
February 28 · 21 minutes
Important Patches and Critical Vulnerabilities - SAP, Cisco and Microsoft

This month we look at new patches released by Cisco, Microsoft and SAP, and while there were some very critical vulnerabilities patched, we also saw Microsoft change tact with a significantly reduced patch bundle and with no critical patches released.

  • Listen:
    • Google Podcasts
    • Spotify
    • Stitcher
    • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
February 23 · 25 minutes
Black History Month: Pioneers, Hidden Figures and Diversity

As it is Black History Month in North America in February, we talked to the co-chairs of Black@Tenable, the diversity and inclusion group for African-American employees of Tenable, about the recognition of black leaders in technology, efforts to increase the hiring of people of color in cybersecurity, and how the industry is responding to that.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
January 31 · 44 minutes
The Threats, Vulnerabilities, Attacks and Incidents That Made 2021

In our first look at the research highlights of 2022, we take a deep dive into Tenable’s 2021 Threat Landscape Retrospective, and look at the incidents, attacks and notable vulnerabilities that made up the past year.

We also look at new advisories from January 2022, with new patches from Microsoft and ZoHo, and the new CVEs in Apache Log4j 1.x.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
December 22 · 41 minutes
Log4J, Fixes For ZoHo and SonicWall and December Microsoft Patches

This month we take a look back at the impact of Log4J and how both the industry and Tenable were able to respond to this major incident that affected so many users globally. There are also fresh fixes from SonicWall and ZoHo for ManageEngine, and the final batch of patches from Microsoft as it rounds off a quieter year.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
November 30 · 35 minutes
Will the CISA Directive Create a More Secure Government?

The recent Binding Operational Directive from CISA will see a number of U.S. government departments receive better instruction on which vulnerabilities need to be patched, and to do so within a six month time frame.

On this episode of the Tenable Research podcast, we look at what the vulnerabilities are, how they are determined, who is affected and what this could mean for other governments around the world, and other businesses also.

  • Listen
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
Nov 18 · 32 minutes
Common Attacks on Active Directory

This time we’re joined by Tenable’s security strategist Sylvain Cortes, as we look at the types of attacks being targeted at Active Directory, how attackers look to get a foothold into enterprise networks by exploiting AD, and what steps you can take to better secure yourself and your AD environment.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Research Podcast
Sept 30 · 66 minutes
OMIGOD: Critical Vulnerabilities in Atlassian, OMI and Microsoft, and Remote Working Trends

This month we review new blogs from Tenable’s Security Response Team on a vulnerability in Atlassian’s Confluence Server, review what made cybersecurity say “OMIGOD” and look at another light load of patches from Microsoft. We also look at new research on remote working statistics, and look at technology investment and attack trends which were discovered.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
Sept 8 · 19 minutes
Hold the Door - VPN Vulnerabilities Unlock Entry to Your Network

On this edition of the Research podcast, we talk to Satnam Narang and Claire Tills about the Security Response Team’s recent research blog around SSL VPN vulnerabilities. That blog looked back at how three particular flaws in major VPNs are frequently exploited, so we look at when these vulnerabilities were disclosed, what the impact of them are, who has been attempting to exploit them and who the targets have been.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
Aug 24 · 46 minutes
Light Patches, Router Issues and a Year of Zerologon

This month we look at new blogs from Tenable’s security response team, including on a year of Zerologon, vulnerabilities in Microsoft Exchange Servers and Pulse Secure, and a widely spread flaw in wifi routers which could affect thousands of users globally.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
Aug 2 · 21 minutes
Black Hat 2021 and the Return to Conferences

As the first major security conference prepares to take place, Tenable's chief security strategist Nathan Wenzler talks to Dan Raywood about what the conference scene could look like going forward, what people can expect from the experience and what virtual and in person delegates will be looking to gain from attending.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes
Research Podcast
July 21 · 44 minutes
Nightmare, Ransomware, Patches Everywhere

In this episode we talk to security researchers Claire Tills and Satnam Narang on a busy month in cybersecurity headlines, from an MSP facing a major ransomware situation, to Microsoft’s attempts to keep up with the PrintNightmare issue, and evaluating July’s bumper Patch Tuesday offering.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes
  • Amazon Music

Show References

Follow along for more from Tenable Research:

Research Podcast
June 28 · 45 minutes
Back to Reality, Ransomware and Patch Tuesday

Welcome back to the Tenable Research Podcast. In this new episode we look back at June’s Microsoft patches, and ask Tenable senior research engineer Satnam Narang what he feels the reasons are for the number of patches generally decreasing both monthly and annually.

We are also joined by director of product management Ray Carney, as we look into the increase of ransomware in 2021, what have been the causes of this increase, and what the threat landscape looks like currently.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes
  • Amazon Music

Show References

Follow along for more from Tenable Research:

Research Podcast
December 10 · 52 minutes
Security Research in 2020

We’re joined by four members of the Zero Day Research team - Nick Miles, Jimi Sebree, Chris Lyne, and Evan Grant - to talk about what it’s like being a security researcher in 2020. Conferences mostly cancelled, vendor responses fluctuating, concerns about selecting targets and promoting work - it’s complicated out there for researchers. As always, Satnam breaks down the latest vulnerability news for us.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Follow along for more from Tenable Research:

Research Podcast
Nov 13 · 50 minutes
Benchmarks and You: Making the Right Match

On this episode, we talk about November Patch Tuesday - Satnam highlights some of the vulnerabilities and we discuss the new, limited format for the advisories from Microsoft. Our guest this month is Grant Dobbe who gives us a crash course on compliance benchmarks and how to pick the right one for you. The key lesson: don’t try to put a jet engine on a Cessna.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Tenable Research Podcast Musical References

Research Podcast
Sep 10 · 58 minutes
The Joys of Compliance (No Kidding)

We kick things off with this month’s vulnerability news as well as some primary research Satnam has done into questionable advertisements on TikTok. Then, we speak with Justin Brown about the joys of audit and compliance. Specifically, he talks about how his team works to develop and improve over 100,000 configuration checks.

  • Listen:
  • Google Podcasts
  • Spotify
  • Stitcher
  • iTunes

Show References

Research Podcast
August 13 · 27 minutes
Automate all the things

Our guest this month is Luke Tamagna-Darr and he tells us about some of the automation projects his team is working on, including predicting CVSS vectors when they are missing from vulnerability descriptions. As always, Satnam walks us through the latest vulnerability news as well as the work Tenable Research has done to identify devices impacted by Ripple20.

  • Listen:
  • Google Podcasts
  • Stitcher
  • Spotify

Show References

Research Podcast
May 14 · 38 minutes
What's the deal with Web App Scanning?

Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.

  • Listen:
  • iTunes
  • Stitcher
  • Spotify

Show Notes

Recently from Research:

Follow the Security Response Team on the Tenable Community.

Research Podcast
April 16 · 27 minutes
Analyzing Digital Loops and Whorls: OS Fingerprinting

As per usual, we’re talking about Microsoft Patch Tuesday with the added bonus of a record-breaking Oracle Critical Patch Update. All told, the releases covered 563 CVEs! Satnam discusses vulnerabilities in VMware vCenter and Zoom, as well as some primary research the SRT has done about protecting the remote workforce. Our guests this episode are Jesus Galan, Research Manager of Vulnerability Detection and Greg Betz, Research Manager for Asset Competitiveness. They joined us to talk about OS fingerprinting.

  • Listen:
  • iTunes
  • Stitcher
  • Spotify

Show Notes

Recent SRT Blogs

Tenable Research Blogs

Follow the Security Response Team on the Tenable Community.

Research Podcast
March 11 · 27 minutes
Hello EternalDarkness, My New Friend

On this episode, we talk about Microsoft’s Patch Tuesday for March which covered a whopping 115 vulnerabilities! However, CVE-2020-0796 stole the show. Satnam walks us through the vulnerability, how it compares to EternalBlue and what practitioners need to know. Giuliana Carullo from the Tenable Vulnerability Database team also joined us to continue the conversation about automation and how her team models the vulnerability landscape.

  • Listen:
  • iTunes
  • Stitcher
  • Spotify

Show Notes

Recent SRT Blogs

Apply to work on the Tenable Vulnerability Database team.

Follow the Security Response Team on the Tenable Community.

Research Podcast
February 26 · 18 minutes
Automating Vulnerability Intelligence Feeds the Right Way

On this episode, we talk about February’s Patch Tuesday, the release of a PoC for CVE-2020-0618, and exploitation of a vulnerability in the ThemeGrill Demo Importer plugin for WordPress. We also speak with Ryan Hoy about the Vulnerability Intelligence Feeds and the work his team does developing and improved the plugin automation framework.

Catch Tenable Researchers presenting at BSides Tampa on February 29.

  • Listen:
  • iTunes
  • Stitcher
  • Spotify

Show Notes

Recent SRT Blogs:

Primary Research

The Tenable Tech Blog on Medium

Follow the Security Response Team on the Tenable Community.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training