Cloud Security - Tenable and OX Unite to Close Gaps
Basically, Tenable and OX created a tool to help developers fix security issues in cloud applications faster.
Tenable and OX have launched a joint solution to enhance cloud security. This integration connects cloud risks to the responsible code and developers. It aims to eliminate fragmented visibility and improve remediation processes, making it easier for teams to manage vulnerabilities effectively.
What Happened
In today's digital landscape, cloud security teams are grappling with fragmented visibility and the challenge of prioritizing risks. To address these issues, Tenable and OX have introduced a new joint solution that aims to close the code-to-cloud gap. This integration combines Cloud Native Application Protection Platform (CNAPP) capabilities with deep application security (AppSec) insights, designed to enhance security from development through runtime.
The solution focuses on connecting cloud exposures directly to the responsible code and developers. This eliminates fragmented visibility and ensures that security issues are identified and addressed promptly. By leveraging an automated code-to-cloud asset graph, security teams can correlate risks with their originating services, build pipelines, and specific lines of code.
Who's Affected
Organizations utilizing cloud services and developing applications are the primary beneficiaries of this integration. As many as 86% of organizations reportedly host third-party code packages with critical vulnerabilities, making it essential for security teams to have a unified view of their security posture. This integration helps bridge the gap between cloud security and application development, ensuring that both teams work towards a common goal of reducing vulnerabilities.
By identifying the specific developers responsible for code vulnerabilities, the solution fosters accountability and streamlines remediation processes. This is particularly important in environments where multiple teams may be involved in the development and deployment of applications.
What Data Was Exposed
While the integration itself does not expose data, it addresses the risks associated with known vulnerabilities, misconfigurations, and excessive permissions that can lead to data breaches. The solution enables organizations to manage the 82% of cloud workloads that currently run with known, exploited, and critical CVEs. By providing visibility into these vulnerabilities, organizations can proactively manage their security posture and mitigate potential risks.
Moreover, the integration allows for smarter prioritization of vulnerabilities based on their actual exploitability in the production environment. This ensures that security teams focus their efforts on the most critical issues that could lead to data exposure.
What You Should Do
Organizations should consider implementing the Tenable and OX integration to enhance their cloud security posture. Here are some recommended actions:
- Integrate Security Early: Incorporate security measures into infrastructure-as-code (IaC) and CI/CD pipelines to catch vulnerabilities early in the development process.
- Utilize Unified Asset Graphs: Leverage the automated asset graph to correlate cloud risks with the originating code, ensuring comprehensive visibility across the development lifecycle.
- Focus on Remediation: Assign ownership of vulnerabilities directly to developers, reducing the mean-time-to-remediation (MTTR) and ensuring accountability.
- Monitor Continuously: Maintain ongoing insight into application-level vulnerabilities and entitlements to adapt to evolving threats.
By adopting this integrated approach, organizations can significantly bolster their defenses against potential threats while ensuring that security is a shared responsibility across development and operations teams.
Tenable Blog