Siguiendo la actual transformación digital, su superficie de ataque moderna está expandiendo. Aprenda cómo puede ver, medir y comprender el riesgo cibernético en su empresa
Ciber Exposición y Gestión Avanzada de Vulnerabilidades. ¿Considera su estrat...Cristian Garcia G.
Los incidentes acontecidos en el último tiempo, en empresas y organizaciones de distintos rubros y tamaños. Han dejado en evidencia la necesidad de replantear las estrategias de ciberseguridad, re-enfocando la atención y recursos nuevamente hacia los dispositivos de cómputo, pero en un entorno dinámico y bajo continua expansión.
Tenable, empresa líder en detección y gestión de vulnerabilidades, ofrece la mayor cobertura y efectividad para identificar la brecha de ciber exposición de nuestros clientes, permitiéndoles administrar, consistentemente, los esfuerzos tendientes a reducir la probabilidad de ser afectados por ciber ataques.
Lean Analytics for Startups and EnterprisesLean Analytics
Latest Lean Analytics workshop from the Lean Startup Week in San Francisco. Focusing on what metrics matter to both startups and big corporations. Incorporates elements of corporate innovation into the Lean Analytics framework to help bigger companies think through the data that really matters.
Este documento presenta los desafíos de seguridad para cuentas privilegiadas en ambientes de nube y recomienda seis casos de uso para protegerlas. Explica cómo la nube crea nuevos vectores de ataque al permitir cuentas no administradas y credenciales compartidas. Recomienda asegurar consolas de administración, infraestructura, llaves API, herramientas DevOps, flujos de código y cuentas SaaS mediante el aislamiento de sesiones, monitoreo y almacenamiento seguro de credenciales.
Last week, Rippling, raised a $45 million Series A led by Kleiner Perkins. We took an unusual approach in raising our A, starting with the fact that we had no formal Pitch Deck. Instead, the centerpiece of our fundraising materials was an Investor Memo, which laid out our pitch in prose.
Fundraising success is ultimately driven by the business you’re building and the problems you’re solving for customers. The quality of the materials you prepare and tactics you use during the process are a much less important optimization. But we want to share our memo because we think it's a unique fundraising asset that could be useful to other entrepreneurs and could help fundraising proceed more smoothly for both companies and investors.
Security operations centres are made up of several roles and each role benefits from a person with specific skills and competencies. This presentation was presented at Napier University on the 13/11/2019 at their 'Cyber Breakfast'.
The document discusses building a security operations center (SOC) and provides information on why an organization would build a SOC, how to establish the necessary skills and processes, and technology solutions like HP ArcSight that can be used. It describes how HP consultants have experience building SOCs for major companies and can help customers establish an effective SOC to monitor for security events, ensure compliance, and protect the organization. It provides details on how to structure a SOC, including defining roles and processes, implementing a security information and event management (SIEM) system, and establishing performance metrics to improve over time.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
This document provides an overview of Kubernetes and attacking Kubernetes clusters for penetration testers. It begins with introductions to containers, Kubernetes, and setting up a local Kubernetes cluster. It then covers a threat model for Kubernetes and describes an attacker's workflow against a cluster, including discovery, vulnerability testing, exploitation, and persistence. Specific attacks demonstrated include API server authorization testing, discovering exposed etcd and internal services, container escapes, and Helm Tiller privilege escalation. Resources for further learning are also provided.
Ciber Exposición y Gestión Avanzada de Vulnerabilidades. ¿Considera su estrat...Cristian Garcia G.
Los incidentes acontecidos en el último tiempo, en empresas y organizaciones de distintos rubros y tamaños. Han dejado en evidencia la necesidad de replantear las estrategias de ciberseguridad, re-enfocando la atención y recursos nuevamente hacia los dispositivos de cómputo, pero en un entorno dinámico y bajo continua expansión.
Tenable, empresa líder en detección y gestión de vulnerabilidades, ofrece la mayor cobertura y efectividad para identificar la brecha de ciber exposición de nuestros clientes, permitiéndoles administrar, consistentemente, los esfuerzos tendientes a reducir la probabilidad de ser afectados por ciber ataques.
Lean Analytics for Startups and EnterprisesLean Analytics
Latest Lean Analytics workshop from the Lean Startup Week in San Francisco. Focusing on what metrics matter to both startups and big corporations. Incorporates elements of corporate innovation into the Lean Analytics framework to help bigger companies think through the data that really matters.
Este documento presenta los desafíos de seguridad para cuentas privilegiadas en ambientes de nube y recomienda seis casos de uso para protegerlas. Explica cómo la nube crea nuevos vectores de ataque al permitir cuentas no administradas y credenciales compartidas. Recomienda asegurar consolas de administración, infraestructura, llaves API, herramientas DevOps, flujos de código y cuentas SaaS mediante el aislamiento de sesiones, monitoreo y almacenamiento seguro de credenciales.
Last week, Rippling, raised a $45 million Series A led by Kleiner Perkins. We took an unusual approach in raising our A, starting with the fact that we had no formal Pitch Deck. Instead, the centerpiece of our fundraising materials was an Investor Memo, which laid out our pitch in prose.
Fundraising success is ultimately driven by the business you’re building and the problems you’re solving for customers. The quality of the materials you prepare and tactics you use during the process are a much less important optimization. But we want to share our memo because we think it's a unique fundraising asset that could be useful to other entrepreneurs and could help fundraising proceed more smoothly for both companies and investors.
Security operations centres are made up of several roles and each role benefits from a person with specific skills and competencies. This presentation was presented at Napier University on the 13/11/2019 at their 'Cyber Breakfast'.
The document discusses building a security operations center (SOC) and provides information on why an organization would build a SOC, how to establish the necessary skills and processes, and technology solutions like HP ArcSight that can be used. It describes how HP consultants have experience building SOCs for major companies and can help customers establish an effective SOC to monitor for security events, ensure compliance, and protect the organization. It provides details on how to structure a SOC, including defining roles and processes, implementing a security information and event management (SIEM) system, and establishing performance metrics to improve over time.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
This document provides an overview of Kubernetes and attacking Kubernetes clusters for penetration testers. It begins with introductions to containers, Kubernetes, and setting up a local Kubernetes cluster. It then covers a threat model for Kubernetes and describes an attacker's workflow against a cluster, including discovery, vulnerability testing, exploitation, and persistence. Specific attacks demonstrated include API server authorization testing, discovering exposed etcd and internal services, container escapes, and Helm Tiller privilege escalation. Resources for further learning are also provided.
The document discusses DTS's cyber security services across 10 domains including strategy, operations, response, and resilience. It outlines their approach to cyber security challenges facing enterprises and provides examples of solutions around areas like risk management, compliance, security operations centers, incident response, and red/purple teaming. Case studies and contact information is also included.
This document discusses how INFURA aims to reduce friction for developers building applications on Ethereum by providing reliable and scalable access to the blockchain through its infrastructure. It outlines how INFURA offers public endpoints for interacting with Ethereum networks, has a global footprint for low latency access, and supported high traffic events like the Gnosis token sale without issues. The goal of INFURA is to help applications and their users avoid having to directly install blockchain software and deal with challenges of scaling, in order to make decentralized technologies more accessible and help drive further adoption.
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Empower Your Security Practitioners with Elastic SIEMElasticsearch
Learn how Elastic SIEM’s latest capabilities enable interactive exploration and automated analysis — all at the speed and scale your security practitioners need to defend your organization.
See the video: https://www.elastic.co/elasticon/tour/2019/washington-dc/empower-your-security-practitioners-with-elastic-siem
The Diamond Model for Intrusion Analysis - Threat IntelligenceThreatConnect
The Diamond Model provides a systematic framework for characterizing organized cyber threats by modeling intrusions as a series of interconnected events. It represents intrusions as a graph of events (diamonds) connected by their core features of personas, network assets, malware, and tools. This allows analysts to consistently track threats over time, correlate related incidents, and infer adversary capabilities. The model also incorporates meta-features to provide additional context for understanding threats at different levels, from singular events to coordinated campaigns. By grouping similar intrusion patterns into activity groups, the Diamond Model enables identifying adversary infrastructure and techniques to better counter evolving threats.
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
This document provides an overview of threat intelligence and how organizations can build threat intelligence programs. It discusses what threat intelligence is, why organizations should care about it, and how threat intelligence can be used for attack prevention, detection, forensics, and hunting. It also covers threat intelligence technologies, platforms, feeds, sharing approaches, and common challenges organizations may face when developing threat intelligence capabilities. The goal is to help organizations understand threat intelligence and evaluate their own maturity to incorporate these strategies.
Presentation on Lean Analytics at MicroConf 2013. Understanding what metrics are the most value, when, for your type of business.
* What makes a good metric?
* Types of metrics (qualitative vs. quantitative, vanity vs. actionable, etc.)
* Lean Analytics framework
Shared a number of case studies: Airbnb, Buffer, ClearFit, OffceDrop and others.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
This document discusses Biomarker, a startup that aims to connect the dots in health and nutrition by measuring the impact of products and services. It notes that the global wellness industry is worth $3.7 trillion annually. Biomarker plans to leverage digital health technologies like labs, software and hardware to help customers track and discover their health, and help companies validate offerings, target sales and increase customer retention. The startup is initially targeting the $40 billion supplement industry in the US. It has four early customers generating $20k in monthly recurring revenue and a $2 million sales pipeline.
DevSecOps without DevOps is Just SecurityKevin Fealey
The best DevSecOps practices are built alongside strong DevOps practices. However, DevSecOps processes and tooling are often decided within a security silo, rather than by a DevSecOps collective. Security ends up more integrated and efficient than in the past, but the approach is still “bolt-on” and not ultimately streamlined.
Collaboration between security and other DevOps groups around roadmaps and sharing of resources can lead to greater efficiency and innovation, while better supporting the value stream.
This talk will discuss foundational considerations when building a DevSecOps practice. You will learn about the top prerequisites for a successful DevSecOps practice – most of which are provided by groups other than security; and we’ll discuss case studies, both from organizations who have embraced DevOps as a foundation for DevSecOps, and those who haven’t. Attendees will walk away with questions to ask their counterparts in DevOps to understand current DevOps maturity and where security can leverage existing and planned DevOps resources to enable effective DevSecOps.
In this session we’ll leave the need for performance a foregone conclusion and take a whirlwind tour through the complexity of modern Internet architectures. The complexities lead to evil optimization problems and significant challenges troubleshooting production issues to a speedy and successful end.
Starting with the simple facts that you can’t fix what you can’t see and you can’t improve what you can’t measure, we’ll discuss what needs monitoring and why. We’ll talk about unlikely allies in the fight for time and budget to instrument systems, applications and processes for observability.
You’ll leave the session with a better understanding of what it looks like to troubleshoot the storm of a malfunctioning large architecture and some tools and techniques you can use to not be swallowed by the Kraken.
UnitesUs is a cloud-based hiring platform that uses cognitive computing, big data analysis, and predictive algorithms to automatically match prescreened and pre-qualified job applicants to employers based on personality, company culture fit, and qualifications. It develops its own proprietary matching algorithm and offers job seekers free matching to qualified positions across industries based on a one-time questionnaire. For employers, it charges affordable fees to provide automatically graded and listed candidates meeting employers' criteria. The platform aims to streamline and improve the hiring process for both job seekers and employers.
Pitching VC’s? Here’s the deck we used to raise $145MTrevor Shih
We’re excited to announce a new milestone. Rippling has raised $145 million in Series B funding led by Founders Fund. Participants in the round included Greenoaks Capital, Coatue Management, and Bedrock Capital, as well as existing investors including Kleiner Perkins, Initialized Capital, and Y Combinator.
We know there’s never been a more difficult time to run a business, let alone raise venture funding. Feel free to use this deck as a template for your next fundraise.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Search & Rescue and Missing Persons’ investigations often come to a standstill due to lack of information. How can technology change that? Robert Sell will explore the answer. We will hear how crowdsourced OSINT can be successfully used by emergency services and law enforcement, providing lifesaving information to fill the gaps and bring loved ones back to their families.
Robert Sell, OSINT expert and Founder, Trace Labs
The document discusses updates to the MITRE ATT&CK framework since ATT&CKcon 2.0 in 2020. Major updates include the addition of ATT&CK for ICS focusing on industrial control systems, enterprise sub-techniques providing more granular technique details, new platforms covering pre-attack behaviors, network infrastructure, cloud, and containers, and enhanced enterprise data sources. The ATT&CK framework continues to grow and improve based on contributions from a large community of cybersecurity professionals and organizations.
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
El evento remoto permitirá medir y gestionar la superficie de ataque de nuestra organización para reducir, con precisión, su nivel de Riesgo Informático por Ciber Exposición, este webex se realizara vía Zoom Tenable el 25 de marzo a las 10:00 hrs.
Debido a la demanda de temas que han surgido de conversaciones, vivencias y/o consultas vía correo electrónico, consideramos que esta reunión remota es de su interés, tanto al nivel personal como profesional
Be Aware Webinar - Como symantec puede ayudar cuando existe una brecha de se...Symantec LATAM
Como symantec puede ayudar cuando existe una brecha de seguridad
Be Aware Webinar - Siga la programacion en nuestra página de Facebook
31. january 20th 2016
The document discusses DTS's cyber security services across 10 domains including strategy, operations, response, and resilience. It outlines their approach to cyber security challenges facing enterprises and provides examples of solutions around areas like risk management, compliance, security operations centers, incident response, and red/purple teaming. Case studies and contact information is also included.
This document discusses how INFURA aims to reduce friction for developers building applications on Ethereum by providing reliable and scalable access to the blockchain through its infrastructure. It outlines how INFURA offers public endpoints for interacting with Ethereum networks, has a global footprint for low latency access, and supported high traffic events like the Gnosis token sale without issues. The goal of INFURA is to help applications and their users avoid having to directly install blockchain software and deal with challenges of scaling, in order to make decentralized technologies more accessible and help drive further adoption.
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
Empower Your Security Practitioners with Elastic SIEMElasticsearch
Learn how Elastic SIEM’s latest capabilities enable interactive exploration and automated analysis — all at the speed and scale your security practitioners need to defend your organization.
See the video: https://www.elastic.co/elasticon/tour/2019/washington-dc/empower-your-security-practitioners-with-elastic-siem
The Diamond Model for Intrusion Analysis - Threat IntelligenceThreatConnect
The Diamond Model provides a systematic framework for characterizing organized cyber threats by modeling intrusions as a series of interconnected events. It represents intrusions as a graph of events (diamonds) connected by their core features of personas, network assets, malware, and tools. This allows analysts to consistently track threats over time, correlate related incidents, and infer adversary capabilities. The model also incorporates meta-features to provide additional context for understanding threats at different levels, from singular events to coordinated campaigns. By grouping similar intrusion patterns into activity groups, the Diamond Model enables identifying adversary infrastructure and techniques to better counter evolving threats.
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
This document provides an overview of threat intelligence and how organizations can build threat intelligence programs. It discusses what threat intelligence is, why organizations should care about it, and how threat intelligence can be used for attack prevention, detection, forensics, and hunting. It also covers threat intelligence technologies, platforms, feeds, sharing approaches, and common challenges organizations may face when developing threat intelligence capabilities. The goal is to help organizations understand threat intelligence and evaluate their own maturity to incorporate these strategies.
Presentation on Lean Analytics at MicroConf 2013. Understanding what metrics are the most value, when, for your type of business.
* What makes a good metric?
* Types of metrics (qualitative vs. quantitative, vanity vs. actionable, etc.)
* Lean Analytics framework
Shared a number of case studies: Airbnb, Buffer, ClearFit, OffceDrop and others.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
This document discusses Biomarker, a startup that aims to connect the dots in health and nutrition by measuring the impact of products and services. It notes that the global wellness industry is worth $3.7 trillion annually. Biomarker plans to leverage digital health technologies like labs, software and hardware to help customers track and discover their health, and help companies validate offerings, target sales and increase customer retention. The startup is initially targeting the $40 billion supplement industry in the US. It has four early customers generating $20k in monthly recurring revenue and a $2 million sales pipeline.
DevSecOps without DevOps is Just SecurityKevin Fealey
The best DevSecOps practices are built alongside strong DevOps practices. However, DevSecOps processes and tooling are often decided within a security silo, rather than by a DevSecOps collective. Security ends up more integrated and efficient than in the past, but the approach is still “bolt-on” and not ultimately streamlined.
Collaboration between security and other DevOps groups around roadmaps and sharing of resources can lead to greater efficiency and innovation, while better supporting the value stream.
This talk will discuss foundational considerations when building a DevSecOps practice. You will learn about the top prerequisites for a successful DevSecOps practice – most of which are provided by groups other than security; and we’ll discuss case studies, both from organizations who have embraced DevOps as a foundation for DevSecOps, and those who haven’t. Attendees will walk away with questions to ask their counterparts in DevOps to understand current DevOps maturity and where security can leverage existing and planned DevOps resources to enable effective DevSecOps.
In this session we’ll leave the need for performance a foregone conclusion and take a whirlwind tour through the complexity of modern Internet architectures. The complexities lead to evil optimization problems and significant challenges troubleshooting production issues to a speedy and successful end.
Starting with the simple facts that you can’t fix what you can’t see and you can’t improve what you can’t measure, we’ll discuss what needs monitoring and why. We’ll talk about unlikely allies in the fight for time and budget to instrument systems, applications and processes for observability.
You’ll leave the session with a better understanding of what it looks like to troubleshoot the storm of a malfunctioning large architecture and some tools and techniques you can use to not be swallowed by the Kraken.
UnitesUs is a cloud-based hiring platform that uses cognitive computing, big data analysis, and predictive algorithms to automatically match prescreened and pre-qualified job applicants to employers based on personality, company culture fit, and qualifications. It develops its own proprietary matching algorithm and offers job seekers free matching to qualified positions across industries based on a one-time questionnaire. For employers, it charges affordable fees to provide automatically graded and listed candidates meeting employers' criteria. The platform aims to streamline and improve the hiring process for both job seekers and employers.
Pitching VC’s? Here’s the deck we used to raise $145MTrevor Shih
We’re excited to announce a new milestone. Rippling has raised $145 million in Series B funding led by Founders Fund. Participants in the round included Greenoaks Capital, Coatue Management, and Bedrock Capital, as well as existing investors including Kleiner Perkins, Initialized Capital, and Y Combinator.
We know there’s never been a more difficult time to run a business, let alone raise venture funding. Feel free to use this deck as a template for your next fundraise.
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Search & Rescue and Missing Persons’ investigations often come to a standstill due to lack of information. How can technology change that? Robert Sell will explore the answer. We will hear how crowdsourced OSINT can be successfully used by emergency services and law enforcement, providing lifesaving information to fill the gaps and bring loved ones back to their families.
Robert Sell, OSINT expert and Founder, Trace Labs
The document discusses updates to the MITRE ATT&CK framework since ATT&CKcon 2.0 in 2020. Major updates include the addition of ATT&CK for ICS focusing on industrial control systems, enterprise sub-techniques providing more granular technique details, new platforms covering pre-attack behaviors, network infrastructure, cloud, and containers, and enhanced enterprise data sources. The ATT&CK framework continues to grow and improve based on contributions from a large community of cybersecurity professionals and organizations.
This is an update to the Cyber Defense Matrix briefing given at the 2019 RSA Conference. Cybersecurity practitioners can use this to organize vendors, find gaps in security portfolios, understand how to organize security measurements, prioritize investments, minimize business impact, visualize attack surfaces, align other existing frameworks, and gain a fuller understanding of the entire space of cybersecurity.
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
The document describes MITRE's Threat Report Automated Mapper (TRAM) tool, which uses machine learning to automatically map cyber threat reports to MITRE ATT&CK techniques. TRAM aims to streamline the process of analyzing reports and adding information to ATT&CK, though challenges remain around prediction accuracy and identifying new techniques. The document outlines TRAM's development process and discusses balancing automation with human analysis to better integrate cyber threat intelligence into ATT&CK.
El evento remoto permitirá medir y gestionar la superficie de ataque de nuestra organización para reducir, con precisión, su nivel de Riesgo Informático por Ciber Exposición, este webex se realizara vía Zoom Tenable el 25 de marzo a las 10:00 hrs.
Debido a la demanda de temas que han surgido de conversaciones, vivencias y/o consultas vía correo electrónico, consideramos que esta reunión remota es de su interés, tanto al nivel personal como profesional
Be Aware Webinar - Como symantec puede ayudar cuando existe una brecha de se...Symantec LATAM
Como symantec puede ayudar cuando existe una brecha de seguridad
Be Aware Webinar - Siga la programacion en nuestra página de Facebook
31. january 20th 2016
Disponible, Controlado, Protegido y Flexible (2006)Gabriel Marcos
El documento presenta las claves para gestionar un sistema de seguridad que sea disponible, controlado, protegido y flexible. Explica que la seguridad debe entenderse de forma amplia, abarcando todos los aspectos desde las redes hasta los procesos y usuarios. También debe ser dinámico para responder a cambios. Luego, detalla preguntas clave relacionadas a cada uno de estos atributos y por qué son importantes para lograr un sistema de seguridad efectivo.
Claves para Gerenciar Seguridad y Minimizar Los Riesgos (2005)Gabriel Marcos
El documento presenta varios puntos clave para gerenciar la seguridad y minimizar riesgos en una organización. Recomienda definir políticas de seguridad únicas, crear un comité de seguridad e implementar la figura de un CISO. También enfatiza la importancia de la comunicación, asignar un presupuesto adecuado y pensar en la seguridad para garantizar la disponibilidad de los servicios. Finalmente, sugiere dimensionar correctamente el perímetro de seguridad teniendo en cuenta que hoy no existen áreas de confianza en
El documento describe la importancia de la concientización de usuarios para mejorar la seguridad de la información en la nube. Explica que los controles técnicos no son suficientes y que los usuarios son una vulnerabilidad clave. Propone desarrollar un plan de concientización anual con objetivos, capacitaciones, evaluaciones y métricas para medir la efectividad.
2º Webinar - 3ª Ed. EXIN en Castellano: Luces y Sombras del Cloud ComputingEXIN
El Cloud Computing, Computación en la Nube, Servicios en la Nube o como quiera que lo denominemos, es un nuevo enfoque de hacer las cosas dentro del mundo de la Gestión de los Servicios, un nuevo paradigma, que ha venido para quedarse y que cada día gana más y más adeptos. Sus ventajas para empresas y particulares son innumerables, pero ¿es oro todo lo que reluce?...
Quizá la aproximación más coherente sea: Cloud Computing, rotundamente sí, pero sabiendo dónde nos metemos.
Este documento presenta una introducción a la ciberseguridad básica dirigida a empresas. En primer lugar, introduce al orador, Jordi García Castillón, y explica brevemente los temas que se abordarán. A continuación, se destacan las personas como el principal factor de riesgo en ciberseguridad debido a errores humanos. Por último, se mencionan algunas de las principales amenazas como la introducción de malware y la interceptación de comunicaciones, y se proponen medidas como mantener todo actualizado y controlar el espacio radioeléctric
Este documento presenta información sobre dos expertos en DevSecOps, Luciano Moreira y Christian Ibiri, destacando sus credenciales y experiencia. También introduce el marco CALMS para la adopción de DevSecOps, explicando que cada letra representa un área clave como cultura, automatización, LeanIT, medición y compartir. Finalmente, discute cómo cada elemento de CALMS, especialmente cultura, automatización y LeanIT, son importantes para implementar con éxito DevSecOps.
1. El documento describe a ISACA, una asociación sin fines de lucro dedicada a la auditoría de sistemas de información, seguridad de la información, gobierno y gestión de riesgos de TI. Ofrece certificaciones, investigación, educación y una comunidad global de más de 100,000 miembros.
2. También analiza las amenazas cibernéticas avanzadas como los APT y la necesidad de cambiar el enfoque de la seguridad hacia la detección temprana y respuesta rápida ante incidentes, en lugar de sólo la pre
Hoy las amenazas a la seguridad de sus datos y los ciberataques sofisticados no le dan respiro a las organizaciones. Los enfoques de seguridad tradicional ya no están a la altura de los desafíos actuales. Las nuevas tecnologías introducen nuevos riesgos, de hecho, los negocios están adoptando tecnologías de cloud y mobile a ritmos acelerados. ¿Cómo anticiparse y prevenir amenazas en su organización?
Este documento describe una nueva plataforma de remediación automática de vulnerabilidades llamada TOPIA. TOPIA puede analizar aplicaciones y sistemas operativos en busca de vulnerabilidades, priorizar los riesgos identificados en función del contexto organizacional, y recomendar acciones para mitigar las vulnerabilidades. La plataforma ofrece visibilidad continua de riesgos, parchea donde es más importante, protege sin parches cuando no hay disponibles, e incrementa la productividad eliminando puntos ciegos en los flujos de trabajo de seguridad y TI
La OWASP (Open Web Application Security Project) es una organización sin fines de lucro dedicada a mejorar la seguridad de las aplicaciones web. Ofrece publicaciones, herramientas de código abierto y capítulos locales para ayudar a desarrolladores, auditores y otros profesionales de seguridad. El documento introduce la OWASP, sus objetivos de promover las mejores prácticas de seguridad y algunos de sus proyectos y publicaciones más importantes.
Be Aware Webinar - Maximice su inversión en nuestras soluciones de seguridadSymantec LATAM
Be Aware Webinar - Maximice su inversión en nuestras soluciones de seguridad
18thNov 2015
DESPÚES DE LA IMPLEMENTACIÓN, ¿CÓMO GARANTIZAS QUE ESTÁS SACANDO EL MEJOR PROVECHO DE TU SOLUCIÓN Y DE LA INVERSIÓN?
El documento describe cómo RSA puede ayudar con la transformación digital al abordar los riesgos digitales asociados. Explica que la transformación digital aumenta los riesgos cibernéticos como ataques más sofisticados y una mayor superficie de ataque. RSA ofrece una variedad de soluciones de seguridad como RSA Archer, RSA NetWitness y RSA Fraud and Risk Intelligence Suite para gestionar estos riesgos de manera integral.
Modulo i introducción curso seguridad 2010guestf02120
Este documento presenta un curso de metodología de testeo de seguridad. El objetivo del curso es capacitar profesionales en seguridad informática mediante la comprensión de una metodología de análisis de riesgo tecnológico. Los alumnos aprenderán sobre amenazas y vulnerabilidades de redes de información, y cómo evaluar y seleccionar herramientas y medidas para minimizar riesgos. El curso dura 30 horas y incluye módulos, videos y laboratorios sobre diferentes temas de seguridad como sist
Este documento describe la solución Panda Adaptive Defense 360 de seguridad de endpoints. Combina tecnologías de prevención tradicionales con tecnologías avanzadas como EDR y machine learning para automatizar la prevención, detección y respuesta contra amenazas. Se entrega como un servicio gestionado desde la nube para reducir costes y carga de trabajo.
Este documento presenta la seguridad como un servicio gestionado. Discutió los desafíos de seguridad actuales como el aumento de malware y la necesidad de soluciones de seguridad globales y sencillas de administrar. Explicó cómo una solución de seguridad como servicio puede proporcionar protección antimalware, firewall, HIPS y auditoría de malware para empresas de diferentes tamaños y ubicaciones a través de una suscripción basada en la web.
Similar a Cyber Exposure - Categoría Moderna de Gestión (20)
The document discusses how F5 has evolved its platform over time to address the growing complexity of securing and delivering applications across multiple cloud and on-premises environments. It outlines F5's new Distributed Cloud Services platform, which aims to provide a single solution for application delivery, security, connectivity, and visibility across any environment. The platform promises to greatly simplify operations and reduce costs compared to managing discrete point products from multiple vendors. F5 believes this platform will make securing and delivering applications "ridiculously easy" for customers.
El documento describe cómo la ciberseguridad debe estar alineada con el negocio de los clientes al aportar valor a los procesos de negocio y proteger los activos críticos. Explica que anteriormente la seguridad se veía como un gasto pero ahora el responsable del negocio la ve como una inversión. También destaca la importancia de conocer el negocio y los activos para generar una estrategia de ciberseguridad, e identifica algunos pasos como identificar procesos críticos y recursos de TI.
Recorreremos rápidamente el contexto de la ciberseguridad desde la visión de un CISO y sus desafíos para proponer como podemos resolverlos con distintas estrategias y tecnologías ayudando a reducir el riesgo de nuestras organizaciones
Operación Segura : SOC y alineación del riesgo con el impacto para el negocio. Cristian Garcia G.
Las operaciones de Seguridad se han vuelto más comunes entre empresas de todo tipo que han identificado el impacto de las amenazas para su negocio, gracias a las soluciones SaaS, analítica y modelos MSSP flexibles y competitivos. Aún así, la posibilidad de tener de un solo vistazo un análisis situacional enfocado en el riesgo todavía es un deseable, las empresas y sus equipos de cyber requieren identificar ameneazas reales, riesgo medible y eso se hace posible por medio de la filosofía de Netenerich para Observar todo, Determinar que es lo que importa entendiendo lo que está pasando y actuar con un rápido contexto. Pasando de SOC – Operaciones de Seguridad al concepto de Operación Segura donde incluimos tanto operación Digital así como Operaciones de Seguridad.
2023 es el año de la irrupción generalizada de la Inteligencia Artificial, y las empresas y los usuarios se están beneficiando de ellas; sin embargo los atacantes también lo hacen y aprovechan generando ataques cada vez más sofisticados, que impactan una superficie de ataque extendida en muchos vectores. Cómo entender la ciberseguridad en esta realidad y prevenir los ataques para evitar su impacto en nuestras vidas
Symantec Enterprise Cloud ofrece seguridad híbrida centrada en los datos para las organizaciones más grandes y complejas del mundo, en dispositivos, centros de datos privados y en la nube.
Nuestra solución ofrece:
• Cumplimiento coherente: aplica y gestiona los controles de cumplimiento de forma coherente en toda la infraestructura.
• Trabajo remoto seguro: protege los activos empresariales críticos dondequiera que vivan y desde donde sea que se acceda a ellos.
• Protección de datos y amenazas en todas partes: inteligencia global y unificada en los puntos de control para detectar, bloquear y remediar ataques dirigidos.
Optimización en la detección de amenazas utilizando analítica (IA/UEBA)Cristian Garcia G.
Abordaje de los principales retos en la consolidación, detección y erradicación de amenazas en las organizaciones, y como la aplicación de tecnologías de vanguardia (IA) permiten una operación más efectiva.
La nueva realidad del teletrabajo y la adopción masiva de aplicaciones de nube suponen un incremento en los riesgos de fuga de información así como desafíos importantes en la protección de los usuarios remotos. En la charla veremos cómo Netskope puede apoyar a las organizaciones en la mitigación de dichos riesgos y cuáles son algunas de las técnicas que pueden implementarse.
La Ciberseguridad como pilar fundamental del Desarrollo TecnológicoCristian Garcia G.
El desarrollo tecnológico requiere condiciones saludables de ciberseguridad para avanzar. Desde aquí, los desafíos de ciberseguridad se alinean con las necesidades del negocio de manera armónica.
Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...Cristian Garcia G.
El documento describe las etapas de un viaje a la nube, incluyendo la investigación de proveedores de servicios en la nube, la construcción de una estrategia de nube, la implementación inicial de desarrollo híbrido parcial, la adopción de producción híbrida completa y el uso de múltiples proveedores de servicios en la nube públicos.
La superficie de ataque ha venido cambiando con mayor intensidad en los últimos años y a este dinamismo se suma la interconexión entre los distintos activos que componen dicha superficie, en ese sentido se hace imprescindible evaluar no sólo los activos sino las relaciones entre estos activos para predecir los posibles riesgos sobre todo en partes críticas para el negocio.
Cómo la gestión de privilegios puede blindar su negocio contra ransomware y o...Cristian Garcia G.
Los ciberdelincuentes han demostrado que siguen encontrando lagunas para llevar a cabo sus ataques de ransomware. Y uno de los recursos clave de que necesitan para tener éxito es el privilegio. Eliminar el privilegio de la ecuación es parte fundamental de la estrategia para proteger a las empresas de ataques que pueden causar daños masivos.
Un enfoque práctico para implementar confianza cero en el trabajo híbridoCristian Garcia G.
La Confianza Cero o Zero Trust se ha convertido en un modelo de seguridad dominante para abordar los cambios provocados por la movilidad, la consumerización de TI y las aplicaciones en la nube. En esta charla presentaremos un enfoque práctico en cinco fases para implementar Confianza Cero sobre la fuerza laboral que desarrolla sus actividades tanto de forma presencial como remota, de manera que se reduzcan los riesgos que comprenden los usuarios en la organización, sus múltiples dispositivos y sus accesos a las aplicaciones, obteniendo beneficios tangibles en el corto plazo.
Que significa nuestra Identidad Digital en la era actual de la IA para la Ciberseguridad. En los albores de esta nueva era, nos enfrentamos a un nuevo desafío asombroso: los enfoques tradicionales de la identidad están muertos. Esta nueva era exige que nuestro sector responda preguntas fundamentales sobre nuestro papel y capacidad para asegurar la identidad a medida que evoluciona.
Porqué enfocarnos en el DEX (Experiencia Digital del Empleado) - Cómo la tecn...Cristian Garcia G.
En la actualidad, tan solo el 13% de los empleados de todo el mundo está satisfecho con el trabajo a full time, mientras que el resto prefiere trabajar a distancia, bien sea parcial o totalmente.
Esta charla presenta las principales conclusiones de la encuesta que realizó Ivanti, cómo ha repercutido en los responsables de TI y la alta dirección, y cuál ha sido su papel como facilitadores de la DEX. También, explora los motivos que sustentan los retos que las empresas tienen que afrontar.
Stay ahead of the Threats: Automate and Simplify SecOps to revolutionize the SOCCristian Garcia G.
El documento describe la plataforma Cortex XSIAM de Palo Alto Networks, la cual representa la próxima gran transformación en las operaciones de seguridad (SOC). Cortex XSIAM rediseña la arquitectura del SOC para enfocarse en la automatización, unifica las mejores capacidades de detección dentro de una sola plataforma, y extiende la visibilidad del SOC a la nube. El objetivo es empoderar a los analistas de seguridad proporcionando detección, investigación y respuesta automatizadas con el apoyo de analítica de
Modernice sus operaciones de seguridad con gran visibilidad y velocidad a través de:
Un diseño alrededor de la experiencia del analista, del trabajo con las herramientas que ya usa y expandiendo hacia donde quiera avanzar, y de la ganancia de precisión en la obtención de “insights” rápidamente.
El documento presenta información sobre los desafíos tecnológicos y la cobertura de redes de una empresa. Muestra estadísticas sobre el uso de la tecnología a nivel global y la red de fibra óptica e instalaciones de datos de la empresa en varias ciudades de Perú, Chile y Colombia. También describe los esfuerzos de la empresa en innovación abierta a través de eventos y colaboraciones con universidades, startups y capital de riesgo.
Time is Money… and More.- Nuestras Capacidades Regionales de Detección y Resp...Cristian Garcia G.
La exposición a ciber-riesgos crece a gran velocidad y, con cada vez más frecuencia, vemos que adversarios muy sofisticados amenazan a las organizaciones en toda LATAM! Descubra cómo hacerles frente con el apoyo de nuestros servicios especializados de CyberSOC y Respuesta a Incidentes (CSIRT).
KAWARU CONSULTING presenta el projecte amb l'objectiu de permetre als ciutadans realitzar tràmits administratius de manera telemàtica, des de qualsevol lloc i dispositiu, amb seguretat jurídica. Aquesta plataforma redueix els desplaçaments físics i el temps invertit en tràmits, ja que es pot fer tot en línia. A més, proporciona evidències de la correcta realització dels tràmits, garantint-ne la validesa davant d'un jutge si cal. Inicialment concebuda per al Ministeri de Justícia, la plataforma s'ha expandit per adaptar-se a diverses organitzacions i països, oferint una solució flexible i fàcil de desplegar.
Catalogo Refrigeracion Miele Distribuidor Oficial Amado Salvador ValenciaAMADO SALVADOR
Descubre el catálogo general de la gama de productos de refrigeración del fabricante de electrodomésticos Miele, presentado por Amado Salvador distribuidor oficial Miele en Valencia. Como distribuidor oficial de electrodomésticos Miele, Amado Salvador ofrece una amplia selección de refrigeradores, congeladores y soluciones de refrigeración de alta calidad, resistencia y diseño superior de esta marca.
La gama de productos de Miele se caracteriza por su innovación tecnológica y eficiencia energética, garantizando que cada electrodoméstico no solo cumpla con las expectativas, sino que las supere. Los refrigeradores Miele están diseñados para ofrecer un rendimiento óptimo y una conservación perfecta de los alimentos, con características avanzadas como la tecnología de enfriamiento Dynamic Cooling, sistemas de almacenamiento flexible y acabados premium.
En este catálogo, encontrarás detalles sobre los distintos modelos de refrigeradores y congeladores Miele, incluyendo sus especificaciones técnicas, características destacadas y beneficios para el usuario. Amado Salvador, como distribuidor oficial de electrodomésticos Miele, garantiza que todos los productos cumplen con los más altos estándares de calidad y durabilidad.
Explora el catálogo completo y encuentra el refrigerador Miele perfecto para tu hogar con Amado Salvador, el distribuidor oficial de electrodomésticos Miele.
SOPRA STERIA presenta una aplicació destinada a persones amb discapacitat intel·lectual que busca millorar la seva integració laboral i digital. Permet crear currículums de manera senzilla i intuitiva, facilitant així la seva participació en el mercat laboral i la seva independència econòmica. Aquesta iniciativa no només aborda la bretxa digital, sinó que també contribueix a reduir la desigualtat proporcionant eines accessibles i inclusives. A més, "inCV" està alineat amb els Objectius de Desenvolupament Sostenible de l'Agenda 2030, especialment els relacionats amb el treball decent i la reducció de desigualtats.
para programadores y desarrolladores de inteligencia artificial y machine learning, como se automatiza una cadena de valor o cadena de valor gracias a la teoría por Manuel Diaz @manuelmakemoney
La inteligencia artificial sigue evolucionando rápidamente, prometiendo transformar múltiples aspectos de la sociedad mientras plantea importantes cuestiones que requieren una cuidadosa consideración y regulación.
Second Life, informe de actividad del maestro Tapia
Cyber Exposure - Categoría Moderna de Gestión
1. Cyber Exposure
Categoría Moderna de Gestión
Meriane Moreira Moisés Acevedo
TM Comercial, Sur América Regional Channel SE, LATAM
mmoreira@tenable.com macevedo@tenable.com
1
2. Adopción Global “Viral” del scanner Nessus
2Utilizado en mas de 140 países Alrededor Del Mundo
3. Tenable
• Fundado en el año 2002
• Logro una adopción viral y generalizada de
Nessus
• Proveemos Tenable.io desde el 2017 para
introducir la primera plataforma en “Cyber
Exposure” y evolucionar la gestión del riesgo
digital
• Es de incesante innovación: "Tenable tiene
un valor de marca [masivo] con Nessus, pero
[es] una de las compañías más avanzadas en
VM". Forrester, 2017
100%
Top 10 US Tech
Companies
50%
Fortune 500
80%
Top 10 US
Financial
Institutions
1000+
Empleados
1.6M
Usuarios
Globales
25,000+
Clientes
4. Abril 2011
Patente
Passive
Vulnerability
Management
Innovación Implacable para Clientes
2013
10m de
Descargas
Octubre 2011
DoD Assured Compliance
Assessment Solution
(ACAS)
Agosto 2012
SecurityCenter
Continuous View
Abril 2015
Nessus Agent
Julio 2004
Tenable PVS y
LCE liberados
4
Productos
Julio 2010
Patente
“Continuous
Monitoring”
Oct 2012
Patente
User Tracking
Mayo 2013
Patente
Credential-less
Network
Scanning
Diciembre 2006
Primeros
chequeos
SCADA
liberados
Mayo 2008
Anuncio
Subscripciones
Professional y
Home / Nessus
Noviembre 2009
Nessus nombrado
como “uno de los
productos de
seguridad de los
últimos 20 años”
Diciembre 2010
Nessus Perimeter
Cloud Service
Enero 2003
Nessus 2.0
Open-source
2007 2008 2009 2010 2011 2012 20132005 2006200420032002 2014 2015 2016 2017
Enero 2003
SecurityCenter
Enero 2005
Nessus 3.0
Comercial y Código
Protegido
Abril 2017
Tenable.io
Febrero
2015
Nessus Cloud
y Manager
Julio 2017
Tenable.io
WebApp y
Container Security
Feb 2015
Industrial
Security
Agosto 2007
Apoyo a IPv6
Nessus y PVS
Febrero
2014
Detección de
Malware
Añadido
5. La superficie de ataque esta en expansión
5
Servidores Escritorios Infra de
Comunicaciones
ICS/SCADAIoT Industrial
Apps de
Web
Móvil Portable
s
IoT Empresarial
Maquinas
Virtuales
Nube Contenedores
TI
Cloud
IoT
6. Surge una brecha, el Cyber Exposure “Gap”
6
Servidores Escritorios Infra de
Comunicaciones
ICS/SCADA
Apps de
Web
Móvil Portable
s
IoT Empresarial
Maquinas
Virtuales
Nube Contenedores
TI
Cloud
IoT
IoT Industrial
7. Medir y manejar su superficie de ataque
moderna, y efectivamente entender y
reducir el riesgo digital.
Cyber Exposure
Es una disciplina emergente para:
7
8. Las cuatro preguntas claves
8
?
¿Donde estamos
expuestos?
¿Donde
deberíamos
priorizar basados
en el riesgo?
?
¿Cómo estamos
reduciendo nuestra
exposición en el
tiempo?
?
9. Cyber Exposure: Complementa la Gestión de
Vulnerabilidades
9
Lograr “ver” mas
“Hacer”Mas
Cyber Exposure
Visibilidad Abarcadora:
Cualquier activo, en cualquier
plataforma de computación
Gestión de Vulnerabilidades
Activos de TI Tradicionales
Métricas técnicas
Cyber Exposure
Profundidad de inteligencia:
Priorización, benchmarking,
decisión apoyo
Cyber
Exposure
10. Evaluar
AnalizarRemediar
Medir
Apoyando el ciclo de vida completo del Cyber Exposure
10
IoT
OT Nube
TI
Descubrir
Identificar y mapear todo activo para visibilidad
en cualquier ambiente computacional
Entender la condición de todos los
activos incluyendo vulnerabilidad,
mala configuración, y otros
factores de salud operacional
Entender exposición en contexto,
priorizar remediación basado en la
criticidad del activo, contexto de la
amenaza y severidad de la
vulnerabilidad
Modele y analice el riesgo digital
para tomar mejores decisiones de
negocio y de tecnología
Priorice cual exposición arreglar
primero, si es posible, y aplicar la
técnica de mitigación apropiada
11. Tenable.io: primera plataforma para el “Cyber Exposure”
Servicios de Plataforma e Integración
Gestión de
Vulnerabilidad
Escaneo de
Aplicaciones Web
Seguridad en
Contenedores
Scanner
Nessus
Nessus
Agent
Nessus
Network
Monitor
Registro
de
Imágenes
Visibilidad Completa
Sobre todo Activo
Priorización y
Orientación
Flexibilidad:
Nube o En-sitio
Ecosistema Tenable
Data de 3ros
Activos
Vulnerabilidades
Amenazas
Ecosistema Tenable
Sistemas de 3ros
CMDB
Sist. Manejo de TI
GRC
Reportes, Dashboards, Priorización
Scanner
Web App
12. Service Desk / Ticketing / Workflow
Endpoint Security
SIEM and Security Analytics
Governance, Risk and Compliance (GRC)
Patch Management
IP Address Management
Network Access Control
CMDB
Partnering for customer success: Example integrations
14
Public Cloud Platform
Network Monitoring
Credential & Privileged Access Management
Mobile Device Management (MDM)
13. 15
Muchas
Gracias!Meriane Moreira Moisés Acevedo
TM Comercial, Sur América Regional Channel SE, LATAM
mmoreira@tenable.com macevedo@tenable.com
Tenable SSA latam-ssa@tenable.com
Notas del editor
I can’t emphasize enough how valuable the Nessus community has been to Tenable and will be in the future.
It has allowed Tenable to cost effectively gain marketshare through this viral sales and marketing engine.
Companies spends 10’s of millions of dollars and can’t make the dent we have with Nessus in the market.
We’re a “fifteen year young” company with the wisdom of experienced security professionals, and the ambition of industry pioneers.
From Nessus to SecurityCenter to Tenable.io, Tenable has defined and re-defined vulnerability management. With Cyber Exposure, we’re raising the bar and innovating even faster than ever – all so we can solve your hardest problems.
We’re honored by the company we keep – including over half of the Fortune 500 and leading organizations in every industry and geography.
Second, innovation is in our DNA.
From a sensor perspective, we didn’t stop innovating the Nessus engine.
Customers would throw out crazy requests and we would do try to meet the requirements - one example of that is that the US Navy wanted to be able to scan ships at sea over a satellite link - we figured out how to accomplish that.
We also didn’t stop with just Nessus being our only way to collect vulnerability information on networks. We developed technologies and processes that improved the vulnerability management data collection problem. We released a sniffing technology to close the gaps between scans.
Today you know that product as the Nessus Network Monitor. It was released in 2004 - ahead of it’s time - but as you can see became a foundational technology for the discovery of mobile and cloud assets as well as a foundational technology for our Industrial security offerings. We released the Nessus Agent to track the state of mobile assets.
From a platform perspective, we have pushed the envelope every year and challenged the status quo on what a modern Vulnerability Management platform should deliver to an enterprise.
Moved the industry to making every device visible. Moved the industry from periodic to continuous assessments. Moved the industry to intuitive dashboarding to increase time to value.
This is just a sample of the many product and feature enhancements over the last 15 years. All of these are cumulative. Tenable.io benefits from all of the foundational tech bricks that have been laid over the years.
Every security leader wants to answer 4 questions for their CEO or Board:
Where are we exposed?
This means what assets are affected, where, and what is the significance/severity? The changing technology and threat landscape has made this harder to see.
Where should we prioritize based on risk?
Data overload and lack of security staffing have made this more important than ever.
How are we reducing exposure over time?
Security leaders want to understand and report on their progress, and show the value of their investments to senior management.
How do we compare to others – particularly those in our industry?
Security needs to be put into perspective. What is an appropriate level of security for one industry (ex education) might be vastly different from another (ex. financial services). Knowing where one stands amongst peers is crucial in developing budgets and deploying corporate resources.
This is about seeing more and doing more – what is the true state of my environment and how can I effectively secure it?
We’ve talked about vision and direction. Now let’s look at how Tenable is helping organizations like yours today.
With Tenable.io, we introduced a Cyber Exposure platform for any asset on any computing platform. It offers all the benefits of a modern SaaS (cloud) solution, and is also available in on-prem software form.
With Tenable.io, we offer applications for specific business problems: Vulnerability Management, Web App Scanning, Container Security – and more to come.
You can buy any or all of those applications.
These apps leverage the data sensors in the bottom row. And unlike other vendors, we give you unlimited active scanners, agents, and passive network monitoring at no extra cost.
Container security is especially important because containers represent the newest blind spot for many organizations.
Tenable.io assesses container images before they’re deployed into production, and integrates into your container build process and SDLC (software development lifecycle).
We also built a specialized application for web application scanning. It provides superior accuracy and safe scanning of critical web apps.
Tenable.io integrates with many 3rd party solutions to bring data in and send data to other systems, supporting your broader business processes.
It also includes an extensive and well documented API and SDK.
Tenable.io is also the only solution that provides true asset tracking (not IP-based), so you can see the real state of your assets and vulnerabilities.
Across all of your applications and data, we provide reporting, dashboarding and prioritization – so you can see and act with confidence.
Tenable.io even scales to the largest organizations. It was deployed by a Fortune 100 company to over a million assets in 100 days.
I mentioned that only Tenable.io provides support for the full range of assets – from servers and network infrastructure to cloud, containers, web apps, and IoT.
The way it does this is through our unique combination of Nessus vulnerability scanners and data sensors.
Only Tenable offers:
Nessus active scanners – the #1 vulnerability assessment technology in the world – most comprehensive, accurate, and high performing scanner
Agents – for devices that are not always on your networks
Passive network monitoring – for continuous visibility into all assets, and assessment of safety-critical assets that can’t be scanned
Web application scanner – automated application security testing
Container image registry – so you can bring security into the software development lifecycle (SDLC) and support the developer’s workflow
With this breadth of asset coverage, you can finally see any asset on any platform – from IT to Cloud to IoT. Without them, you’re flying blind.
And only Tenable offers this flexibility and power.
In addition to Tenable.io, we offer Nessus which provides single-point-in-time vulnerability scanning, and SecurityCenter which provides vulnerability management for traditional IT assets.
NNM is the same as sold with .io. NNM is extended to include IS plugins when managed by the IS Console. All IT NNM plugins will also continue to operate.
NNM is the same as sold with .io. NNM is extended to include IS plugins when managed by the IS Console. All IT NNM plugins will also continue to operate.