Analysis
Attacks and Vulnerabilities
Critical infrastructure
News
OT Network security
Technology & Solutions
Vendors

Tenable OT Security works on asset discovery and visibility, offers vulnerability, threat detection

March 10, 2023
Tenable OT Security works on asset discovery and visibility, offers vulnerability, threat detection

Exposure management company Tenable announced Thursday new capabilities within Tenable OT Security that will bring to market broader protection for OT (operational technology), critical infrastructure, and ICS (industrial control systems) environments, regardless of the size of deployment or configuration of the environment. 

The new functionality keeps the CISO’s organization front and center — making it even easier to secure and maintain governance of the entire attack surface, using the same tools and processes across their infrastructure, be it OT, IT, IoT, cloud, or other platforms. 

The new update extends the vulnerability detection capabilities of Tenable OT Security even further with the upgrade to the OT active scanner, providing an even tighter integration with Nessus, the company’s vulnerability scanning technology. Tenable OT Security now offers customers improved scanning capabilities using the technology trusted by more than 40,000 security teams worldwide.

Tenable OT Security will include capabilities that increase asset discovery and visibility, and delivers advanced vulnerability and threat detection, with enhanced dashboards and reporting. The update also features product localization capabilities including Chinese, Japanese, French, and German language, helping to reduce training and support costs for companies operating in non-English speaking regions.

Furthermore, when it comes to connected OT environments, attacks can propagate across IT to impact the OT infrastructure and vice versa. Security teams familiar with protecting IT systems are increasingly responsible for protecting OT implementations too. However, without holistic visibility, security risks are nearly impossible to determine and track.

With Tenable OT Security, organizations can increase asset discovery and visibility by extending Active Query capabilities at the sensor layer to allow for deep asset visibility across network segments. It also upgrades the management experience for Tenable OT Security sensors, and adds support for various controllers, including Bosch PSI Controllers, and Bachmann M1, expanding Tenable asset discoverability capabilities.

The new offering will also augment scanning capabilities by integrating with Nessus, giving users the option to fully leverage Nessus’ smart scanning against confirmed IT devices, safely, without affecting productivity. Additionally, Tenable OT Security adds dashboard widgets to Nessus’ plugin-based vulnerability detection for easy viewing of vulnerability data and offers an improved Intrusion Detection System (IDS) Engine feed that can now be continuously updated on demand via cloud or offline.

The Tenable OT Security enhances enterprise management dashboards that provide a centralized view of multiple connected operational sites, enabling quick and easy exporting of reports to share with business and operations stakeholders. It also comes with dozens of user-configurable widgets that highlight common and most severe vulnerabilities, common policies, and common plugin families, along with an upgraded user interface (UI) experience with the option of dark mode for comfortable viewing in low light environments.

“We consistently hear from CISOs that they have been tasked with security for mixed environments that include both OT and IT technologies, but they don’t have the requisite visibility to secure either well. The new capabilities added to Tenable OT Security provide our customers with full visibility, security, and control of all their environments and assets, in one consolidated view,” Amir Hirsh, general manager for OT Security at Tenable, said in a media statement. “Now, our customers can leverage the full strength of Tenable OT active scanning, tightly integrated with embedded Nessus scans for IT assets, to create a clear view of all assets, their vulnerabilities, risk score, attack path analysis, and more.”

Last month, Tenable disclosed in its annual 2022 Threat Landscape Report persistent threats posed by known vulnerabilities – those for which patches have already been made available – as the primary vehicle for cyberattacks. The findings are based on the Tenable Research team’s analysis of cybersecurity events, vulnerabilities, and trends throughout 2022, including an analysis of 1,335 data breach incidents publicly disclosed between November 2021 and October 2022. 

The Tenable Threat Landscape Report categorizes important vulnerability data and analyzes attacker behavior to help organizations inform their security programs and prioritize security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents. Of the events analyzed, more than 2.29 billion records were exposed, which accounted for 257 terabytes of data. More than 3 percent of all data breaches identified were caused by unsecured databases, accounting for leaks of over 800 million records.

The report also identified that hackers continue to find success with known and proven exploitable vulnerabilities that organizations have failed to patch or remediate successfully. It also revealed that the ‘most-frequently’ exploited vulnerabilities represent a large pool of known vulnerabilities, some of which was originally disclosed as far back as 2017. Organizations that failed to apply vendor patches for these vulnerabilities were at increased risk of attacks throughout 2022.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base