News & Views
Tenable reduces IT and OT risks
In a bid to help organizations reduce cyberattacks in in converged IT/OT environments Tenable (www.tenable.com) has brought together Tenable.ot™ 3.7 and Nessus® Professional into a single solution – Tenable.ot (www.tenable.com/products/tenable-ot). This combined solution allows critical infrastructure, manufacturing and industrial organizations to benefit from the efficiencies and cost savings of interconnecting their IT and OT environments without introducing unnecessary and unacceptable risk.
“Modern OT environments increasingly interconnect with IT as organizations seek to optimize costs and accelerate innovation. The result is a complex, sensitive and vastly expanded attack surface where you cannot manage OT cyber risk discreetly,” explains Renaud Deraison, chief technology officer and co-founder, Tenable.
“Tenable.ot 3.7 is a game changer that gives organizations the comprehensive visibility, control and precision to manage, measure and reduce the cyber risk of their IT assets alongside their OT systems.”
“The release of Tenable.ot 3.7 comes on the heels of the National Security Agency (NSA) and Cybersecurity and Infrastructure Agency’s (CISA) (https://us-cert.cisa.gov/ncas/alerts/aa20-205a) alert AA20-205A about the targeting of critical infrastructure by exploiting internet-accessible OT assets,” continues Deraison. “This expanding attack surface and new attack vectors brought by convergence, whether planned or unplanned, require a holistic OT security solution that can precisely identify, assess and protect against both IT- and OT-specific threats within an OT environment.”
Some of the first-to-market features and capabilities of Tenable.ot 3.7 include unified visibility, security and control of converged infrastructures whereby that monitor OT networks and assess OT assets while Nessus intelligently scans and assesses IT-based assets in the OT environment; Vulnerability Prioritization Rating (VPR) whereby Tenable.ot provides a detailed threat-based vulnerability score optimised for both IT and OT assets that takes into account the severity of the vulnerability combined with the existence of public proof-of-concepts (PoC), Dark Web chatter, emergence of exploit code in exploit kits and more. This rating provides greater, risk-based intelligence for security teams to prioritize remediation or mitigation of critical flaws; and extended depth and breadth of coverage means that Tenable.ot now supports additional OT devices to cover over 90% of industrial controllers and protocols on the market today.
The integration is available now as a single license for new Tenable.ot users, whilst current Tenable.ot customers can upgrade to the 3.7 version at no additional cost.