FeatureThe vendors market-defining innovations transform how cybersecurity is managed and measured in organisations across the globe. Vendors are building solutions that translate technical data into business insights to help security teams prioritise and focus remediation based on business risk.
Using this intelligence, both CISOs and business leaders understand one another and more importantly understand what is needed to drive improvements and optimise security investments that ultimately reduce the risk to the business.
While IT is focused on functionality, speed, efficiency, security is looking to make sure this ability does not introduce levels of risk
Tenable is focused on enabling the vendors’ customers to see every asset and vulnerability across their entire modern attack surface, predict the vulnerabilities that will be leveraged in an attack on the assets that matter to the business and guide the vendors customers on where they need to act to address risk.
The elastic nature of cloud environments allows organisations to be agile, responding to external factors by introducing new services quickly, making it possible to outpace competitors and, or offer competitive advantage. This has been evident in the last twelve months as organisations responded to work from home mandates, in some cases within hours, due to the pandemic.
Tenable is focused on enabling customers to see every asset and vulnerability across their entire modern attack surface
When it comes to cloud security, one key challenge is the driver. While the IT team is focused on functionality, speed, and efficiency. In contrast, the security team is looking to make sure that this ability does not introduce unnecessary or unacceptable levels of risk.
Companies must return to the basics of cyber hygiene by leveraging vulnerability management and honest assessment of the challenges they face. This way they can understand where the risks exist within their infrastructure, however dynamic, remote, or short lived they may be, as well as establish an efficient process to measure overall risk and secure the network.
Elastic nature of cloud environments allows organisations to be agile, responding to external factors by introducing new services quickly
Given the remote working hybrid model that has shattered the network perimeter, organisations should look for solutions that afford complete and live visibility into the entirety of the attack surface — be they IT or OT, traditional on-prem or in the cloud — as the first step toward reducing overall cyber risk. If providing access to data, make sure you have a mechanism to control that access and secure data in transit.
As the workforce may not be using company-owned devices, it’s worth investing in an assessment solution that can check the security posture of all devices, regardless of ownership, connecting to the corporate network. Identify any with exploited vulnerabilities and either patch or remediate the risk – this could mean stopping the device connecting until it’s been updated.
Traditional perimeter security simply is not enough to protect multiple environments against today’s cybercriminals. This presents an opportunity for security leaders to rethink how they define risk, looking beyond software flaws and device compliance to achieve a holistic view of their dynamic and disparate environments.
In tandem, they need to invest in adaptive user and data risk profiles to disrupt attack paths by accounting for misconfigurations in Active Directory and the cloud and step-up security based on changing conditions, behaviours, or locations.
Finally, they must take a hard look at the limits of traditional, perimeter-based security architectures, to consider more sophisticated options that continuously monitor and verify every attempt to request access to corporate data at all levels, whether that’s a device, app, user, or network attempting to make that connection.
CISOs need to invest in adaptive user and data risk profiles to disrupt attack paths by accounting for misconfigurations in Active Directory and the cloud.
