Tenable podcasts

Satnam starts us off with a veritable parade of vulnerabilities maxing out CVSS severity. Ripple20, PAN OS, BIG-IP, SIGRed, RECON - lots to cover and Satnam breaks it all down for us. As a bit of a palate cleanser, we talk to Tony Huffman and Tyler Coumbes about how Threat Automation works in products.

• Listen:
• 
• 

Show References

• https://www.tenable.com/blog/cve-2020-11896-cve-2020-11897-cve-2020-11901-ripple20-zero-day-vulnerabilities-in-treck-tcpip
• https://www.tenable.com/blog/cve-2020-2021-palo-alto-networks-pan-os-vulnerable-to-critical-authentication-bypass
• https://twitter.com/RyanLNewington/status/1278074919092289537?s=20
• https://www.tenable.com/blog/cve-2017-7391-vulnerability-in-magento-mass-import-magmi-plugin-exploited-in-the-wild
• https://www.tenable.com/blog/cve-2020-5902-critical-vulnerability-in-f5-big-ip-traffic-management-user-interface-tmui
• https://www.tenable.com/blog/cve-2020-6287-critical-vulnerability-in-sap-netweaver-application-server-java-disclosed-recon
• https://www.tenable.com/blog/microsoft-s-july-2020-patch-tuesday-addresses-123-cves-including-wormable-windows-dns-server
• https://www.tenable.com/blog/cve-2020-1350-wormable-remote-code-execution-vulnerability-in-windows-dns-server-sigred
• https://www.tenable.com/blog/tenable-research-discloses-multiple-vulnerabilities-in-plex-media-server

Tenable Research on Medium - https://medium.com/tenable-techblog

Marty Edwards has worked for an ICS asset owner, INL, DHS, ISA and late last year he made the move to a security product vendor, Tenable. This happened at the same time that Tenable acquired Indegy for $78M, indicating they are serious about OT security space. Dale Peterson talks with Marty a bit about his past career and then focus on why he moved to Tenable and what Tenable’s strategy is for the OT space.

• Marty’s impressions on what DHS / CISA / ICS-CERT has done since he left.
• Why Marty even considered working for a cybersecurity company?
• Did the Tenable acquisition of Indegy play a part in his decision?
• Is Tenable.OT rebranded Indegy product or something else?
• What are the plans to integrate the Indegy product into the Tenable.sc (Security Center) system? Is this simply a push of OT to SC? Or will it be bi-directional communication?
• What is Tenable’s commitment to the ICS security space? Given that Tenable and many others, McAfee, Symantec, Mandiant, …, have invested only to pull back in a bad quarter.
• Is Tenable an OT asset management solution? If so, what parts of asset management and how does it interact with the missing parts?
• How do the Tenable products prioritize vulnerabilities discovered in Tenable.OT or Tenable.SC?

Listen Now

Links

• Tenable.ot Product Page
• Subscribe to Dale’s ICS Security: Friday News and Notes

In this episode Bill and Gavin discuss predicting the vulnerabilities that matter most through machine learning and reducing the burden of patching the infrastructure.

• Listen:
• 
• 
•