53:44
SOURCE Boston 2009: Tenable Network Security
SOURCE Boston 2009: Tenable Network Security
Speaker: Ron Gula Tenable CTO and co-founder Ron Gula will personally demonstrate our approach to Unified Security Monitoring. In a short time, you will see how your organization can monitor for PCI and FDCC violations without sacrificing situational awareness or running a wide variety of multi-vendor security solutions. Mr. Gula will demonstrate how vulnerability and configuration monitoring is directly linked with real-time event and log analysis, and how Tenable solutions can help organizations keep their network security obtainable and defensible. For more information visit: bit.ly To download the video visit: bit.ly
7:30
Secure Ninja Shorts: RSA 2012 Mobile Security
Secure Ninja Shorts: RSA 2012 Mobile Security
Alicia Webb discusses Mobile Security at RSA Conference 2012 in San Francisco. Paul Asadoorian, Product Evangelist, Tenable Network Security www.tenable.com Chris Martinez, Systems Engineer, WEBROOT http Winn Schwartau, Chairman, Mobile Active Defense www.mobileactivedefense.com
17:58
RSA Conference 2012 -- Cyber War: You're Doing it Wrong! - Marcus Ranum
RSA Conference 2012 -- Cyber War: You're Doing it Wrong! - Marcus Ranum
No matter how you slice it, cyber war is technologically and militarily impractical. We've been talking about it a long time but the discussion has been (and still is) misleading and inaccurate. Several issues (cyber crime, cyber espionage, cyber terror) are grouped under the rubric of cyber war, but they have different and sometimes conflicting agendas. This discussion looks past the hype of cyber war. SPEAKER: Marcus Ranum, CSO, Tenable Network Security, Inc. Subscribe to our YouTube Channel www.youtube.com Find us on Facebook www.facebook.com Follow us on Twitter www.twitter.com Visit our website at www.rsaconference.com
5:16
The Causes of and Solutions for Security Burnout
The Causes of and Solutions for Security Burnout
Getting burnt out in your job is an issue that many of us deal with, but in the information security field it's even more pronounced. The problem is there are a lot of negatives built into the job title, before you even look at what it takes to do the job on an ongoing basis, explained Jack Daniel (@jack_daniel), product manager at Tenable Network Security and a co-founder of Security B-Sides. At the Security B-Sides conference I spoke with Daniel about security burnout and he set the stage by outlining all the negative job characteristics of working in security: Those who migrate to security are cynical Penetration testing always succeeds so you always know you're vulnerable. A good day for a person in security is when nothing happens. You're always playing defense. Possible solutions to security burnout, that are not unique to security professionals, are giving a greater sense of control of your work environment and the value you're bringing to the organization. If we have a better sense of control then it reduces our cynicism. It's hard for employers to do, but if you can create that positive environment security workers are less tired after a day of the same amount of work, Daniel explained. Another problem is when you think you're not accomplishing anything is to take on more work. If you do that, which isn't all that bad, is to make sure that the work you take on is meaningful and rewarding to you, said Daniel. This is one way to turn a problem into a possible <b>...</b>
3:47
SecurityCenter Dashboards
SecurityCenter Dashboards
An introduction to the variety and versatility of Tenable SecurityCenter dashboards. For more information, please see the SecurityCenter dashboard blog at blog.tenable.com
1:50
Baltimore SmartCEO Volt Cyber Warrior Finalists
Baltimore SmartCEO Volt Cyber Warrior Finalists
The Baltimore SmartCEO Volt Cyber Warrior finalists are: Cyber Warrior Emerging/Small: AirPatrol, Brad Rotter, CEO; Aspect Security, Jeff Williams, CEO; Rogue Networks, Eric Fiterman, CEO and Founder. Cyber Warrior Medium: CyberPoint International, Karl Gumtow, CEO and Co-Founder; EventTracker, by Prism Microsystems, AN Anath, CEO; Tenable Network Security, Ron Gula, CEO and CTO. © 2012 www.smartceo.com
3:33
Mobile Security 3D Visualization
Mobile Security 3D Visualization
This video shows how mobile devices and the security issues associated with them can be displayed in 3D with Tenable's SecurityCenter.
4:05
Cyberwar Ignores the Conventions of War and Why That's Wrong
Cyberwar Ignores the Conventions of War and Why That's Wrong
"Cyberwar, we're doing it completely wrong," said Marcus Ranum (@mjranum), CSO for Tenable Network Security who doesn't believe it's being treated seriously. "People don't ask, 'What's the geopolitical background under which such attacks could take place?'" Before his presentation at the 2012 RSA Conference in San Francisco, I spoke with Ranum about his concern with how we're handling cyberwar preparations since it doesn't operate like regular war. The big difference between regular war and cyberwar is that most of the targets for cyberwar will be civilian infrastructure, said Ranum. "You could argue that out of the gate cyberwar is going to be war crimes," said Ranum. "If you're talking taking out an electronic infrastructure preparatory to a ground attack you're talking about shutting down their hospitals and shutting down their businesses, shutting down their stock exchange, shutting down their street lights, and screwing people's lives up. These are all contrary to the civilized laws of how wars are supposed to be fought." "We, the security practitioners, could find ourselves in the position of being like the nuclear weapons scientists who were in the 1960s," warned Ranum, "They're now kind of going, 'Uh oh, what did we start rolling here?'"
3:16
SecurityCenter USB Device Auditing
SecurityCenter USB Device Auditing
Track and monitor USB device usage with Tenable SecurityCenter with Nessus and the Log Correlation Engine (LCE).
3:22
3-D Visualization of Botnet Connections
3-D Visualization of Botnet Connections
Detect and visualize connections of potentially compromised hosts on your network using Threatlist information with Tenable SecurityCenter and the Tenable 3-D Tool.
44:00
DeepSec 2010 Passwords in the wild by Ron Bowes
DeepSec 2010 Passwords in the wild by Ron Bowes
Passwords in the wild: What kind of passwords do people use, and how do we crack them? Ron Bowes, SkullSecurity.org Recent years have been a golden age for password research; between breaches of Rockyou, MySpace, PHPBB, Carders.cc (which is currently unreleased) and countless other sites, tens of millions of passwords, both plaintext and hashed, have been released onto the Internet. In-depth analysis of these breaches provides valuable insight into the psychology of users, and a clear understanding how they were lost, found, and cracked will help protect you from suffering the same loss. We will also look at how the passwords were cracked; from old techniques like bruteforce to new techniques like Markov chains, from intelligence to raw horsepower, and from leaked password lists to exposed Facebook names, what is the ideal way to crack passwords? And, with these techniques in hand, what does this mean for security professionals? Ron Bowes entered the security industry during highschool when he taught himself assembly and reverse engineered the login sequences for several popular Blizzard titles (including Starcraft and Warcraft 3). Since then, he obtained a Bachelor of Computer Science at the University of Manitoba, and worked several jobs in the private industry before becoming a Security Analyst for the Province of Manitoba. After several years of government work, he started work as a researcher and reverse engineer for Tenable Network Security in 2010 and is there <b>...</b>
110:41
Defcon 19: Panel - PCI 2.0: Still Compromising Controls and Compromising Security
Defcon 19: Panel - PCI 2.0: Still Compromising Controls and Compromising Security
This video is part of the Infosec Video Collection at SecurityTube.net: www.securitytube.net https Building on last year's panel discussion of PCI and its impact on the world of infosec, we are back for more- including "actionable" information. Having framed the debates in the initial panel, this year we will focus on what works, what doesn't, and what we can do about it. Compliance issues in general, and PCI-DSS in particular, are driving security in many organizations. In tight financial times, limited security resources are often exhausted on the "mandatory" (compliance) at the expense of the "optional" (actual security). We will focus on the information needed to reconcile these issues, and encourage the audience to continue the discussion with us. Jack Daniel is old, and has a Unix Beard, so people mistakenly assume he knows stuff. He still makes no attempt to correct this gross misunderstanding. Jack has proven himself to be an inciteful moderator on compliance topics. He has many years of network and systems administration experience, and a bunch of letters after his name. Jack lives and breathes network security as Product Manager for Tenable. James Arlen , CISA, sometimes known as Myrcurial is a cyber-security cyber-consultant usually found in tall buildings wearing a cyber-suit, founder of the Think|Haus hackerspace, columnist at Liquidmatrix Security Digest, Infosec Geek, Hacker, Social Activist, Author, Speaker and <b>...</b>
4:16
Passive Discovery of Internet Facing Vulns
Passive Discovery of Internet Facing Vulns
This video demonstrates the power of Tenable's Passive Vulnerability Scanner (PVS) when used in conjunction with Tenable's SecurityCenter to detect, identify, and display both client and server vulnerabilities.
3:21
Botnet and Bittorrent Traffic Analysis
Botnet and Bittorrent Traffic Analysis
Detect and visualize connections of potentially compromised hosts on your network which are sharing files via bittorrent. Using Threatlist information with Tenable SecurityCenter and the Tenable 3-D Tool you can detect, identify, and visualize the hosts and connections.
2:53
USGCB Windows 7 Auditing
USGCB Windows 7 Auditing
A video demonstration of performing configuration audits using Tenable Nessus and SecurityCenter. In this demonstration a United States Government Configuration Baseline (USGCB) audit of a Windows 7 system is performed and automated reporting is configured for the audit.
6:16
Enterprise Attack Path Analysis
Enterprise Attack Path Analysis
This video shows how vulnerability detection and trust relationship analysis can be used to predict attack paths against servers and clients.
3:16
SecurityCenter Live Demo
SecurityCenter Live Demo
Tenable Network Security's Paul Crutchfield demonstrates SecurityCenter 4.2, Tenable's Unified Security Monitoring solution, at the Gartner Security and Risk Management Summit. For more details, or to set up a demo, please visit www.tenable.com
37:23
Introduction To Using The Nessus Vulnerability Scanner
Introduction To Using The Nessus Vulnerability Scanner
This video shows you how-to get started using the Nessus vulnerability scanner, including: Where to download Nessus Introduction to policies, scans, and reports Performing an asset discovery scan Running a network-based vulnerability scan Configuring a patch uditing scan Performing a configuration audit Detecting sensitive data (SSN & credit cards) Running web application tests Reporting & filtering Risk analysis and compliance (PCI DSS)
3:07
Passive Detection of Apple and Android Devices and Vulnerabilities
Passive Detection of Apple and Android Devices and Vulnerabilities
This video shows how continuous network monitoring with Tenable's Passive Vulnerability Scanner can be used to identify mobile devices and security issues with them.
5:04
Tenable Enterprise Product Demos
Tenable Enterprise Product Demos
Short video on using Tenable SecurityCenter 4 to manage Passive Vulnerability Scanner (PVS) and Log Correlation Engine (LCE)
46:04
SOURCE Boston 2009: Maximizing ROI on Vulnerability Management
SOURCE Boston 2009: Maximizing ROI on Vulnerability Management
Speaker: Carole Fennelly, Tenable Network Security Lots of organizations have a vulnerability management program. After all, compliance standards such as ISO 27001 require it. So, we can all rest assured that deploying SIMs and sticking an official sounding title on a former network engineer should take care of that little checkmark, right? Well, of course not. Many organizations go through the expense of establishing a formal vulnerability management program, considering it a cost of doing business. What if you could have a vulnerability management program that actually is effective *and* saves money?! This presentation describes how to plan and tune your vulnerability management program to maximize the return on your investment. For more information visit: bit.ly To download the video visit: bit.ly
