Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 블로그

구독

사이버 보안 스냅샷: Find MITRE ATT&CK Complex? Need Help Mapping to It? There’s an App for That!

사이버 보안 스냅샷: Find MITRE ATT&CK Complex? Need Help Mapping to It? There’s an app for that!

Learn about a new tool that streamlines MITRE ATT&CK mapping. Plus, known vulnerabilities remain a major cyber risk – just ask LastPass. Also, discover why SaaS data protection remains difficult. Plus, a look at the U.S. National Cybersecurity Strategy. And much more!

Dive into six things that are top of mind for the week ending March 10.

1 - Struggling with the MITRE ATT&CK framework? New CISA ‘Decider’ tool aims to help

Do you use MITRE ATT&CK to help you better detect and respond to cyberattacks? If so, you might want to check out a new tool designed to help cyber teams map adversary behavior to this popular framework.

The free tool is a web app called Decider that organizations must host themselves. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) created it in partnership with the Homeland Security Systems Engineering and Development Institute (HSSEDI) and MITRE. 

New tool streamlines MITRE ATT&CK framework use

(Source: CISA, March 2023)

Decider is intended to help network defenders, threat intelligence analysts and security researchers use the MITRE ATT&CK framework more efficiently and effectively, and thus understand attacker actions faster and more precisely, according to CISA. 

“Decider helps make mapping quick and accurate through guided questions, a powerful search and filter function, and a cart functionality that lets users export results to commonly used formats,” reads CISA’s announcement.

In a companion blog, Bonnie Limmer, CISA’s chief of production at the Joint Cyber Defense Collaborative, explained that many MITRE ATT&CK users experience difficulty mapping adversary behavior to the framework. Thus, Decider was built to be easy to use and understand “with minimal technical language.”

To get more details, check out the Decider fact sheet and this explainer video.

For more information about MITRE ATT&CK:

VIDEOS

MITRE ATT&CK Framework (MITRE)

What is Threat-Informed Defense? (MITRE)

MITRE ATT&CK: Benefits and Challenges (TechTarget)

2 - Tenable report highlights threats from years-old, known vulnerabilities

They’re the proverbial low-hanging fruit of the cyber world: Vulnerabilities disclosed months and years ago for which patches have long been available but that many organizations haven’t yet fixed.

Because attackers continue to exploit these known flaws in great numbers, Tenable’s Security Response Team (SRT) is shining a spotlight on them in its newly released “Threat Landscape Report” (TLR).

Tenable report highlights threats from years-old known vulnerabilities

Specifically, SRT ranked first on its list of top vulnerabilities of 2022 a set of these flaws, some of which date back to 2017, including high-severity bugs in Microsoft Exchange, Zoho ManageEngine products and VPN solutions from Fortinet, Citrix and Pulse Secure.

“We cannot stress this enough: Threat actors continue to find success with known and proven exploitable vulnerabilities that organizations have failed to patch or remediate successfully,” the report reads.

Why does this problem persist? As Tenable Chief Security Officer and Head of Research Robert Huber explains in the report, security teams struggle with vulnerability remediation for multiple reasons, including having a plethora of siloed cybersecurity tools that offer a limited, fragmented view of their attack surface.

Because vulnerability management (VM) can no longer be performed in a vacuum, organizations must build an exposure management program that allows organizations to execute a risk-based workflow.

“Exposure management offers a way to operationalize risk reduction across an organization – and offers a vision of a future in which we no longer see five-year-old vulnerabilities continue to be exploited like a ‘greatest hits’ collection in the attacker playlist,” Huber wrote.

To get more details, you can check out the full report, read an SRT blog post and attend a webinar on March 16 at 11 am PT / 2 pm ET.

You can also find coverage of the Tenable TLR in Help Net Security, CSO Online, My Tech Decisions, BetaNews and GCN

3 - And speaking of known vulnerabilities that haven’t been remediated …

More details have come out about last year’s massive breach of password manager LastPass, and the new information reinforces the danger from years-old, known vulnerabilities that are left unremedied.

Here’s the latest: An attacker breached the home computer of a LastPass DevOps engineer by exploiting a known vulnerability in the Plex Media Server. Plex had disclosed the bug in May 2020, at which time it also patched it by releasing a new version of the software. The bug (CVE-2020-5741) was reported to Plex by Tenable in March 2020.

LastPass got breached via known unpatched vulnerability

At the time of the attack, the LastPass engineer reportedly hadn’t yet installed that Plex update nor any of the many other subsequent updates Plex released for the product in question in the interim.

“Unfortunately, the LastPass employee never upgraded their software to activate the patch. For reference, the version that addressed this exploit was roughly 75 versions ago,” a Plex representative told PCMag

To get all the details about the two incidents that led to the data breach, including the theft of encrypted customer passwords, read the latest post mortem from LastPass, published last week.

Meanwhile, the details about the specific Plex vulnerability, which isn’t mentioned in the LastPass updates, were confirmed publicly by Plex to several technology publications, including PCMag, The Hacker News and ReviewGeek.

For more information about the LastPass issue:

VIDEOS:

Anatomy of a Threat: 2022 LastPass Breach Was Caused by Known Plex Software Vulnerability (Tenable)

LastPass Incident Update March 2023: The Simple Mistake They Made (Lawrence Systems)

LastPass Hack Incident Update (TWiT Tech Podcast Network)

4 - Report: Organizations struggle with SaaS data protection 

Protecting software-as-a-service (SaaS) data remains a challenge due in large part to organizations’ lack of understanding about who is responsible for it and how to do it. 

Weak SaaS data protection is progressively becoming a bigger problem as organizations boost their adoption and usage of SaaS apps, relying on them for increasingly critical business processes.

That’s according to Enterprise Strategy Group’s (ESG) “Data Protection for SaaS” study, based on a survey of almost 400 IT pros in the U.S. and Canada who are familiar with and/or responsible for SaaS data protection technology decisions.

Key findings include:

  • 33% of organizations rely on their SaaS vendors exclusively for protecting their SaaS data
  • 55% have lost SaaS data in the past 12 months
  • Two leading causes of SaaS data loss are SaaS service outages (cited by 35% of respondents) and cyberattacks (34%)
  • Protecting SaaS applications is a top 5 priority for 89% of IT organizations over the next 12-24 months

“Do not confuse service uptime with your ability to recover data that has been corrupted. Based on our research, it is obvious that many IT professionals do not really understand what the roles and responsibilities actually are,” wrote ESG analyst Christophe Bertrand in the TechTarget article “Data protection for SaaS-based apps is a work in progress”.

Organizations struggle with SaaS data protection

(Source: Enterprise Strategy Group’s “Data Protection for SaaS” report, February 2023)

Some of Bertrand’s data-protection recommendations to SaaS customers include:

  • Be clear what falls under your responsibility and what’s the responsibility of your vendors
  • Understand the business and compliance consequences of a SaaS service outage or data loss
  • Have storage backup and recovery in place for your SaaS applications, especially those used for critical business processes

For more details, view a report infographic and check out the report’s summary page

To get more information about SaaS security:

VIDEOS

6 Steps to SaaS Security (Steve Murphy)

Untangling SaaS Security in the Enterprise (RSA Conference)

5 - Staying on the cloud security topic …

At a recent Tenable webinar about assessing multi-cloud environments for security policy violations, we polled attendees on their main cloud compliance concerns and on their cloud security audit methods. Check out the results!

Users prefer 3rd party tools for cloud security audits

(40 webinar attendees polled by Tenable in February 2023)

Users have multiple cloud compliance concerns

(57 webinar attendees polled by Tenable in February 2023)

6 - U.S. national cybersecurity plan seeks to make tech vendors more accountable

The White House has released its much-awaited National Cybersecurity Strategy, a 35-page policy document whose call to shift more cyberdefense responsibility onto system operators and technology providers has gotten the most attention.

The White House states that end users – individuals, small businesses, infrastructure operators, and state and local governments – currently carry too much of the burden regarding cyber risk mitigation, given their limited resources and their other priorities. 

“A single person’s momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences,” the White House document reads.

US National Cyber Strategy Shifts Responsibility to Tech Vendors
Instead, when it comes to protecting data and securing critical systems, the onus should be on the “most capable and best-positioned actors” in both the public and private sectors – namely system owners and operators, as well as technology providers.

The document specifically calls out software makers, saying they should be held legally accountable when they release products or services that were developed without following security best practices.

Overall, the National Cybersecurity Strategy identifies five pillars for enhancing the cybersecurity of the U.S. “digital ecosystem”:

  • Defend critical infrastructure
  • Disrupt and dismantle threat actors
  • Shape market forces to drive security and resilience
  • Invest in a resilient future
  • Forge international partnerships

For more information, check out the full National Cybersecurity Strategy document as well as a White House fact sheet, along with coverage from Enterprise Security Tech, Dark Reading, Inside Cybersecurity, FCW and CyberScoop.

VIDEOS

The Biden-Harris Administration’s National Cybersecurity Strategy (Center for Strategic & International Studies)

Biden administration rolls out new cybersecurity strategy (Yahoo Finance)

관련 기사

최신 익스플로잇에 대해 취약하십니까?

이메일을 입력하여 최신 사이버 노출 알림을 받으십시오.

Tenable Vulnerability Management

이전의 Tenable.io


비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판에는 Tenable Lumin, Tenable Web App Scanning 및 Tenable Cloud Security도 포함됩니다.

Tenable Vulnerability Management

이전의 Tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

무료로 Tenable Nessus Professional 사용해보기

7일 동안 무료

Tenable Nessus는 현재 구입 가능한 가장 종합적인 취약성 스캐너입니다.

신규 - Tenable Nessus Expert
지금 사용 가능

Nessus Expert는 외부 공격 표면 스캔닝과 같은 더 많은 기능 및 도메인을 추가하고 클라우드 인프라를 스캔하는 기능을 추가합니다. 여기를 클릭하여 Nessus Expert를 사용해보십시오.

아래 양식을 작성하여 Nessus Pro 평가판을 사용해보십시오.

Tenable Nessus Professional 구입

Tenable Nessus는 현재 구입 가능한 가장 종합적인 취약성 스캐너입니다. Tenable Nessus Professional은 will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

여러 해 라이선스를 구매하여 절감하십시오. 연중무휴 전화, 커뮤니티 및 채팅 지원에 액세스하려면 Advanced 지원을 추가하십시오.

라이선스 선택

여러 해 라이선스를 구매하여 절감하십시오.

지원 및 교육 추가

Tenable.io

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판에는 Tenable Lumin, Tenable Web App Scanning 및 Tenable Cloud Security도 포함됩니다.

Tenable.io 구매

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

65 자산

구독 옵션 선택:

지금 구매

Tenable Web App Scanning 사용해보기

이전의 Tenable.io Web Application Scanning

Tenable One - 위험 노출 관리 플랫폼의 일부분으로 최근의 애플리케이션을 위해 설계한 최신 웹 애플리케이션 제공 전체 기능에 액세스하십시오. 많은 수작업이나 중요한 웹 애플리케이션 중단 없이, 높은 정확도로 전체 온라인 포트폴리오의 취약성을 안전하게 스캔합니다. 지금 등록하십시오.

Tenable Web App Scanning 평가판에는 Tenable Vulnerability Management, Tenable Lumin 및 Tenable Cloud Security도 포함됩니다.

Tenable Web App Scanning 구입

이전의 Tenable.io Web Application Scanning

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

5 FQDN

$3,578

지금 구매

Tenable Lumin 사용해 보기

Tenable Lumin으로 위험 노출 관리를 시각화하여 파악하고 시간에 걸쳐 위험 감소를 추적하고 유사한 조직과 대비하여 벤치마킹하십시오.

Tenable Lumin 평가판에는 Tenable Vulnerability Management, Tenable Web App Scanning 및 Tenable Cloud Security도 포함됩니다.

Tenable Lumin 구매

영업 담당자에게 문의하여 어떻게 Tenable Lumin이 전체 조직에 대한 통찰을 얻고 사이버 위험을 관리하는 도움이 되는지 알아보십시오.

Tenable Cloud Security 사용해보기

이전의 Tenable.cs

클라우드 인프라 구성 오류를 감지 및 수정하고 런타임 취약성을 볼 수 있는 전체 액세스 권한을 누리십시오. 지금 등록하여 무료 평가판을 이용하십시오. 평가판 절차에 대해 알아보려며 여기를 클릭하십시오.

Tenable Cloud Security 평가판에는 Tenable Vulnerability Management, Tenable Lumin 및 Tenable Web App Scanning도 포함됩니다.

영업 담당자에게 문의하여 Tenable Cloud Security 구입

영업 담당자에게 연락하여 Tenable Cloud Security에 대해 자세히 알아보고 클라우드 계정을 온보딩하는 것이 얼마나 쉬운지 확인하고 몇 분 내에 클라우드 구성 오류 및 취약성에 대한 가시성을 얻으십시오.

무료로 Tenable Nessus Expert 사용해보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

이미 Tenable Nessus Professional을 보유하고 계십니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Tenable Nessus Expert 구입

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

여러 해 라이선스를 구매하여 비용을 더 절감하십시오.

지원 및 교육 추가

Nessus Expert 무료로 사용해 보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

Nessus Professional이 이미 있습니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Tenable Nessus Expert 구입

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

여러 해 라이선스를 구매하여 비용을 더 절감하십시오.

지원 및 교육 추가