EC News DeskIt is essential IT and OT professionals understand the increasing attack surface their organisation has to manage, measure, and reduce for risk, says Maher Jadallah, Regional Director Middle East, Tenable.
The Tenable Cyber Exposure platform is the industry’s first solution to holistically assess, manage and measure cyber risk across the modern attack surface. It uniquely provides visibility into cyber risk across IT, Cloud, IoT and OT environments, and the depth of analytics to measure and communicate cyber risk in business terms to make better strategic decisions.
The goal is to arm every organisation with the visibility and insight to answer four critical questions: Where are we exposed? Where should we prioritise based on risk? Are we reducing our exposure over time? How do we compare to our peers?
The tools and approaches organisations are using to understand cyber risk do not even work in the old world of client server, on-premises data centers and a linear software development lifecycle where there is less complexity and more control over security. An asset is no longer just a laptop or server.
It is now a complex mix of digital computing platforms and assets which represent your modern attack surface, where the assets themselves and their associated vulnerabilities are constantly expanding, contracting and evolving – like a living organism. The old way of simply scanning on-premises IT devices for vulnerabilities is no longer enough.
Today’s IT environment is ever-changing. Different types of assets constantly enter and exit the enterprise, and some are ephemeral – lasting mere seconds or minutes. Another element adding to what is already a complex situation is security teams being tasked to secure operational technology utilised within critical infrastructure.
In tandem, the number of vulnerabilities present in hardware and software is also rising, with the severity of each increasing. The result is security teams with hundreds of vulnerabilities and, even if prioritising by criticality, still have far more than they can possibly handle.
Tenable is focused on providing solutions that allow our customers to holistically assess their environment – both IT and OT. Risk-based vulnerability management cuts through the immense volume of data, giving precise focus needed to act swiftly and effectively to focus efforts on the real risks within organisations’ environments.
Using machine learning, each vulnerability is analysed and correlated against severity, threat actor activity and asset criticality. This comprehensive visibility is communicated using metrics that align with the business’ risks, so are understood by the board, with the ability to compare their security posture against internal departments and peers.
Increasingly we are seeing those whose remit was solely IT cybersecurity being given responsibility for the organisation’s OT environment too. This move makes sense, given the convergence of IT and OT, and how one can be compromised and used to navigate across into the other environment.
However, OT environments are very different from traditional networks. Security professionals need to understand what the infrastructure looks like, its inter-reliance and identify vulnerabilities.
Finding a solution to any problem begins with acceptance. Effective risk management is built on a unified understanding of the entire IT OT attack surface, which includes ICS devices, IT-based workstations on OT networks and IT networks. It is essential that IT and OT professionals understand the increased attack surface if their organisation is to manage, measure and reduce their business risk.
