Den Vorteil des Angreifers eliminieren – Warum eigene Forschung wichtig ist
One problem which has been lingering for too long in the security industry is the concept that “security research” has long been way more of an art than a science. As our industry matures, we need to change this approach and add more scientific rigor to our industry.
This is why at Tenable, we decided to take a pragmatic and formal approach to research. We believe that there’s an urgent need to make the internet a safer place for everyone. For us, that begins with a singular focus on pinpointing security problems and sharing our findings quickly, openly and responsibly with the broader tech community.
Today we’re unveiling Quantifying the Attacker’s First-Mover Advantage – a first-of-its-kind study that looks at the immediate, crucial moves that security teams and their adversaries make in the hours or days after a vulnerability is first discovered. This type of study is important for our industry as we continue to hone the discipline and rigor that we apply to driving security into the very heart of every digital organization. Moreover, Quantifying the Attacker’s First-Mover Advantage indicates that security is a sprint, not a marathon and that the way the race begins has tremendous implications for how it will end. It also underscores the need for a more agile approach to security, a CI/CD-inspired cyber program more in sync with the realities of today’s dev cycles, if you will.
We believe that this type of research is one fundamental way that we can help to keep people safer. It’s one of the ways we give back to the community.
Expect to hear more from our researchers over the next few weeks as we unveil new, original research.
Verwandte Artikel
EPSS Shows Strong Performance in Predicting Exploits, Says Study from Cyentia and FIRST
July 30, 2024Tenable sponsored research from Cyentia and FIRST, which finds that while vulnerability exploitation is highly variable, EPSS is getting stronger in its ability to predict exploitation.
Pig Butchering Scam: How Bitcoin, Ethereum, Litecoin and Spot Gold (XAUUSD) Investments Are Used in Romance Scams to Steal Hundreds of Millions
February 14, 2024This is the second part of a two-part series based on firsthand research into pig butchering scams from the end of 2022 into early 2024. In this post, we delve into the types of investment scams perpetrated by pig butchers to steal hundreds of millions of dollars from victims, including in the form of cryptocurrency and spot gold.
Tales Of Zero-Day Disclosure: Tenable Researchers Reveal Recommendations for a Successful Experience
November 15, 2021Real life stories of vulnerability discovery and disclosure from Tenable’s Zero Day Research team offer guidance you can use to refine your organization's policies.
CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package
September 16, 2024Tenable Research discovered a remote code execution (RCE) vulnerability in Google Cloud Platform (GCP) that is now fixed and that we dubbed CloudImposer. The vulnerability could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool. Tenable Research also found risky guidance in GCP documentation that customers should be aware of.
Cybersecurity Snapshot: Russia-backed Hackers Aim at Critical Infrastructure Orgs, as Crypto Fraud Balloons
September 13, 2024Critical infrastructure operators must beware of Russian military hacking groups. Plus, cyber scammers are having a field day with crypto fraud. Meanwhile, AI and cloud vendors face stricter reporting regulations in the U.S. And get the latest on AI-model risk management and on cybersecurity understaffing!
Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)
September 10, 2024Microsoft addresses 79 CVEs with seven critical vulnerabilities and four zero-day vulnerabilities, including three that were exploited in the wild.
- Reports
- Research Reports
- Vulnerability Management
- Vulnerability Scanning