Tenable®, Inc., the Cyber Exposure company, today announced a first-of-its kind integration with Tenable.ot™ 3.7 and Nessus® Professional to help organizations secure both IT and operational technology (OT) devices in converged environments. For the first time, customers can use a single solution – Tenable.ot – for unmatched visibility and control to secure IT assets alongside OT systems and reduce their cyber risk in converged, modern environments.
With digital transformation, cyberattacks are increasingly creeping laterally between IT and OT. The Tenable.ot 3.7 release comes on the heels of the National Security Agency (NSA) and Cybersecurity and Infrastructure Agency’s (CISA) alert AA20-205A about the targeting of critical infrastructure by exploiting internet-accessible OT assets. This expanding attack surface and new attack vectors brought by convergence, whether planned or unplanned, require a holistic OT security solution that can precisely identify, assess and protect against both IT- and OT-specific threats within an OT environment.
“Modern OT environments increasingly interconnect with IT as organizations seek to optimize costs and accelerate innovation. The result is a complex, sensitive and vastly expanded attack surface where you cannot manage OT cyber risk discreetly,” said Renaud Deraison, Chief Technology Officer and Co-Founder at Tenable. “Tenable.ot 3.7 is a game changer that gives organizations the comprehensive visibility, control and precision to manage, measure and reduce the cyber risk of their IT assets alongside their OT systems.”
Tenable.ot 3.7 allows critical infrastructure, manufacturing and industrial organizations to benefit from the efficiencies and cost savings of interconnecting their IT and OT environments without introducing unnecessary and unacceptable risk. First-to-market features and capabilities include:
Unified Visibility, Security and Control of Converged Infrastructures: Tenable.ot monitors OT networks and assesses OT assets while Nessus intelligently scans and assesses IT-based assets in the OT environment.
Vulnerability Prioritization Rating (VPR): Tenable.ot provides a detailed threat-based vulnerability score optimized for both IT and OT assets that takes into account the severity of the vulnerability combined with the existence of public proof-of-concepts (PoC), Dark Web chatter, emergence of exploit code in exploit kits and more. This rating provides greater, risk-based intelligence for security teams to prioritize remediation or mitigation of critical flaws.
Adaptive Assessment: The built-in Nessus sensor will only ever touch IT devices, while OT devices will continue to be handled by Tenable.ot, for a customized and controlled approach to securing converged environments.
Extended Depth and Breadth of Coverage: Tenable.ot now supports additional OT devices to cover over 90% of industrial controllers and protocols on the market today.
Community Intel: In addition to policy- and anomaly-based detection, Tenable.ot 3.7 also utilizes open source threat intelligence pulled from the security community for real-time updates.
The integration is available now as a single license for new Tenable.ot users. Current Tenable.ot customers can upgrade to the 3.7 version at no additional cost.