30 01732 759725 CYBERSECURITY Technology Reseller recently met up with Bernard Montel, Technical Director and Security Strategist at Tenable, to discuss how the Exposure Management company is developing its product offering in response to a fluid and expanding attack surface populated with underprotected and unpatched external and internet-facing assets “I would say the perimeter doesn't exist anymore,” says Tenable Technical Director and Security Strategist Bernard Montel. “I’m not saying that we don't have firewalls anymore or that we don't have IT internally. We still have it. But now it’s highly connected to a lot of stuff outside.” As the attack surface has expanded, Tenable has used a combination of in-house development and acquisitions to extend its vulnerability and exposure management capabilities to areas it didn’t cover before, such as OT, IoT and the cloud, all the while maintaining its focus on identifying and proactively addressing exposures before they can be exploited and become a problem. “In cybersecurity, we speak of prevention, detection and response, and Tenable is in the domain of prevention,” explains Montel. “The classic analogy, I would say, is that before leaving your house and locking the front door, you check all your doors and windows are closed, regardless of whether you have an alarm system or not. An alarm system will detect if someone is entering your house and send you a notification, but by then it’s already too late. We believe that if you prevent, you will have less to detect.” He adds that while some of Tenable’s acquisitions have included detection capabilities, particularly in the cloud, their primary purpose has been to give customers more visibility and a holistic view of those doors and windows to identify any that might have been left open and to highlight the attack path a bad actor might take to get from there to business-critical assets. “We don't do detection and response, or rather we only do it slightly. Our core DNA is still prevention,” he says. New capabilities In December 2019, Tenable acquired Indegy Ltd, a company that was doing in the OT and IoT space exactly what it does in IT, enabling it to extend vulnerability management to manufacturing and industrial organisations that in the last five years have increasingly been connecting legacy systems to internal IT, IoT sensors/ cameras and the cloud. It followed this with the acquisitions of Alsid SAS, a French company specialising in uncovering vulnerabilities in Active Directory, in April 2021, and of Ermetic, a cloud-native application protection platform (CNAPP) company and leading provider of cloud infrastructure entitlement management (CIEM), in October 2023. As a result, Tenable is now able to discover assets and find vulnerabilities in and between them – attack paths that could be exploited by bad actors – and propose a tailored remediation plan, with risk-based prioritisation, for the four domains of IT, OT, identity and cloud. Montel points out that remediation plans will be very different across the four domains, with each having different teams, different tools and different timelines. For example, applying a patch or changing the configuration of an asset in a production chain that needs to work 24/7 is different to applying a patch to a smartphone. For cloud security, it also provides remediation tools, which is a departure from its core proposition. “Internally, at our customer sites, there will be different teams working in those different domains – IT, OT, identity and cloud. We used to say that vendors are only doing 50% of the job. We provide the tools, but those tools need to be handled by experts in their domain. A tool is Tenable started out about 20 years ago with a scanner designed to help IT professionals find flaws and misconfigurations in their networks, connected devices and applications, and that is essentially what it still does today – scanning devices, looking for vulnerabilities that an attacker could exploit and recommending next steps for remediation based on a risk-based approach to exposure management. While Tenable’s core mission has remained the same over the last 20 years, the IT landscape has changed greatly. Instead of protecting IT within an organisation by defending the network perimeter with firewalls – Montel uses the analogy of a castle and moat – cloud, IoT, smartphones and modern working practices have created a more complex, dynamic and highly connected attack surface. Plus ça change… Bernard Montel
RkJQdWJsaXNoZXIy NDUxNDM=