Tag Archives: Tenable

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

Leave a reply

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine. If you use Vulners.com vulnerability search engine, you probably know that it has a real “Time Machine”.

Vulners Time Machine cases

Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI:

Vulners Time Machine

In most cases, the vendor just corrects typos or adds more details. But sometimes the message can change significantly.

CERT.org

CERT.org Meltdown and Spectre

For example, in a case of latest Meltdown and Spectre vulnerability. Initial cert.org VU:584653 recommendation was “Replace CPU hardware”. 🙂

Continue reading

New Nessus 7 Professional and the end of cost-effective Vulnerability Management (as we knew it)

29 Replies

New Nessus 7 Professional and the end of cost-effective Vulnerability Management (as we knew it). It’s an epic and really sad news. 🙁

Nessus 7 release

When people asked me about the cost-effective solution for Vulnerability Management I usually answered: “Nessus Professional with some additional automation through Nessus API”.

With just a couple of Nessus Professional scanning nodes it was possible to scan all the infrastructure and network perimeter (see “Vulnerability Management for Network Perimeter“). Price for each node was fixed and reasonable. And you could make your any reports from the raw scan data, as you like it.

Nessus Pro was still were best choice even when Tenable:

  • Cut off master/slave functionality in Nessus and created “Nessus Manager”.
  • Changed API completely during the update from 5 to 6 version.
  • Gradually increased the price from $1,5k to $2,7k per scanning node per year.

But unfortunately it’s not anymore. End of an era.

And what is even more sad is that Tenable does not mention disabling the API and multi-user function in the main Nessus 7 marketing, as it never was, as if it’s not very important. Just look at “Announcing Nessus Professional v7” – not a word  about “API” or users. Only in additional link:

get more information Nessus7

Only there, in the text (not a video) there is an information about removed features.

The nice little things like “Easily transferable license” and “Emailed scan reports and custom report name / logo” do not make it any better.

So, what next?

Continue reading

Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit)

4 Replies

Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit). After the latest Bad Rabbit ransomware attack all Top VM vendors Qualys, Tenable, Rapid7 wrote blog posts on this topic on the same day. Two days later Tripwire also published own  review. Why do they care? They do not make antiviruses, endpoint protection or firewalls – the common tools against this kind of threats. So, what’s the point?

VM vendors BadRabbit

Well, they do it is obviously to promote their products and services. But how exactly?

Continue reading

Exploitability attributes of Nessus plugins: good, bad and Vulners

5 Replies

Exploitability attributes of Nessus plugins: good, bad and Vulners. Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let’s see how good is the exploit-related data of Tenable Nessus NASL plugins and whether we can do it better.

Nessus exploitability

What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got the following results.

Continue reading

What’s inside Vulners.com database and when were security objects updated last time

Leave a reply

What’s inside Vulners.com database and when were security objects updated last time. As I already wrote earlier, the main advantage of Vulners.com, in my opinion, is openness. An open system allows you to look under the hood, make sure that everything works fine and ask developers uncomfortable questions why there were no updates for a long time for some types of security objects.

You can do this by using the https://vulners.com/api/v3/search/stats/ request, that I already mentioned in “Downloading entire Vulners.com database in 5 minutes

First of all, let’s look at the security objects. This will give us an understanding of Vulners.com basis.

Vulners objects

Continue reading

Carbon Blacking your sensitive data it’s what the agents normally do

Leave a reply

Carbon Blacking your sensitive data it’s what the agents normally do. But usually without such consequences. In this situation with Carbon Black, I am most interested in the actual reasons of all this media noise. From what point business as usual becomes a scandal. Ok, when you see Carbon Black customer’s private files in public access at Virus Total it’s a 100% epic fail. But what about other options.

Carbon Black and DirectDefense Illustration from investigation by DirectDefense 

  1. Agent makes file analysis by himself on user’s host. It’s probably ok. Some paranoid person, like me, may say that it’s possible that data may leak during the update process, like in case of M.E.Doc. But it probably can be detected it in traffic somehow.
  2. Agent sends file to the vendor’s cloud for further analysis in some private multiscanner. Vendor will have copy of your private data. What if this data will leak? Are you sure that vendor will bear responsibility for this?
  3. Agent sends file to vendor’s cloud, vendor than sends it to some third-party for analysis. Are you sure vendors that you use doesn’t do this? How can you investigate this? What will be your next actions if you figure out that they do it without your permission?
  4. Agent sends file to the vendor’s cloud, vendor then sends it to some third-party for analysis, third-party opens access to this file for a wide range of people.

Continue reading

Qualys new look and new products

3 Replies

Qualys new look and new products. As you all know, it’s Black Hat 2017 time. This year Qualys seems to be the main newsmaker among Vulnerability Management vendors. Qualys Team renewed logo and website, updated marketing strategy, presented two new products: CloudView and CertView. I decided to take a look.

New Qualys Logo

Talking about design, I liked the old logo more. I don’t see “Q” here. Mirrored “9” maybe. 🙂 However, I did not like the blue nut of Tenable before and now it looks right and familiar.

Site design was also changed and simplified. I really liked well-structured qualys.com, where and every scan mode (“Cloud Apps”) had it’s own color and icon.

Continue reading