Bernard Montel, Tenable: A successful exposure management program requires a combination of people, process and technology
April 2023 by Marc Jacob
At FIC, Tenable will showcase our exposure management platform Tenable One and Tenable Cloud Security. Bernard Montel, Technical Director EMEA and Security Strategist at Tenable believes that a successful exposure management program requires a combination of people, processes and technologies.
Global Security Mag: What are the highlights of the solutions you will present during the International Cybersecurity Forum 2023?
Bernard Montel : At FIC our team will be highlighting our Tenable One Exposure Management Platform and Tenable Cloud Security (formerly Tenable.cs).
Tenable One provides clear and concise context-driven risk analytics into customers’ exposure, giving security teams the ability to surface and accurately answer critical questions about security posture. It aggregates vulnerability data across IT infrastructure, web apps, public cloud and identity systems. This helps organisations prioritise mitigation, prevent successful attacks and communicate risk accurately to stakeholders. Tenable One draws upon the industry’s largest vulnerability management data set from Nessus while understanding relationships between assets, exposures, privileges and threats across attack paths.
Tenable Cloud Security enables organisations to achieve consistent cloud security and compliance by bringing all cloud vulnerabilities, misconfigurations and drift across multi-cloud and cloud-native environments to the forefront, providing organisations with a unified cloud security solution that simplifies and scales cloud security posture management. Tenable Cloud Security’s built-in best practices consistently enforce security posture and compliance across environments, detecting and preventing risky configurations from ever reaching cloud runtimes. When deployed as part of Tenable One, customers gain advanced vulnerability prioritisation capabilities and automated remediation workflows, enabling security and DevOps teams to prioritise remediation efforts where they can have the biggest impact on security and compliance posture.
Global Security Mag : This year’s theme of the FIC is Cloud Computing, what are the main cyber threats to the Cloud?
Bernard Montel : According to a study by the Cloud Industry Forum, around 60% of all organisations are still pursuing a hybrid cloud strategy with a mix of on-premise and cloud resources - compared to 36% that rely on a cloud-first model.
Hybrid and multi-cloud strategies enable organisations to satisfy unique business requirements and accelerate innovation. But managing highly complex and distributed cloud environments – each with its own security tools, processes and specialised skill requirements – is neither easy nor straightforward. As a result, security issues such as simple misconfigurations and excessive privileges – the root cause of the majority of cloud breaches – can go unseen.
Global Security Mag : What are the advantages of Cloud Computing?
Bernard Montel : Organisations today are using multiple clouds to address unique workload requirements, build scalable cloud native apps using microservices, containers and Kubernetes, and speed time-to-market with continuous delivery practices. As illustration, the pandemic shift to telecommuting would hardly have been feasible without the cloud, which allows employees to access data and services anytime, anywhere.
The cloud is becoming an integral part of supply chain technologies, the Internet of Things (IoT), artificial intelligence (AI) and infrastructure-as-code (IaC) as the world rapidly shifts towards everything-as-a-service.
Global Security Mag: How should technologies evolve to counter these threats?
The complexity of today’s modern attack surface is the key driver behind the emergence of exposure management programs. Security programs today are reactive when they should be proactive, and they’re often siloed when the attack surface isn’t, creating a reactive firefighting approach that disadvantages defenders.
Security teams are challenged to keep up with the constant influx of data from the array of point solutions they are using to manage vulnerabilities, web applications, identity systems and cloud assets. And, they’re challenged with effectively analysing all that data to make informed, proactive decision-making about which exposures represent the greatest risk to the organisation.
Implementing an exposure management program enables security professionals to better allocate time and resources so they can focus on taking the actions that legitimately reduce their risk.
Global Security Mag : In your opinion, what role can humans play in strengthening the defense strategy to be deployed?
Bernard Montel : A successful exposure management program requires a combination of people, processes and technology.
Security teams play a critical role in strengthening the defence strategy by understanding the larger mission of the organisation and safeguarding the tools and assets that enable staff to complete business critical activity, while also ensuring important data is safe-guarded. Examining cyber risk based on departmental or operational units allows collaboration among different constituencies, which saves time, improves investment decisions, supports insurability and drives improvement over time all while tangibly reducing risk to the organisation.
Global Security Mag : What message would you like to convey to CISOs?
Bernard Montel : Tenable’s approach to risk management and cybersecurity is focused on providing customers with the visibility, vulnerability data and context-driven risk analytics to reduce risk across their entire attack surface – IT and OT infrastructure, web apps, public cloud and identity systems. As the leader in vulnerability management and now a platform-first company, Tenable has earned the trust of its customers to be the vendor of choice as they look to cover more of their attack surface.
Approximately 43,000 organisations around the globe, including approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies trust Tenable to understand and reduce their cyber risk.