π―Tenable has created a new tool that helps companies see and manage their connected devices better. This tool works with what they already have, making it easier for them to protect important systems without needing new equipment.
The Flaw
Tenable has introduced a new OT asset discovery engine, designed to provide security teams with enhanced visibility into cyber-physical systems (CPS), including operational technology (OT), Internet of Things (IoT), and shadow IT assets. This engine is integrated into the Tenable One Exposure Management Platform, allowing organizations to manage their total cyber exposure from a unified view.
What's at Risk
As organizations increasingly rely on interconnected systems, the risk associated with cyber-physical assets grows. Traditional IT security measures often fail to account for the vulnerabilities present in OT environments. The new engine addresses a critical gap: over 45% of modern OT compromises originate from IT environments, highlighting the urgent need for cohesive security strategies that encompass both domains.
Patch Status
The VM-Native OT Discovery capability is now available to all Tenable One, Tenable Vulnerability Management, and Tenable Security Center customers. This feature allows for immediate deployment without the need for specialized hardware or additional agents, thus simplifying the integration process for organizations.
Immediate Actions
Organizations are encouraged to adopt this new OT Discovery engine to enhance their visibility into hidden assets and vulnerabilities. Key benefits include:
Immediate
- 1.Accelerated Compliance: Organizations can quickly adhere to evolving regulatory requirements for cyber-physical systems without the need for extensive hardware deployments.
- 2.Elimination of Operational Blind Spots: The engine provides foundational visibility into device attributes, including vendor details and firmware versions, without disrupting operations.
Long-term
Technical Details
The OT Discovery engine utilizes a smart, protocol-aware handshake method to safely query and profile OT assets, ensuring that critical devices remain operational during the scanning process. This approach mitigates the risk of operational disruptions that often accompany traditional scanning methods.
Industry Impact
With more than half of Chief Information Security Officers (CISOs) now responsible for OT security, the launch of this engine is a significant step towards addressing the complexities of managing risks across IT and OT environments. Tenable's solution aims to foster collaboration between IT security teams and operational teams, ultimately enhancing the overall security posture of organizations.
What to Watch
Organizations should monitor the effectiveness of their OT security measures as they integrate this new discovery engine. The ability to visualize and manage cyber-physical risks will be crucial as cyber threats continue to evolve and target interconnected systems.
The integration of OT Discovery into existing Tenable platforms represents a significant advancement in the ability to manage cyber-physical risks, addressing a critical gap in visibility and security for organizations.
