YouTube Transcript:
Tenable Vulnerability Management | Overview

Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.

AutoDub

Understand YouTube Foreign Videos

Immersive YouTube Voice Translation

Break language barriers, embrace global quality content

Solve Foreign Video Barriers Instantly

Video Transcript

Video Summary

Summary

Core Theme

This content provides an overview and demonstration of Tenable's vulnerability management platform, highlighting its expanded features and practical applications for cybersecurity professionals. It emphasizes the importance of hands-on experience and understanding an organization's complete asset inventory for effective security.

Mind Map

Click to expand

Click to explore the full interactive mind map • Zoom, pan, and navigate

00:00:00:00 - 00:00:15:02 Speaker 1

I'm pretty excited to finally be able to do this series on tenable. And to

show you some of the updates since my last series on tenable. So I'm going to

call this one tenable vulnerability management 2025. And as you know,

like I just want to show you this great tenable vulnerability management. It lives

right here within this fleet. 00:00:15:03 - 00:00:34:49

Speaker 1 This is only

one of the tenable products. But since I did my last video, tenable has a whole bunch of things

that they've added. So I just want to kind of briefly talk about these. So the identity

exposure is one that targets Active Directory. If you're not familiar with Active Directory,

take a second to look it up. But this one is for securing or identifying vulnerabilities as

Active and Active Directory. 00:00:34:54 - 00:00:52:33

Speaker 1 You got the attack surface

management. This is one that allows you basically you're trying to determine the paths that attacker

can take to compromise your system. So it kind of goes in and gives you like some really good

insight to be able to understand how people can attack you. Cloud security. This is stuff that you

do to be able to secure and, and 00:00:52:33 - 00:00:53:09

Speaker 1 and

00:00:53:09 - 00:00:54:30 Speaker 1

audit your cloud environment. 00:00:54:31 - 00:00:58:53

Speaker 1 So this is the governance

ot operational technology. This is dealing with like

if you're thinking like, 00:00:58:53 - 00:01:16:08

Speaker 1 like manufacturing plants or rock quarries or, or

anything that produces something that industrial level they have, what's called PLCs, project logic

controllers and basically little devices and sensors that control when machines do this and

that. And if that gets compromised or slow down 00:01:16:08 - 00:01:20:47

Speaker 1 it could lead from everything to maybe, maybe

messing the product to also injuring people 00:01:21:04 - 00:01:30:33

Speaker 1 So ozone environment

is a big one and honestly, we need more people who are who are working to become an

expert in OT security vulnerability management. This is what we're doing,

basically scanning endpoints, 00:01:30:33 - 00:01:45:09

Speaker 1 to look for vulnerabilities

for most of our endpoints, IPAs and domains. Web application scanning. This is a specific

one that you have to that's in addition to the vulnerability management in the other products,

but it scans your web applications looking for actual vulnerabilities

in their telco inventory. 00:01:45:09 - 00:01:46:23

Speaker 1 Not familiar with that, but,

00:01:46:23 - 00:02:01:08 Speaker 1

because you already have the asset feature but looks like it's something cool, I want to get

into this a little bit later, and then lumen assesses your risk. So this kind of means like

you're basically doing an assessment of your cyber risk exposure compared to other others

in the industry or, or your peers 00:02:01:08 - 00:02:13:48

Speaker 1 So and alone as far as your view.

So I've actually done some, some work on these like just some training and understanding these,

but not not really a lot to dig in and really fully understand this. So let's go ahead. Let's

jump into tenable vulnerability management 00:02:13:48 - 00:02:17:23

Speaker 1 okay. So now we're in the tenable vulnerability

manager environment. So this is environment. 00:02:17:23 - 00:02:22:44

Speaker 1 And basically what I do is I use this this is

where I'm using to secure my family my friends 00:02:22:44 - 00:02:28:49

Speaker 1 to do vulnerability

scan and to be able to get data to do these videos okay. So families,

friends and they may have companies 00:02:28:49 - 00:02:31:03

Speaker 1 So I'm able to kind

of secure that company. 00:02:31:16 - 00:02:47:10

Speaker 1 But just keep in mind I do works

full time in doing this. So I can't necessarily do this in a certain way. So doing as a as a

full time job with the site is just something I'm doing to be able to gather data. Okay,

so but I do do this at my full time job. So, you know, there's kind of like can't compete

with your for non-compete clause 00:02:47:10 - 00:02:52:09

Speaker 1 where I can't be

like doing my own cyber security on the site, you know, while doing the

same thing for the company. 00:02:52:23 - 00:03:05:17

Speaker 1 So but I do have some good data

on here. That's why I try to get as many machines as possible to get really good rich data here for

the environment. So let's go ahead and start here. Because everything I do I typically going to start

with the main menu here. And 00:03:05:17 - 00:03:06:43

Speaker 1 and this takes you back to this

00:03:06:43 - 00:03:07:36 Speaker 1

on the dashboard. 00:03:07:36 - 00:03:11:46

Speaker 1 And so the dashboard once again this

has really good information primarily. What 00:03:11:46 - 00:03:17:08

Speaker 1 a lot of times

I use on the job is this part right here is being able to look at the 30,

60, 90 day metrics. 00:03:17:08 - 00:03:22:34

Speaker 1 So and I'll get

into this eventually as we go through the series, I'll be able to kind of talk through that and kind

of give you some insight. 00:03:22:38 - 00:03:29:29

Speaker 1 But right now I

just want you to understand what's available. And so also for dashboard, you got lots of different

dashboards that you can do. So, 00:03:29:29 - 00:03:34:15

Speaker 1 specifically if you go to all dashboards, this

is where you can kind of create new dashboards 00:03:34:15 - 00:03:36:22

Speaker 1 And this

is really helpful. 00:03:36:22 - 00:03:38:58

Speaker 1 I'll talk about that a little

bit later on the dashboard section. 00:03:39:03 - 00:03:53:53

Speaker 1 Now when it comes to scans, you

can kind of see I've got some scans set up here. I got the school icon. So I actually did kind

of create like a one on one program where we can actually like you can get hands on with the tools

read only though I can't give you full access. But what I did spin up a Google cloud environment.

00:03:53:55 - 00:03:54:43 Speaker 1

I was able to 00:03:54:43 - 00:03:57:27

Speaker 1 and I got machine on there

with agents and Sentinel one 00:03:57:27 - 00:04:08:27

Speaker 1 And I asked some

of my friends to kind of, you know, gave an IP address and said, hey, you know who have

fun with this. So anyway, so that's what that second scan is. And so then I also got the,

the daily basic ages. 00:04:08:27 - 00:04:17:15

Speaker 1 So I'm scanning ages, I'm scanning that work.

I'm doing host discovery scan. I'm doing odd. It's a shout out to Scotty, who I have on the channel

at some point would think tank workshop. 00:04:17:15 - 00:04:24:00

Speaker 1 He's one of the people that came to the

mentorship program, and he's branched out, and he wanted to do this. This audit infrastructure scan,

which I hadn't really seen. 00:04:24:05 - 00:04:25:59

Speaker 1 So I went through

the process of setting it up, 00:04:25:59 - 00:04:39:17

Speaker 1 by the cloud infrastructure. That was pretty

cool. And then host Discovery Man, being able to see like all the internet, like the IoT, you know,

nothing like your smart light bulbs. You know, my Elgato light right here on my on my station,

like, you know, Alexa 00:04:39:17 - 00:04:49:56

Speaker 1 and and Google

Home and Nest and Ring devices and all that kind of stuff, you know, so basically being

able to know 100% what I know, because you can't really do security if you don't really know what

you have on your network. 00:04:49:56 - 00:04:53:53

Speaker 1 Right? So that being the case and then

vulnerability intelligence, I don't know. 00:04:53:53 - 00:04:55:31

Speaker 2 But I found these results on search.

00:04:55:36 - 00:04:56:30 Speaker 1

Thank you Google. 00:04:56:30 - 00:04:59:52

Speaker 1 Hey. All right so that's

interesting. Always listening right. 00:04:59:52 - 00:05:10:52

Speaker 1 so here you like

to search vulnerability database. This is pretty cool because you can actually search

by CV I think that's a really cool feature that they add is something that wasn't there

before as far as I remember. 00:05:10:52 - 00:05:13:34

Speaker 1 Then you got your

exposure exposure research I got 00:05:13:34 - 00:05:16:16

Speaker 1 I don't I haven't dug

into this, just to be honest. 00:05:16:16 - 00:05:31:00

Speaker 1 Like, obviously this

is something that's that's new. I'm just kind of showing you all this here. And so you could

do this pose or I suppose your response. I'm really looking forward to playing with this.

Then you can look at the asset. These are basically all the machines that I currently

have in here. So I got 46 holes 00:05:31:10 - 00:05:37:29

Speaker 1 And so you

can see I basically some I have names on, some I could like discover to host

discovery scans and scans. 00:05:37:29 - 00:05:48:48

Speaker 1 And so what I

really want to emphasize here is that if you really want to do cybersecurity,

one of the best things you can do is you take your home, you can take your local things,

your friends, family, with their permission, okay, be able to get it right into

00:05:48:52 - 00:05:58:44 Speaker 1

and and also and then go through the process of setting up this stuff at home because I cannot

tell you how many times that the stuff I work at home leads to me knowing something at work that

was just something that was just random. 00:05:58:44 - 00:06:15:25

Speaker 1 You know, I'm saying like,

oh yeah, I got this. Yeah, I've seen this. So I really tried it to, I literally well, I mean,

technology interpreted is a real company. And I had to go through a whole process to

get tenable to, you know, just like any other company who sells this stuff. So essentially

my home is my headquarters, 00:06:15:25 - 00:06:21:23

Speaker 1 to per se,

and it's run like an actual physical office business from a cybersecurity perspective,

if that makes sense. 00:06:21:23 - 00:06:24:37

Speaker 1 Okay. So finally, this is where

we go to look at the vulnerabilities 00:06:24:42 - 00:06:27:09

Speaker 1 And you can see we even

get called Misconfigurations 00:06:27:09 - 00:06:28:14

Speaker 1 which

is cool. 00:06:28:14 - 00:06:30:58

Speaker 1 But that that's something

you have to do a scan. And 00:06:30:58 - 00:06:35:05

Speaker 1 right now I haven't played with that. So that's

something I hope to, to have some fun with. 00:06:35:10 - 00:06:36:23

Speaker 1 You can see the

sensors. 00:06:36:23 - 00:06:49:33

Speaker 1 This is where we get a chance to deploy the

different types of sensors. So and I just want to, you know, on that section I really would dig into

this. But all right now I've got NSA scanners and this is agent deployed I am you're really

interested in this setting up my own Nessus, 00:06:49:33 - 00:06:50:57

Speaker 1 network monitor right there.

00:06:50:57 - 00:07:02:00 Speaker 1

So I'm curious, and I'm going to do that at some point in the future, because that one has a really

good features to be able to scan this stuff as it's coming through your firewall or you basically

you're duplicating your firewall port. 00:07:02:00 - 00:07:09:28

Speaker 1 Reports. This is pretty

much everything I saw. You can create reports, but there's some new features that report, and I

cannot wait to dig into and tell you all about, 00:07:09:28 - 00:07:11:35

Speaker 1 including the ability to detect AI,

00:07:11:35 - 00:07:12:21 Speaker 1

just on an out there. 00:07:12:21 - 00:07:15:39

Speaker 1 The eye detection is something

that tenable is leaning into. 00:07:15:39 - 00:07:19:57

Speaker 1 So I really going

to have some fun. And that's really interesting because I've actually

used that. I work already 00:07:19:57 - 00:07:23:14

Speaker 1 has some customers who are who

are very interested in determining 00:07:23:14 - 00:07:26:29

Speaker 1 if their employees are using AI

in the environment. And of course, 00:07:26:29 - 00:07:31:22

Speaker 1 we've had some

other creative things we did, but then we realized, did that and we were able

to kind of do detect 00:07:31:22 - 00:07:33:07

Speaker 1 different things,

including like Grammarly. 00:07:33:07 - 00:07:40:19

Speaker 1 Right? Most people

don't even think of Grammarly as AI, but it gets detected as I am a large language

model, so I love them. So, 00:07:40:24 - 00:07:41:53

Speaker 1 we also got

remediation, 00:07:41:53 - 00:07:49:04

Speaker 1 talked about this in

some of our previous video, but basically you can kind of create projects to to really focus in on

what you're going to be doing 00:07:49:04 - 00:07:50:26

Speaker 1 with remediation.

00:07:50:31 - 00:07:54:43 Speaker 1

This is a good thing, especially if you're like, if you're a person

in an organization, 00:07:54:43 - 00:08:02:28

Speaker 1 not necessarily like if

you're securing multiple organizations, but if you were like working for one organization, creators

remediation projects is really, really cool. 00:08:02:28 - 00:08:04:02

Speaker 1 I'm trying to

think of a way to 00:08:04:02 - 00:08:05:43

Speaker 1 be able to use this at scale because,

00:08:05:43 - 00:08:06:25 Speaker 1

it was my job. 00:08:06:26 - 00:08:14:07

Speaker 1 I secure multiple companies, you know,

so so I would have, like, this would be a lot to manage. And the thing is, when you're just like

when you're looking at multiple companies 00:08:14:07 - 00:08:22:28

Speaker 1 being having to log into every tenable

tenant for every tenable company is not really that efficient. So you have to think about you

have to I had to be able to do things at scale. 00:08:22:28 - 00:08:24:15

Speaker 1 So this is where RPA, APIs

00:08:24:15 - 00:08:25:03 Speaker 1

come into play. 00:08:25:03 - 00:08:28:57

Speaker 1 And then the settings, this is where

you get into like the general like 00:08:28:57 - 00:08:32:31

Speaker 1 basically the general configuration

of ten or more set up a table. 00:08:32:31 - 00:08:39:24

Speaker 1 And so the things you got here,

for example, you got Saml right here where you can configure single sign on, you got your license,

you can check your license. 00:08:39:24 - 00:08:43:42

Speaker 1 This access control is where I go through and

create accounts. So say for instance with the 00:08:43:42 - 00:09:02:28

Speaker 1 with the school.com

for the people who are in the cyber security mentorship program when they log in, I don't

want them seeing everything in my environment. I just want them to see the machines that I have

in school.com. So it gives them an ability to log in with a read only account and they

can kind of see that machine that I have in the cloud or stuff like that, and see the

vulnerabilities that exist on that. 00:09:02:28 - 00:09:05:48

Speaker 1 So we can actually walk through and I'll walk

in through remediating those vulnerabilities 00:09:05:48 - 00:09:15:16

Speaker 1 So that's what the that, that the

access control section is activity logs. So we can see what happens. And you really want every tool

involved. Not every tool doesn't have this. 00:09:15:16 - 00:09:22:54

Speaker 1 But there needs to be some kind of log that

tells you what's happening in the environment, logs events taking place in your organization

instead of a vulnerability management account. 00:09:22:54 - 00:09:23:41

Speaker 1 You need to know that

00:09:23:41 - 00:09:33:05 Speaker 1

because different things like for example, if as an administrator, I may have other administrators

in my organization, and what if they log in and what if they, like, start messing around

and doing things that various 00:09:33:05 - 00:09:38:47

Speaker 1 you need to be able

to see and understand that happens. Language of you, management, language settings, exports.

00:09:38:47 - 00:09:39:55 Speaker 1

You see, as far as 00:09:39:55 - 00:09:43:16

Speaker 1 things that are major here,

like dashboards and exports, that's cool. 00:09:43:21 - 00:09:51:54

Speaker 1 You can view the export activity and manage

schedule for. So basically if you have report to them for things that are being exported from the

the light from the central console, you can 00:09:51:54 - 00:09:52:40

Speaker 1 schedule those

00:09:52:40 - 00:09:59:51 Speaker 1

requests. And this is really important when recasting and tagging are really,

really going to dig into these because these become my favorite

friends right here. 00:09:59:56 - 00:10:08:03

Speaker 1 If there's a vulnerability that that

a company can't address, then you want to recast it, which means that they're going to accept the

risk for a certain period of time. 00:10:08:03 - 00:10:10:21

Speaker 1 Recasting also allows

you to be able to adjust the,

Click on any text or timestamp to jump to that moment in the video

Most transcripts ready in under 5 seconds

One-Click Copy125+ LanguagesSearch ContentJump to Timestamps

Paste YouTube URL

Enter any YouTube video link to get the full transcript

Most transcripts ready in under 5 seconds

Get Our Chrome Extension

Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.

Add to Chrome — Free

Works with YouTube, Coursera, Udemy and more educational platforms

Get Instant Transcripts: Just Edit the Domain in Your Address Bar!

YouTube

←

→

↻

https://www.youtube.com/watch?v=UF8uR6Z6KLc

YoutubeToText

←

→

↻

https://youtubetotext.net/watch?v=UF8uR6Z6KLc

YouTube TranscriptPreparing your results…

YouTube Transcript:Tenable Vulnerability Management | Overview