Join Tenable co-founders Ron Gula and Renaud Deraison, along with Tenable CSO Marcus Ranum and Product Evangelist Paul Asadoorian for a private network security event on November 16, from 8:00 am to 2:00 pm at the Whitehall Hotel in downtown Chicago. Topics we will discuss during this FREE event include:

• Taking Scanning to the Next Level: How Adding Passive Scanning to your Active Scanning Strategy can Change your Insight to the Enterprise
• Advances in the state-of-the-art of SIEM: Adding Policy-Centric Knowledge
• Assessing Web Applications in the Enterprise: Integrating System, Network, Logs and Events
• Breaking Down Security Information Silos for Better Executive Management Reports

Breakfast and Lunch will be provided, and during lunch you will also see a live demonstration of our enterprise solutions as they relate to the themes above.

Space is limited for this event. I hope you can join us for this informative and interesting event! Please RSVP to: rstewart@tenable.com.

I attended the Black Hat Briefings this year after teaching the "Advanced Vulnerability Scanning Using Nessus" course. There were several really great presentations covering a wide range of topics. My only wish is that I could have cloned myself and attended more of the talks! Following is a recap of the presentations I attended:

Don Bailey - War Texting Weaponizing Machine 2 Machine

Several of the presentations this year centered on the topic of embedded systems. This is right up my alley, as I've always had a fascination with embedded computing. Don gave some great examples of embedded systems, including:

We are excited to announce that SANS is partnering with Tenable Network Security to bring you “Advanced Vulnerability Scanning Techniques Using Nessus” as part of the SANS Hosted Series of courses. This class is part of a brand new series of vendor specific classes SANS is offering to compliment your needs for training outside of SANS vendor neutral courses.

Please join Tenable's CEO/CTO Ron Gula, Tenable CRO & creator of Nessus, Renaud Deraison and Tenable CSO Marcus Ranum, and Paul Asadoorian for a Security Showcase on May 17, from 8:30am to 2:00 pm at the New York Marriott East Side, 525 Lexington Ave. at 49th Street in New York City.

Breakfast and lunch will be provided during this half-day FREE event.

Topics covered will include:

• The current status and future development plans for Nessus and Tenable's Unified Security Monitoring products including SecurityCenter, Passive Vulnerability Scanner, and Log Correlation Engine


• “How I Learned to Stop Worrying and Love Regulatory Compliance”


• Advanced Persistent Threat


• Foiling Web Application Attacks

During lunch you will also be given a live demonstration of our enterprise solutions as they relate to the themes above.

Space is limited for this event. We hope you can make it as the showcase is a rare opportunity to receive firsthand insight from four leading experts. RSVP to dmcrae -at- tenable.com or call (410)-872-0555 x 224.

The CCDC 2011

The Collegiate Cyber Defense Competition (CCDC) is always a fantastic and educational event, and this year was no exception. Hundreds of people converged to share ideas, learn how to hack, learn how to defend and talk about security. Below is a brief summary of the happenings at the event:

• The Attackers - Many of the same people as previous years filled the role of the "hackers". They did a great job this year and showed how much they've learned over the years. The big takeaway from the Red Team is sharing. Using a new tool called "Armitage", they were able to share shell access to the Blue Team hosts, proving that sharing truly is caring.
• The Defenders - By design, the Blue teams are put at a disadvantage. This is meant to emulate the real world, where attackers have vast resources and often stay a step ahead. However, the Blue teams were very creative, employing reverse sabotage by leaving pieces of paper around the event with usernames and passwords written on them, which were completely fake.





The Red Team was able to re-configure the Blue Team's phones and leave them messages on the display, a digital "love note" if you will. Phones for the Blue Team were ringing throughout the event, playing random WAV files from a server as well.

Tenable is proud to announce a newly formed partnership with the Univeristy of Maryland's Cybersecurity Center. The partnership will focus on preparing the future security workforce and collaborating on cybersecurity challenges.

"COLLEGE PARK, MD AND COLUMBIA, MD – The University of Maryland (UMD) and Tenable Network Security, the leader in Unified Security Monitoring and creator of the awardwinning Nessus vulnerability scanner, have announced a new partnership to establish collaborative activities in the area of cybersecurity. The partnership will promote cybersecurity education, research and technology development through UMD's newly established Maryland Cybersecurity Center (MC2, or MC-squared). UMD and Tenable plan to leverage one another's resources, knowledge base, and unique perspectives to develop innovative solutions to cybersecurity challenges."

Read the full press release.

Tenable has participated in several security challenges in the past, you can read more about our past experiences at these events here:

• The Mid-Atlantic Regional CCDC 2010 Event - Part I
• The Mid-Atlantic Regional CCDC 2010 Event - Part II
• Cyberdawn - A Diverse Cyber Exercise - Part I
• A Diverse Cyber Exercise - Part II
• NYC InfraGard Capture The Flag Event

Tenable Network Security will be hosting a half-day security and compliance seminar in Atlanta featuring Marcus Ranum, Ron Gula and Renaud Deraison. This is your chance to interact with Tenable executives, get the latest news and perspectives on industry trends, ask questions about Nessus and hear an enterprise case study from a Tenable customer.  

Tenable's technical leaders - Ron Gula, Renaud DeRaison and Marcus Ranum -  have all created market leading and award winning products individually (Nessus, Dragon IDS, Gauntlet Firewall, TIS firewall tool kit) prior to joining forces at Tenable. Tenable's Unified Security Monitoring approach is their combined vision for monitoring and securing enterprise networks.

Tenable CSO, Marcus Ranum

The event is held on the morning of February 22 in Buckhead, Georgia, and lasts half a day with breakfast and lunch provided. If you are interested in registering, please contact Tim Glinka via email at tglinka@tenable.com. 

Tenable CEO Ron Gula will be presenting about real-time compliance monitoring and industry trends at the November 16th ISSA DC chapter meeting. Please RSVP if you plan on attending. Mr. Gula will discuss the current state of  PCI, FDCC and Cyberscope compliance regulations and also speak about how the industry is moving quickly towards continuous monitoring.  

Please join Tenable's own Ron Gula, Renaud Deraison, Marcus Ranum and Paul Asadoorian for a Security Showcase on October 6, from 8:30am to 2:00pm at the New York Marriott East Side, 525 Lexington Ave. at 49th Street in New York City. Breakfast and lunch will be provided during this half-day FREE event.

Topics we will cover include:

During lunch you will also be given a live demonstration of our enterprise solutions as they relate to the themes above.

Contact Donal McRae (dmcrae -at- tenablesecurity.com) to reserve your seat (space is limited for this event). We hope you can make it as the showcase is a rare opportunity to receive firsthand insight from four leading experts.

Tenable Network Security presents a unique opportunity to see three of the industry’s visionary leaders during one free event at the Embarcadero Center in San Francisco. 

Scheduled to present during this half-day event are:

• Renaud Deraison (Creator of Nessus®, Tenable Co-founder and CRO)
• Ron Gula (Creator of the Dragon IDS, Tenable Co-founder and CEO/CTO)
• Marcus J. Ranum (Creator of the proxy firewall, NFR founder and Tenable CSO)

Topics covered will include:

• Nessus overview and future plans
• The advantages of pairing active and passive scanning
• An overview and discussion of current security strategies and new industry trends
• The past, present and future of regulatory compliance
• Tenable Network Security product/solutions overview

Tenable was in attendance for Black Hat 2010 in Las Vegas last week. In addition to having a vendor’s booth, we presented four days of Nessus training, our very own Carole Fennelly organized Hacker Court and we hosted a party at Margaritaville. Below are some pictures and more details on the events:

July hasn’t been hot enough for me and some of the other Tenable staffers, so we will be heading to the desert of Las Vegas in a few weeks to attend Black Hat USA 2010! Since 1997, the Black Hat conference has provided a neutral ground for security researchers, government agencies and information security professionals to integrate their varied perspectives. This will be my ninth year at Black Hat and I’ve always found it to be an intense couple of days meeting up with almost everyone I know in the Infosec field. I’m delighted that Tenable will be represented in the Black Hat Trainings, Black Hat Briefings, Black Hat vendor area and DEF CON this year.

Tenable’s Product Evangelist, Paul Asadoorian, will be teaching two sessions of a brand-new (seriously – we’re still editing it) Advanced Nessus Training Class.

This class is intended for those who are already familiar with Nessus and will cover special techniques and testing situations that you may not be familiar with. There will be a lot of hands-on lab work, assisted by Tenable’s lead Trainer, David Poynter (so that Paul can keep talking, one of his favorite activities). The first session will be held on Saturday and Sunday (July 24 & 25) and the second session on Monday and Tuesday (July 26 & 27). There are still a few seats open in both sessions, but they are filling up fast!

The SANS Penetration Testing Summit was held this year at the Hyatt Baltimore in Baltimore, MD on June 14 - 15 and was focused on “What Works in Penetration Testing".

The event was held just across from Camden Yards, home of the Baltimore Orioles.

Tips For Penetration Testers

I participated in a panel discussion with Joshua Wright, Vincent Liu and Joshua Abrams titled, "Most Effective New Technique You've Applied in the Past 12 Months". We started by having each of us share two fun, new or interesting penetration testing techniques that we've applied in the past year. It was a great discussion, covering topics such as wireless, vulnerability assessments and what tools to get started with.

I shared a story with the audience about lock picking. The story details the travels of my friend (let's call him "Bob") who was put into a situation where he had to pick a lock. Bob did not have his lock-picking set and was forced to use more crude tools. In the end, Bob ended up prying off the entire doorknob with even more rudimentary and crude tools. I then circled back around to the lessons learned and how they apply to both lock picking and penetration testing:

I invite you to join Renaud Deraison, author of Nessus and co-founder of Tenable Network Security for a free webinar. Unlike most of our other webinars, this one will be presented in French! There will be a several topics presented. One topic is "À la carte", that includes what's new in SecurityCenter 4 and how to use it to detect vulnerabilities, missing patches, intrusion events, and network anomalies. In another topic, Renaud will describe how to give attackers the "Coup de grâce" whether you are an auditor, risk analyst, monitoring compliance, security analyst or even an executive in Information Technology.

Date: June 15, 2010

Time: 10:30 AM EST

Link: https://www1.gotomeeting.com/register/935408993

Two weeks ago, several Tenable colleagues and I traveled to Boston to attend and speak at the SOURCE conference. The SOURCE conferences, founded by Stacy Thayer, are small in size but big on content. Since the conference is fairly intimate (this year’s had approximately 250 attendees), I had the chance to talk to many people in the hallways about security, attend some great talks and deliver a presentation on the state of embedded systems security.

SOURCE continues to be a great conference held in Boston, Massachusetts and Barcelona, Spain. It has a great atmosphere, the caliber of people in information security who attend are top notch and the presentations are great. Tenable submitted three presentations to SOURCE that were all well received and are described below:

Tenable is again returning to the SOURCE Boston conference, held at the Seaport Hotel from April 21-23. This year Tenable will be delivering three presentations: Tenable CEO Ron Gula will be presenting a talk titled “How to Detect Penetration Testers” on Wednesday from 10:00am to 10:50 am; Carole Fennelly and Kelly Todd will be participating in the Vulnerability Management panel on Thursday from 10:00 to 10:50; and Paul Asadoorian will be presenting a talk titled “Embedded System Hacking and My Plot to Take Over the World” from 2:00 to 2:50 on Thursday. This blog provides a brief overview of these presentations.

Ron Gula’s talk, “How to Detect Penetration Testers” describes methods of detecting authorized penetration testers from a variety of technical and political aspects. Very often audit organizations feel the need to run a “surprise” audit on one of their divisions. This is intended to see how the target organization reacts to an unannounced penetration attempt, but very often results in disrupted production services and a lot of political finger pointing. This presentation provides tips and insights to make better use of firewall logs, netflow data and systems logs both to protect from situations that will embarrass the security program as well as protect resources from the real intruders.

Tenable CEO Ron Gula will discuss how different types of vulnerability metrics can be used to understand how they impact your network security. Topics include trending vulnerabilities, considering vulnerability ages, comparing patch audits vs. uncredentialed scans, how often scans should be conducted, risk scoring systems and much more. Webinar attendees will learn many different ways to visualize and report on a wide variety of vulnerability metrics.

Registration URL :
https://www1.gotomeeting.com/register/463747401

Time :
April 28, 2:00 PM EST

Physical Access: RFID Badges

This year's competition debuted an RFID badge hacking system. The Red and Blue teams had separate rooms that were governed by badges and a badge reader. The Red team badges were allowed access only to the Red team room and vice versa for the Blue teams. I really wanted to hack the badge system right out of the gate. There were a couple of motivators involved (including the fact that my friend Larry put the system together), and if we bypassed the RFID reader the Red team would gain physical access to the systems after the Blue teams went home for the night.

Above you can see a successful badge scan using RFIDIOT. Yes, I did a happy dance of joy once I got it working.

Before the competition started I mapped out a plan of attack. Since all of the Red team members were in the same room and I had access to their badges, I planned to scan them and record all of the values. This would give me knowledge of the known values, making any other value a potential Blue team code. Before I could scan the badges, I needed to set up a reader. Larry had a reader for players to use, but I wanted to set up one of my own (besides, I did not trust Larry… what if he defected to a Blue team?). After about two hours of fighting with software library installations, failed dependencies and USB drivers, I finally had a working reader. I was using RFIDIOT to do the reading, which are Python scripts developed by Adam Laurie. While it is a great contribution to the security community, the documentation could have been more comprehensive (if you are looking to contribute to an open source project, here is your chance!). Having little to no experience with RFID, it was a challenge to figure out how to correctly configure my reader and set it up to read our badges, but persistence prevailed and just before the competition started I was reading Red team badges.

How to Score at a Hacking Competition

Over the past weekend I participated in my second CCDC, or Collegiate Cyber Defense Competition.The event put college students in a defending role in five “Blue teams” and "real-world attackers" in the offensive role (pun intended) as the “Red team”. Points are incurred against the Blue teams when their systems become compromised, services are unavailable, or their systems go down. The defending team with the lowest score wins and is sent to a national "cyber exercise" competition. The event hosts a job fair, keynotes by speakers such as Marcus Ranum, a full spectator area and this year hosted two film crews who interviewed players and captured the action. You can watch the videos from last year's CCDC event on their YouTube channel.

At a hacking challenge it can be tough to keep the Red team in line and following the rules. However, the very nature of hacking involves breaking the rules! All of the Red team members did an excellent job of being hackers, and being responsible. While there is no Red team winner, we had some of the highest scoring Red teams in the event's history. You can read more about the Blue team winner and rankings on the CCDC web site.

Hacking challenges have become a bit of a hobby to me in the past few years. I've participated in two previous events and wrote about them here on the Tenable blog. The first was the NYC Capture the Flag event and the second was "Cyberdawn", a diverse cyber exercise. I learn so much by attending these events and participating as a "Red team" member. As the Red team, we set out to compromise systems, run a program that would update a scoring engine, maintain access and disrupt services and operations. It’s a tough balance to maintain; the more aggressive you become on the systems, the more the defending teams notice. Changing a password and locking the teams out incurs points, however they will notice and reset a password. Smart Red team members implant different ways to access the system, such as SSH key trusts and rootkits, to gain a foothold on the systems throughout the competition.

As the Red team captain, I developed a strategy for guiding and organizing the Red team members. We divided into sub-teams and assigned the following roles to each of the members:

Tenable will be participating in a variety of events at this year's RSA show in San Francisco next week. 

We are in booth #956. Renaud Deraison, Paul Asadoorian and I will be attending the show, working the Tenable booth and meeting as many people as we can. 

We will be demonstrating SecurityCenter 4.0 along with Nessus 4.2, the latest Passive Vulnerability Scanner and the Log Correlation Engine. SecurityCenter 4 has many new features that simplify the process of collecting security information about a network and tracking security events in real time. Please stop by to see how easy it is to pivot from analyzing Microsoft patches, to tracking CIS configuration settings, to looking for anomalies in your firewall logs and correlating attacks in one easy to use interface. 

Example SecurityCenter 4 dashboard displaying events and vulnerabilities

Topics discussed will include limitations in conventional anti-virus detection, white/black list analysis of systems and network traffic, the use of anomaly detection, and how system hardening and policy compliance can help prevent infections in the face of zero-day vulnerabilities.

Register: www.gotomeeting.com/547154601 Date: February 25, 1:30 PM EST

I had the chance to see some really good speakers this past weekend at the DOJOCON conference here in Maryland. I also had the opportunity to speak about many different things we can do as users of information security technologies such as firewalls, vulnerability scanners, intrusion detection systems and so on to improve the overall state of network security monitoring. Watch the video here or by clicking on the below link:

Tenable Chief Security Officer Marcus Ranum started the DOJOCON conference with an opening keynote where he detailed the trends our industry has taken and will take for the next few years. Watch Marcus's video here or click the below image:

You can watch all DOJOCON videos at this location.

A Small Conference with a Big Presence

Last week I attended the Louisville Metro Infosec conference that was held at Churchill Downs in Louisville, Kentucky. The sold out event hosted 375 people and 28 sponsors. Although this was a small local event, it had the feel and energy of a much larger conference.

Louisville is the home of the "Louisville Slugger" factory where they still provide the bats for major league baseball players.

Passwords are just so easy to abuse...

It was interesting to see that the top scorer in the game (who went by the handle of "ftp", and coincidentally had 21 scores in the first day of game play!) did not use fancy new exploits, 0day attacks or a wide range of open-source or even commercial tools. He was able to gain access to systems because the teams left default or easily guessable passwords set on some of the Linux servers. He used SSH to login to the systems, then SCP to upload some Python code, that was used to update the scoring engine. From there he was able to maintain access, not by rootkit technology or anything sophisticated, but just hiding in plain sight. The Python script makes a TCP connection to the scoring server and sends a message. It was moved into a file called "/dev/vfat", to make it look like a system file. Next, a shell script was written to call the python script every ten minutes. This file was called "getty" and ran in the background, and was also inserted into the startup scripts to ensure it kept running. The teams never found these processes running and "ftp" won the game, no exploits required.

Hacker "ftp" at work, winning the game using built-in tools such as bash, python and SSH.

Cyber Exercise

Over this past weekend I attended Cyberdawn, a cyber exercise that was hosted by Battlefield High School in Haymarket, Virginia.

Recently, Tenable CSO, Marcus Ranum participated in a Whitehat World webinar with Chris Nickerson, CEO of Lares Consulting. They debated the positive and negative aspects of network penetration testing.

If you are an organization currently running a penetration team, outsourcing a penetration test, or contemplating setting up your own team, this debate will provide you with great deal of insight and information on the subject.

• Watch webinar

On July 21-22, 2009 Renaud and I attended the New York City Infragard CTF event. It was a great experience being able to participate in the games, learn and teach people about security. Below is a breakdown of how the event was organized, including several examples of attack and defense techniques we performed.

Day 1 - The Game

The game is divided into two areas; one for attackers ("Red Cell") and one for defenders ("Blue Cell"). The Blue Cell is further divided into teams, each defending a set of machines that represents a real company. The attackers can use whatever tools they have at their disposal. The defenders must defend everything from mock SCADA systems, VoIP, Microsoft Exchange and web servers running several different web applications. It is a good representation of what a real company may look like, which makes this type of exercise particularly educational.

Tenable CEO, Ron Gula, Tenable CSO, Marcus Ranum and 451 Group Vice President Nick Selby will discuss the recent 451 study which concluded that log management was more valuable to organizations than correlation. The webinar will discuss the 451 research, Mr. Selby will answer questions from Mr. Gula, Mr. Ranum and the webinar attendees, and then Tenable will demonstrate how their Log Correlation Engine can meet the needs of organizations who want to perform both log management and event correlation.

Monday, June 22, 2:00 PM to 3:00 PM EDT

Registration Link: https://www1.gotomeeting.com/register/828303984

The webinar will be recorded and placed online after the event.

Tenable CSO Marcus Ranum gave a talk about the limitations of Cyber Warfare at this month's Dojosec in Columbia, Maryland. A video of his presentation, as well all of the other speakers, is now online at Vimeo.

I was also recently interviewed for Hak5 Episode 503. If you have not heard of Hak5, they have several very high quality shows which cover a wide variety of topics relating to network security, open source, penetration testing, modifying hardware, product demos and more.

If you are at RSA next week, please feel free to come by the Tenable booth which is #2737. We're on the far right side of the exhibit floor. A map and picture of our booth is below:

I'm going to be in our booth a good deal of time, so please come by if you are interested in speaking about Nessus, logging, PCI, intrusion detection, compliance auditing, NBAD and so on. If you want to learn more about Tenable's products and solutions, I can help with that too.

Another ShmooCon has come and gone. Tenable had the opportunity to run our products on the ShmooCon network. We deployed two blades which ran Nessus, the Passive Vulnerability Scanner, the Security Center, the Log Correlation Engine and a few agents for monitoring network traffic. We also placed Snort on one of the blades and ran a set of Sourcefire VRT and Bleeding Threats rules. This blog entry discusses how each component worked and what types of activity was observed.

Deployment

The network was well organized and had well defined VLANs and IP address segmenting for attendee secure and unsecured wireless access, speaker podiums, registration, the hacker arcade, servers providing DNS, DHCP, a 'pf' firewall and so on.

This made it very easy to configure the Security Center with a set of assets that matched the ShmooCon network. Below is a screen shot of an asset summary of all detected vulnerabilities:

At the time we had taken this screen shot, we had not performed any active scans with Nessus, but were monitoring all traffic with the Passive Vulnerabiltiy Scanner. The same blade was also running Snort and the Tenable Network Monitor which logged the start and stop of every network session.

Log and Network Monitoring

This network data was sent to the Log Correlation Engine, along with logs from the DNS server, DHCP servers, the 'pf' firewall and a few others. This allowed us to show normalized and logs correlated logs over any time range such as the following screen shot:

In this screen shot, we're looking at a time graph of all normalized event types for the past 24 hours from approximately 1:00 PM on Friday to 1:00 PM on Saturday of the conference. You can see a few things in this screen shot:

• The "detected-change" events were mostly logs from the Passive Vulnerabiltiy Scanner detecting new hosts, new open ports and so on.
• The surge in "error" events were from a switch that had a few flapping ports.
• There was a spike in "firewall" logs and then nothing. A firewall rule change stopped outbound syslog messages at one point.
• P2P activity was detected by some of the Snort rules and this activity occurred throughout the conference.
• The first real large scan of the network was done by Qualys and you can see a spike occurring in multiple other event streams just after the spike in "scanning" activity.

Something that we monitored closely was what type of correlated events occurred below:

In these screen shots, we're looking for evidence of compromised hosts, such as a host that was attacked and then was used to attack another host. On a normal network, your servers don't normally start attacking each other. However, at ShmooCon, this activity may have been occurring often.

One of the more simpler correlation rules in the Log Correlation Engine is the brute force password guessing script. This rule is simply looking for a number of login failures in a certain period of time. It does differentiate between a single host failing a login across multiple targets as well as one host failing multiple logins against one host.  In the above screen shot on the right, the Qualys scan I mentioned above had attempted several login attempts to a Cisco device.

Active Scanning, Passive Scanning and Found Vulnerabilities

The typical ShmooCon attendee uses Windows and does not patch their version of Firefox. We were able to determine this using the Passive Vulnerabiltiy Scanner. Below is an example screen shot of the detected critical vulnerabilities around 2:00 PM on Saturday:

There are many client side issues found by the Passive Vulnerability Scanner. Not only were there several issues with web and chat clients, you can see that many users run older versions of 'curl', 'ssh' and 'wget'. Security issues in these types of clients are often forgotten to be audited by system administrators.

Another interesting, and non-surprising item, was the detection of people running certain types of scanners and security testing tools:

In a future blog post, we'll investigate the network logs from these hosts and analyze if multiple were using these servers, and what other types of activity was detected.

During the set-up of the network, having the passive scanner online was very valuable. Active scanning was initially prohibited because all traffic was going through a very underpowered firewall. At one point, even the basic network profiling of the Qualys scanner was overloading the firewall and had to be halted.

When we did start active scanning though, as expected, scanning many laptops with firewalls not offering any type of responses proved to be a difficult target. You can configure Nessus scans many different ways to try various techniques to determine if a host is indeed there.

However, with the Security Center and the Passive Vulnerability Scanner, we simply created an asset list of known live wireless devices and had Nessus focus on those. This made our scans, much more effective than trying to scan a full class B for any hosts that might be alive.

Future Posts

There was a lot of very interesting data gathered which we will be using as a topic of future blog posts here to show different types of network and log events. I would also like to thank the ShmooCon staff for letting us participate in the monitoring of their network.

Myself and several Tenable Network Security employees will be attending Shmoocon later this week.  As a conference sponsor, we'll be giving away cool items at our table such as iTunes gift cards and chocolate covered espresso beans. We'll also be working in the labs and will be running all of our products to perform logging, network monitoring and scanning.

If you've never seen Nessus scan a network, or would like to learn how to aggregate passive network data, logs, configuration information and vulnerabilities for enterprise networks, please stop by and chat with us in the lab or at our table.

If you are attending Shmoocon and are interested in learning about oppurtunities to work at Tenable, please seek me out at the conference. We're looking for a variety of research, development and customer support engineers.

John Lampe, a senior security researcher for Tenable Network Security, will be presenting a talk and demonstration about passive network monitoring and web application vulnerability assessments. John's co-presenter for the seminar will be Matt North, formerly from ISS, Spi Dynamics and now with AT&T.

The talk location and date is:

Southern Polytechnic State University, Marietta, GA
Thursday, November 8, 2007, 6:00 PM until 7:20 PM
Building J -102 (campus map)

The talk is open to the public and pre-registration is not required. For more information, please visit SPSU's Center for Information Security web site.

Tenable will be participating in the following events in the next few months. I will be involved with all of these events, and many Tenable folks will also be there too.

CanSec West 2007
April 18-20, 2007 in Vancouver, Canada
Ron Gula will be presenting about using vulnerability data for event correlation.

Lone Star Information Security Forum
May 1-2, 2007 in Dallas Texas
Tenable's Sales team and Ron Gula will be participating.

World Summit on Intrusion Detection
May 8-9, 2007 in Baltimore Maryland
Ron Gula and Marcus Ranum will both be speaking.

2007 Techno Security Conference
June 4-6, 2007 in Myrtle Beach, South Carolina
Ron Gula will be presenting about using vulnerability data for event correlation.

New York Metro Information Security Forum
June 20-21 in New York City
Tenable's Sales team and Ron Gula will be participating. Also from Tenable, Carol Fennelly will present on developing a site security policy  and security strategy.