This month we talked to Tenable’s director of research product management Ray Carney and Eric Hoffman, director of partnerships and alliances at Greynoise, about the formation of a new research alliance program.Announced in mid October, this is

What is Exposed Externally That You’re Unaware Of, What Can Attackers See - and How to Manage Your Exposure

Oct 3rd, 2022 40m 4s

After we discussed the concept of Exposure Management on our last podcast, this time we welcome back Tenable’s senior principal security advocate Nathan Wenzler to discuss the concept of how you can determine your level of exposure, what has le

Understanding and Achieving Exposure Management

Sep 13th, 2022 35m 21s

The concept of Exposure Management has become more and more prominent in recent months, as users understand how much they are exposed to attack, how they can protect their assets and what it takes to achieve a level of compliance.In this podcas

Reviewing 90 Day Responsible Disclosure Policies in 2022

Aug 24th, 2022 33m

In the field of responsible disclosure, a policy of 90 days to publicly disclose vulnerabilities has been created by industry. This time period should allow the researcher to disclose the vulnerability to the recipient company, giving them time

Unsophisticated Extortion - Reflecting on the LAPSUS$ Group

Jul 29th, 2022 22m 17s

In the first few months of 2022, the LAPSUS$ Group made a major splash in the cybersecurity headlines as it conducted a series of attacks on the likes of Nvidia, Microsoft and Okta. However a few months later, they had disappeared and arrests w

Understanding the Ransomware Ecosystem

Jul 8th, 2022 28m 40s

Beyond the success of its impact, a lucrative criminal ecosystem has been developed for ransomware. This has seen ransomware-as-a-service (RaaS) creating an ecosystem utilizing multiple players, while the concept of double extortion has emerged

BIG-IP and Microsoft Fixes and AWS Hot Patches

May 23rd, 2022 23m 47s

This month we talk to Tenable research manager Scott Caveza about three recent patching stories, where F5 and Microsoft offered fixes in a regular cycle, and how Amazon Web Services released hot patches to repair earlier vulnerabilities in fixe

The State of OT Security, a Year Since Colonial Pipeline

May 13th, 2022 35m 23s

On this edition of the podcast, we look at the conversation around operational technology (OT) and attacks on critical infrastructure, as we mark a year since the Colonial Pipeline incident. We’re joined by Tenable’s VP of operational technolog

Spring4Shell and Patches for VMware and Microsoft

Apr 20th, 2022 31m 34s

This month we take a deep dive into the most recent Java related vulnerability, and ask what the situation was with this, how it got confused with another vulnerability, and how significant it is to the wider threat landscape - or was it just r

Security Research: How to Get the Job, and What to Expect

Mar 28th, 2022 51m 28s

Have you ever sat in the audience at a conference, watched a video of a presentation, or listened to an interview on a podcast or TV, and seen a researcher and thought ‘how do I get to do that?’Tenable now has a wide selection of researchers, c

The Remaining Top Vulnerabilities, and Important Patches

Mar 18th, 2022 23m 41s

This month we look at newly-released, important-rated patches from Microsoft, and a new blog from Tenable’s Security Response Team where more vulnerabilities from 2021 were discussed, and why they did not make the final top five in our Threat L

Renaud Deraison - Nessus, Tenable and His Future

Mar 7th, 2022 29m 19s

This month we talk to Renaud Deraison, outgoing CTO and a co-founder of Tenable, who talks about his time developing Nessus from an open source scanner in 1998 to the development of Tenable over the past 20 years, and what the future looks like

Important Patches and Critical Vulnerabilities - SAP, Cisco and Microsoft

Feb 25th, 2022 20m 41s

This month we look at new patches released by Cisco, Microsoft and SAP, and while there were some very critical vulnerabilities patched, we also saw Microsoft change tact with a significantly reduced patch bundle and with no critical patches re

Black History Month: Pioneers, Hidden Figures and Diversity

Feb 23rd, 2022 25m 16s

As it is Black History Month in North America in February, we talked to the co-chairs of Black@Tenable, the diversity and inclusion group for African-American employees of Tenable, about the recognition of black leaders in technology, efforts t

The Threats, Vulnerabilities, Attacks and Incidents That Made 2021

Jan 31st, 2022 43m 52s

In our first look at the research highlights of 2022, we take a deep dive into Tenable’s 2021 Threat Landscape Retrospective, and look at the incidents, attacks and notable vulnerabilities that made up the past year.We also look at new advisori

Log4J, Fixes For ZoHo and SonicWall and December Microsoft Patches

Dec 22nd, 2021 40m 57s

This month we take a look back at the impact of Log4J and how both the industry and Tenable were able to respond to this major incident that affected so many users globally. There are also fresh fixes from SonicWall and ZoHo for ManageEngine, a

Will the CISA Directive Create a More Secure Government?

Nov 30th, 2021 35m 56s

The recent Binding Operational Directive from CISA will see a number of U.S. government departments receive better instruction on which vulnerabilities need to be patched, and to do so within a six month time frame. On this episode of the Tenab

Common Attacks on Active Directory

Nov 18th, 2021 32m 25s

This time we’re joined by Tenable’s security strategist Sylvain Cortes, as we look at the types of attacks being targeted at Active Directory, how attackers look to get a foothold into enterprise networks by exploiting AD, and what steps you ca

Patches for Apache and VMware, and October Patch Tuesday

Oct 20th, 2021 22m 51s

This month we look at patches from Apache and VMware, an example of very rapid response to a researcher’s findings, and another quiet month from Microsoft’s Patch Tuesday, with guests Claire Tills and Satnam Narang from Tenable's Security Respo

OMIGOD: Critical Vulnerabilities in Atlassian, OMI and Microsoft, and Remote Working Trends

Sep 30th, 2021 1h 6m

This month we review new blogs from Tenable’s Security Response Team on a vulnerability in Atlassian’s Confluence Server, review what made cybersecurity say “OMIGOD” and look at another light load of patches from Microsoft. We also look at new

Hold the Door - VPN Vulnerabilities Unlock Entry to Your Network

Sep 8th, 2021 19m 19s

On this edition of the Research podcast, we talk to Satnam Narang and Claire Tills about the Security Response Team’s recent research blog around SSL VPN vulnerabilities. That blog looked back at how three particular flaws in major VPNs are fre

Light Patches, Router Issues and a Year of Zerologon

Aug 24th, 2021 45m 36s

This month we look at new blogs from Tenable’s security response team, including on a year of Zerologon, vulnerabilities in Microsoft Exchange Servers and Pulse Secure, and a widely spread flaw in wifi routers which could affect thousands of us

Black Hat 2021 and the Return to Conferences

Aug 2nd, 2021 30m 2s

As the first major security conference prepares to take place, Tenable's chief security strategist Nathan Wenzler talks to Dan Raywood about what the conference scene could look like going forward, what people can expect from the experience and

Nightmare, Ransomware, Patches Everywhere

Jul 21st, 2021 43m 54s

In this episode we talk to security researchers Claire Tills and Satnam Narang on a busy month in cybersecurity headlines, from an MSP facing a major ransomware situation, to Microsoft’s attempts to keep up with the PrintNightmare issue, and ev

Back to Reality, Ransomware and Patch Tuesday

Jun 28th, 2021 45m 16s

Welcome back to the Tenable Research Podcast. In this new episode we look back at June’s Microsoft patches, and ask Tenable staff research engineer Satnam Narang what he feels the reasons are for the number of patches generally decreasing both