Tenable has announced an integration with Tenable.ot 3.7 and Nessus Professional to help organisations secure both IT and operational technology (OT) devices in converged environments. For the first time, customers can use a single solution — Tenable.ot — for unmatched visibility and control to secure IT assets alongside OT systems and reduce their cyber risk in converged, modern environments, said the company.
With digital transformation, cyberattacks are increasingly creeping laterally between IT and OT. The Tenable.ot 3.7 release comes on the heels of the National Security Agency (NSA) and Cybersecurity and Infrastructure Agency’s (CISA) alert AA20-205A about the targeting of critical infrastructure by exploiting internet-accessible OT assets. This expanding attack surface and new attack vectors brought by convergence, whether planned or unplanned, require a holistic OT security solution that can precisely identify, assess and protect against both IT- and OT-specific threats within an OT environment.
“Modern OT environments increasingly interconnect with IT as organisations seek to optimise costs and accelerate innovation. The result is a complex, sensitive and vastly expanded attack surface where you cannot manage OT cyber risk discreetly,” said Renaud Deraison, chief technology officer and co-founder, Tenable. “Tenable.ot 3.7 is a game changer that gives organisations the comprehensive visibility, control and precision to manage, measure and reduce the cyber risk of their IT assets alongside their OT systems.”
Tenable.ot 3.7 allows critical infrastructure, manufacturing and industrial organisations to benefit from the efficiencies and cost savings of interconnecting their IT and OT environments without introducing unnecessary and unacceptable risk. First-to-market features and capabilities include:
- Unified Visibility, Security and Control of Converged Infrastructures: ot monitors OT networks and assesses OT assets while Nessus intelligently scans and assesses IT-based assets in the OT environment.
- Vulnerability Prioritisation Rating (VPR):ot provides a detailed threat-based vulnerability score optimised for both IT and OT assets that takes into account the severity of the vulnerability combined with the existence of public proof-of-concepts (PoC), Dark Web chatter, emergence of exploit code in exploit kits and more. This rating provides greater, risk-based intelligence for security teams to prioritise remediation or mitigation of critical flaws.
- Adaptive Assessment: The built-in Nessus sensor will only ever touch IT devices, while OT devices will continue to be handled by Tenable.ot, for a customised and controlled approach to securing converged environments.
- Extended Depth and Breadth of Coverage: ot now supports additional OT devices to cover over 90% of industrial controllers and protocols on the market today.
- Community Intel: In addition to policy- and anomaly-based detection, Tenable.ot 3.7 also utilises open source threat intelligence pulled from the security community for real-time updates.
The integration is available now as a single license for new Tenable.ot users. Current Tenable.ot customers can upgrade to the 3.7 version at no additional cost.
Discussion about this post