π―Tenable and OX have teamed up to make cloud security better by connecting the dots between code and cloud. Theyβve also introduced a new tool that helps security teams see and manage risks in physical systems like machines and devices without causing any disruptions.
What Happened
In today's digital landscape, cloud security teams are grappling with fragmented visibility and the challenge of prioritizing risks. To address these issues, Tenable and OX have introduced a new joint solution that aims to close the code-to-cloud gap. This integration combines Cloud Native Application Protection Platform (CNAPP) capabilities with deep application security (AppSec) insights, designed to enhance security from development through runtime.
In addition to this integration, Tenable has unveiled its OT Discovery Engine, which enables security teams to bring risks associated with cyber-physical systems (OT, IoT, and shadow IT) into a unified view of cyber exposure. This addition allows organizations to gain comprehensive visibility across IT and OT domains without the need for additional IT overhead, making it easier to manage vulnerabilities across complex environments.
The OT Discovery Engine utilizes a smart, protocol-aware handshake mechanism to safely profile OT assets, ensuring that security teams can identify and manage risks without disrupting critical operations. This capability is crucial as many organizations face significant barriers in OT security, including fears of disrupting fragile devices and the high cost of specialized hardware.
The solution focuses on connecting cloud exposures directly to the responsible code and developers. This eliminates fragmented visibility and ensures that security issues are identified and addressed promptly. By leveraging an automated code-to-cloud asset graph, security teams can correlate risks with their originating services, build pipelines, and specific lines of code.
Who's Affected
Organizations utilizing cloud services and developing applications are the primary beneficiaries of this integration. As many as 86% of organizations reportedly host third-party code packages with critical vulnerabilities, making it essential for security teams to have a unified view of their security posture. This integration helps bridge the gap between cloud security and application development, ensuring that both teams work towards a common goal of reducing vulnerabilities. Furthermore, the OT Discovery Engine is particularly beneficial for organizations with operational technology (OT) systems, as it provides foundational visibility into hidden assets and device attributes without disrupting operations. This is crucial as more than half of Chief Information Security Officers (CISOs) are now responsible for OT security, which has historically been a blind spot in many organizations. The new capabilities allow security teams to safely profile PLCs, human-machine interfaces (HMIs), and IoT devices using the tools they already own, thereby breaking down silos between IT and OT security.
What Data Was Exposed
While the integration itself does not expose data, it addresses the risks associated with known vulnerabilities, misconfigurations, and excessive permissions that can lead to data breaches. The solution enables organizations to manage the 82% of cloud workloads that currently run with known, exploited, and critical CVEs. By providing visibility into these vulnerabilities, organizations can proactively manage their security posture and mitigate potential risks.
Moreover, the integration allows for smarter prioritization of vulnerabilities based on their actual exploitability in the production environment. This ensures that security teams focus their efforts on the most critical issues that could lead to data exposure. The OT Discovery Engine also helps uncover previously unknown OT and IoT assets, enabling organizations to address vulnerabilities that may have gone unnoticed.
What You Should Do
Organizations should consider implementing the Tenable and OX integration to enhance their cloud security posture. Here are some recommended actions: By adopting this integrated approach, organizations can significantly bolster their defenses against potential threats while ensuring that security is a shared responsibility across development and operations teams.
Immediate
- 1.Integrate Security Early: Incorporate security measures into infrastructure-as-code (IaC) and CI/CD pipelines to catch vulnerabilities early in the development process.
- 2.Utilize Unified Asset Graphs: Leverage the automated asset graph to correlate cloud risks with the originating code, ensuring comprehensive visibility across the development lifecycle.
- 3.Focus on Remediation: Assign ownership of vulnerabilities directly to developers, reducing the mean-time-to-remediation (MTTR) and ensuring accountability.
Long-term
- 4.Monitor Continuously: Maintain ongoing insight into application-level vulnerabilities and entitlements to adapt to evolving threats.
- 5.Adopt OT Discovery: Utilize the new OT Discovery Engine to gain visibility into cyber-physical systems, ensuring that all assets are accounted for and secured.
With the integration of the OT Discovery Engine, Tenable is addressing the long-standing visibility gap in OT security, allowing organizations to manage risks associated with cyber-physical systems more effectively.
