Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: 6 Things That Matter Right Now

Cybersecurity trend analysis: Budgeting tips, ransomware protection, "best-of-breed" vs. platforms, ID attacks.

Topics that are top of mind for the week ending July 1 | Cybersecurity budgeting priorities. All you ever wanted to know about ransomware. CISOs weigh best-of-breed vs. platforms. The epidemic of identity-related breaches. And much more!

1 -- A penny for your thoughts

How time flies! We’re at the year’s midpoint. That’s when the IT budgeting process often starts. So it seemed timely to poll our webinar attendees on their cybersecurity spending priorities. Check out the results of our admittedly ad-hoc, unscientific – yet interesting! – poll.
CISO cybersecurity budgeting priorities and best practices
For more on cybersecurity budgeting read:

2 -- Analyst: CISOs shifting from “best of breed” products to platforms

Ah, the age-old debate: best-of-breed (BOB) products versus integrated suites or platforms. Well, this tension is on right now in cybersecurity, as CISOs glance at their security stacks and cringe at this sight: a mishmash of siloed tools from myriad vendors that don’t play well together. 

Yes, compiling a BOB stack – long the preferred strategy of cybersecurity teams – is losing its shine, while platforms and integrated products gain favor, according to a study by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), based on a survey of 280 cybersecurity leaders.

Why are CISOs souring on handpicked, arguably superior – yet disconnected – individual products? A major factor is BOB’s operational overhead, an ESG analyst explains.

Interesting findings:

  • 38% now tend to buy integrated security platforms rather than BOB products.
  • 86% say it is either critical or important that BOB products are built for integration.
  • 21% of organizations are consolidating security vendors; 25% are considering it.

Want more details? Check out this slide presentation from ESG and ISSA.

More resources:

3 -- Everything you always wanted to know about ransomware but were afraid to ask

Ransomware has thrived through constant evolution, becoming a multimillion-dollar, self-sustaining industry and a major cyberthreat to all organizations. That’s why Tenable Research’s new report “The Ransomware Ecosystem” is a must-read. It explores the key players in the ransomware ecosystem and the tactics that have helped it flourish.

Understand the key players in the ransomware ecosystem and their tactics
 

You’ll learn:

  • How the ecosystem evolved
  • Which are the most common attack vectors
  • How to prepare and defend against attacks
  • What vulnerabilities are likely to be exploited

For more information:

4 -- Study: Manual cloud asset management impacts visibility, ups risk

Cloud adoption keeps accelerating, but have organizations automated their inventorying of public cloud assets? Unfortunately, not that much. And that’s not good because it leads to undercounts and to incomplete asset visibility, increasing security risks, a study found.

The study – “Measuring Risk and Risk Governance” from the Cloud Security Alliance and Google – polled 600 security practitioners and 20 executives in companies of all sizes globally and found that internal data classification schemes (55%) and manual methods (50%) are the main ways organizations collect, track and organize cloud assets. Only 21% of respondents use native or automated cloud data classification tools.

Unsurprisingly, organizations using manual estimation methods reported having an average of 124 cloud services, 31% fewer than the average of 163 reported by organizations using automated discovery tools. 

For more information about the study, whose main goal was to assess the maturity of public cloud and risk management within the enterprise, read:

Interested in cloud security? Check out these resources:

5 -- ID-related breaches: They’re rising and wreaking havoc

How prevalent have identity-related breaches become? A whopping 84% of 500 respondents to a recent survey said their organization has experienced one in the last year. Findings from the study “2022 Trends in Securing Digital Identities” by the Identity Defined Security Alliance (IDSA) include:

  • Identity growth continues, which makes it a security priority.
  • Identity-related attacks are up but can be prevented.
  • Risky behavior drops when executives focus on identity security.

More resources on identity access management:

6 -- Vulnerabilities to have on your radar screen

These vulnerabilities deserve special attention:

  • Flaws in Azure Synapse Analytics

  • 56 insecure-by-design OT vulnerabilities discovered by Forescout

  • Vulnerabilities in Citrix’s Application Delivery Management product

  • POC published for unauthenticated RCE in Zoho ManageEngine ADAudit Plus

Flaws in Azure Synapse Analytics

Cloud security presents special challenges, as exemplified by Tenable’s recent discovery and analysis of two vulnerabilities in Microsoft Azure. The Tenable Research team found the serious flaws in Azure Synapse Analytics, contacted Microsoft and let’s just say the communication wasn’t particularly smooth. “These flaws and our researchers’ interactions with Microsoft demonstrate the difficulties involved in addressing security-related issues in cloud environments,” the Tenable team wrote.

For more details:

You can also read Tenable CEO Amit Yoran’s LinkedIn post “Microsoft’s Vulnerability Practices Put Customers At Risk” and listen to Tenable CSO Robert Huber’s comments on KBI’s KBKast.

Forescout: 56 insecure-by-design OT vulnerabilities

Forescout’s Vedere Labs published its latest research findings into OT vulnerabilities titled “OT:ICEFALL,” including 56 bugs across multiple vendors’ products. “OT:ICEFALL sought to analyze and understand the prevalence and impact of insecure-by-design vulnerabilities in OT products,” wrote Tenable’s Security Response Team.

For more information:

Vulnerabilities in Citrix’s Application Delivery Management product

Citrix disclosed a pair of vulnerabilities in Citrix Application Delivery Management (ADM), a centralized management solution used to monitor a variety of Citrix networking products:

  • CVE-2022-27511, an improper access control vulnerability in Citrix ADM
  • CVE-2022-27512, a vulnerability in Citrix ADM caused by improper control of a resource through its lifetime

For the details, read Tenable’s blog.

POC published for unauthenticated RCE in Zoho ManageEngine ADAudit Plus

The researchers who recently discovered CVE-2022-28219, a now patched vulnerability in Zoho ManageEngine ADAudit Plus, have shared a proof-of-concept (PoC) script that automates the steps to pivot from an XML external entity (XXE) flaw to remote code execution (RCE).

This vulnerability impacts all versions of ADAudit Plus builds below 7060, so organizations should make sure they're running the fixed or later version of ADAudit Plus, which is a compliance tool for monitoring Active Directory.

For more information, read Tenable's blog.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.