Had been you unable to attend Rework 2022? Try the entire summit classes in our on-demand library now! Watch right here.
Over the previous two years or so, it has change into more and more clear that conventional vulnerability administration doesn’t work. With 18,378 vulnerabilities reported in 2021 — safety groups merely should not have time to mitigate all potential entry factors earlier than an assault can exploit them.
On the identical time, trendy enterprise environments are so dynamic and expansive that organizations want full visibility over your entire assault floor, so their safety techniques may be profitable. This goes past monitoring on-site IT property. — to cloud companies, containers, internet apps and identification companies.
It is a development that vulnerability options supplier, Tenable, has acknowledged by at this time launching, a brand new cloud-based publicity administration platform, referred to as Tenable One, designed to find property and assess threat throughout your entire assault floor.
Publicity administration offers safety groups a broader view of the assault floor, providing the flexibility to conduct assault path evaluation to research assault paths from externally recognized factors to inner property. It additionally permits orgs to create a centralized stock of all IT, cloud, Energetic Listing and internet property.
Occasion
MetaBeat 2022
MetaBeat will deliver collectively thought leaders to present steering on how metaverse know-how will rework the way in which all industries talk and do enterprise on October 4 in San Francisco, CA.
Register Right here
Vulnerability administration is out, publicity administration is in
Tenable’s shift away from vulnerability administration comes as extra organizations are struggling to handle the assault floor.
In line with the State of Assault floor Administration 2022 report, 7 in 10 organizations have been compromised through an unknown, unmanaged, or poorly managed internet-facing asset previously yr.
One of many essential causes for this excessive degree of exploitation is that many organizations lack the flexibility to establish uncovered property as a part of a unified stock.
“Conventional vulnerability administration focuses on the act of enumerating flaws in software program that might be exploited (CVEs). Publicity administration extends past this by offering further context like who’s utilizing the system, what they’ve entry to, the way it’s configured, and so forth.,” mentioned Glen Pendley, CTO at Tenable.
Pendley added that, “There’s extra to proactively securing an surroundings than patching software program. Publicity administration permits cybersecurity groups to operationalize their stopping safety packages, which in flip additionally permits organizations to obviously clarify the effectiveness of their safety program.”
Tenable One approaches publicity administration by offering customers with knowledge about configuration points, vulnerabilities, and assault paths throughout property to present safety groups a transparent view of their surroundings and potential weaknesses that attackers may exploit.
The vulnerability administration and assault floor administration market
For years, Tenable has sat firmly inside the vulnerability administration market, which researchers anticipate will attain a worth of $2.51 billion by 2025, rising at a compound annual progress charge (CAGR) of 16.3%.
Tenable One can most precisely be described as competing in opposition to assault floor administration distributors. It goals to supply a complete view of the exposures of internet-facing property, slightly than providing a system to establish and prioritize vulnerabilities inside an on-site community.
One of many main distributors on this house is Randori, with a valuation between $50 to $100 million which IBM acquired halfway via this yr, and gives a cloud-based answer to map the assault floor in real-time. This consists of companies, IPs, domains, networks, hostnames and different parts.
One other competitor is Cycognito, which raised $100 million in funding in December 2021 and achieved an $800 million valuation. The corporate gives enterprises an exterior assault floor administration platform that may routinely uncover internet-facing property and supply contextualized threat mapping, detecting and prioritizing which an attacker can exploit.
In line with Pendley, Tenable’s key differentiator is context.
“As of at this time, no different firm is ready to present the breadth of protection, context and actionable reporting that Tenable can,” Pendley mentioned. “We anticipate the large-cap cybersecurity distributors to begin transferring on this path, however nobody has developed what Tenable has.”