Tenable: Vulnerability administration is out, assault floor administration is in 


Had been you unable to attend Rework 2022? Take a look at the entire summit classes in our on-demand library now! Watch right here.

Over the previous two years or so, it’s turn into more and more clear that conventional vulnerability administration doesn’t work. With 18,378 vulnerabilities reported in 2021, safety groups merely don’t have time to mitigate all potential entry factors earlier than an assault can exploit them. 

On the identical time, trendy enterprise environments are so dynamic and expansive that organizations want full visibility over all the assault floor. This goes nicely past monitoring on-site IT property, to cloud providers, containers, internet apps, and id providers. 

This can be a development that vulnerability supplier Tenable has acknowledged by at the moment launching Tenable One, a brand new cloud-based Publicity Administration platform designed to find property and assess danger throughout all the assault floor. 

Publicity administration provides safety groups a broader view of the assault floor, providing the power to conduct assault path evaluation to research assault paths from externally recognized factors to inside property, and making a centralized stock of all IT, cloud, Lively Listing, and Net property. 


MetaBeat 2022

MetaBeat will carry collectively thought leaders to offer steerage on how metaverse know-how will remodel the best way all industries talk and do enterprise on October 4 in San Francisco, CA.

Register Right here

Vulnerability administration is out, publicity administration is in 

Tenable’s shift away from vulnerability administration comes as extra organizations are struggling to handle the assault floor. 

In accordance with the State of Assault floor Administration 2022 report, 7 in 10 organizations have been compromised by way of an unknown, unmanaged, or poorly managed internet-facing asset up to now 12 months. 

One of many predominant causes for this high-level of exploitation is that many organizations lack the power to establish uncovered property as a part of a unified stock. 

“Conventional vulnerability administration focuses on the act of enumerating flaws in software program that might be exploited (CVEs). Publicity administration extends past this by offering further context like who’s utilizing the system, what they’ve entry to, the way it’s configured, and so forth,” stated CTO at Tenable, Glen Pendley. 

“There’s extra to proactively securing an setting than patching software program. Publicity administration permits cybersecurity groups to operationalise their stopping safety applications, which in flip additionally permits organizations to obviously clarify the effectiveness of their safety program,” Pendley stated. 

Tenable One approaches publicity administration by offering customers with information about configuration points, vulnerabilities, and assault paths throughout property to offer safety groups a transparent view of their setting and potential weaknesses that attackers might exploit. 

A have a look at the vulnerability administration and assault floor administration market 

For years, Tenable has sat firmly throughout the vulnerability administration market, which researchers anticipate will attain a price of $2.51 billion by 2025, rising at a Compound Annual Progress Fee (CAGR) of 16.3%. 

Nevertheless, Tenable One can most precisely be described as competing in opposition to assault floor administration distributors, which goal to supply a complete view of the exposures of internet-facing property, somewhat than providing a system to establish and prioritize vulnerabilities inside an on-site community. 

One of many main distributors on this area is Randori, with a valuation between $50 to $100 million which IBM acquired halfway by way of this 12 months, and affords a cloud-based resolution to map the assault floor in real-time. This consists of providers, IPs, domains, networks, hostnames, and different elements. 

One other competitor is Cycognito, which raised $100 million in funding in December 2021 and achieved a $800 million valuation, providing enterprises an exterior assault floor administration platform that may robotically uncover internet-facing property and supply contextualized danger mapping, detecting and prioritizing which an attacker can exploit. 

In accordance with Pendley, Tenable’s key differentiator is context. “As of at the moment, no different firm is ready to present the breadth of protection, context and actionable reporting that Tenable can. We anticipate the large-cap cybersecurity distributors to start out shifting on this path, however nobody has developed what Tenable has,” Pendley stated.

VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve data about transformative enterprise know-how and transact. Uncover our Briefings.

Supply hyperlink