Tag Archives: Tenable

What’s inside Vulners.com database and when were security objects updated last time

As I already wrote earlier, the main advantage of Vulners.com, in my opinion, is openness. An open system allows you to look under the hood, make sure that everything works fine and ask developers uncomfortable questions why there were no updates for a long time for some types of security objects.

You can do this by using the https://vulners.com/api/v3/search/stats/ request, that I already mentioned in “Downloading entire Vulners.com database in 5 minutes

First of all, let’s look at the security objects. This will give us an understanding of Vulners.com basis.

Vulners objects

Continue reading

Carbon Blacking your sensitive data it’s what the agents normally do

But usually without such consequences. In this situation with Carbon Black, I am most interested in the actual reasons of all this media noise. From what point business as usual becomes a scandal. Ok, when you see Carbon Black customer’s private files in public access at Virus Total it’s a 100% epic fail. But what about other options.

Carbon Black and DirectDefense Illustration from investigation by DirectDefense 

  1. Agent makes file analysis by himself on user’s host. It’s probably ok. Some paranoid person, like me, may say that it’s possible that data may leak during the update process, like in case of M.E.Doc. But it probably can be detected it in traffic somehow.
  2. Agent sends file to the vendor’s cloud for further analysis in some private multiscanner. Vendor will have copy of your private data. What if this data will leak? Are you sure that vendor will bear responsibility for this?
  3. Agent sends file to vendor’s cloud, vendor than sends it to some third-party for analysis. Are you sure vendors that you use doesn’t do this? How can you investigate this? What will be your next actions if you figure out that they do it without your permission?
  4. Agent sends file to the vendor’s cloud, vendor then sends it to some third-party for analysis, third-party opens access to this file for a wide range of people.

Continue reading

Qualys new look and new products

As you all know, it’s Black Hat 2017 time. This year Qualys seems to be the main newsmaker among Vulnerability Management vendors. Qualys Team renewed logo and website, updated marketing strategy, presented two new products: CloudView and CertView. I decided to take a look.

New Qualys Logo

Talking about design, I liked the old logo more. I don’t see “Q” here. Mirrored “9” maybe. 🙂 However, I did not like the blue nut of Tenable before and now it looks right and familiar.

Site design was also changed and simplified. I really liked well-structured qualys.com, where and every scan mode (“Cloud Apps”) had it’s own color and icon.

Continue reading

My comments on Forrester’s “Vulnerability Management vendor landscape 2017”

A top consulting company, Forrester Research, recently published report “Vendor Landscape: Vulnerability Management, 2017“. You can read for free by filling a small form on Tenable web site.

Forrester Vendor Landscape: Vulnerability Management, 2017

What’s interesting in this document? First of all, Josh Zelonis and co-authors presented their version of VM products  evolution. It consists of this steps (I have reformulated them a bit for the copyright reasons) :

  1. Initial fear of automated vulnerability assessment tools
  2. Mid-1990s and first productized offerings
  3. Authenticated scanning dramatically improved accuracy of scans
  4. Application scanning (DAST)
  5. Security assessment of software containers and DevOps in general.

As you see, the last one is about containerization. And it is now presented only in Tenable.io/FlawCheck. 😉

Continue reading

CISO Forum 2017

Last week I have attended CISO Forum 2017 in Moscow.

CISO FORUM 2017: Austere weekdays of CISO

I was talking there about “Vulnerability Quadrants: automated hot topic detection in public vulnerability (CVE) flow“. Today I want to share my impressions about the forum itself.

Vulnerability Quadrants: automated hot topic detection in public vulnerability (CVE)

To be short, I liked it very much. Both exhibition and presentations.

Continue reading