Part of Cognosec’s Partner Profile series, we interview Joel Barnes, EMEA Sales Engineer Director at Tenable who explains what the company does and how it can help. He also highlights the benefits of its cloud-based vulnerability-management platform Tenable.io.
Could you explain briefly what Tenable does and what it provides?
Tenable was founded in 2002 to help customers in all sectors solve their most difficult security challenges. Today, thousands of organizations around the world rely on Tenable to defend against threats that are at the centre of board-level and public policy discussions. Tenable has also earned numerous industry awards and distinctions, including those from SC Magazine, the SANS Institute, Frost & Sullivan, AusCERT and NetworkWorld Asia. In October 2016, the company announced its first acquisition with the purchase of San Francisco-based container security company FlawCheck. Tenable was also one of only two pure-play cybersecurity software companies named to the 2016 Forbes Next Billion-Dollar
Startups list. In 2015 the company announced a $230 Series B investment led by Insight Venture Partners and Accel.
Does Tenable work with companies of varying size and number of endpoints?
With more than one million users and over 21,000 customers worldwide, organizations trust Tenable for proven security innovation. Tenable customers range from Fortune Global 500 companies, to the global public sector, to mid-sized enterprises in all industries, including finance, government, healthcare, higher education, retail and energy.
What are the most popular products and/or solutions Tenable provides?
Tenable.ioTM, built on the leading Nessus technology from Tenable. This cloud-based vulnerability-management platform delivers a fresh, asset-based approach that accurately tracks your resources, while offering specialised applications for container security and web application scanning. Maximising visibility and insight, Tenable.io effectively prioritises your vulnerabilities while seamlessly integrating into your environment.
Does Tenable provide reporting analytics and on-going support for its customers?
One of the key problems that organizations are plagued with is the lack of visibility into the data that they gather. This can be seen across just about every security discipline. By providing asset visibility and classification, alongside vulnerability management, Tenable provides multiple ways of assisting organizations in the analysis of their vulnerability risk. Without this sort of analysis, it is very difficult to provide actions to improve the organizations stance which should be the ultimate goal of any security program.
For example, at the simplest level, customers just want to filter their data to meet their immediate needs. So, if I want to find all the critical, exploitable vulnerabilities that reside on my web facing infrastructure that are running Apache, this is easily achieved using the advanced filtering capabilities within the Tenable solutions. However, to progress beyond this more ad-hoc view of the world and start to look at managing the overall vulnerability risk within an organization it is important to get a higher viewpoint of the data.
Tenable provide a huge range of dashboards to address this higher level so that you can see all of your data through a single lens, split that data by user, show trending and alerts amongst other criteria. All of the data supporting these dashboards is immediately available just by clicking through so that the technical users can quickly see what the issue is, how to fix it and/or mitigate the risk associated. These can be customised or created from scratch to meet the business reporting requirements.
Even higher, you may want to measure yourself against a business metric rather than a technical metric. By using the Tenable Assurance Report Cards, this can also be achieved. Again, all underpinning data is maintained so further analysis can be performed to enable action to take place.
Ransomware such as WannaCry and EternalRocks have been hot topics recently, how can Tenable help organizations defend against these global cyberattacks?
Most cyberattacks, whether they be carrying ransomware or some other type of payload, typically leverage existing vulnerabilities that are prevalent across the entire global IT infrastructure. The primary issue is that organizations don’t have visibility into their own network. By not being able to easily see what they have on their network, the status of that asset, what’s installed on it and how well it is configured and patched, they are flying blind with regards to actually protecting themselves.
Tenable solutions address this visibility gap in a variety of ways. Firstly, by allowing customers to easily see what assets are available on their network when they arrive. This can be achieved with a combination of active scanning and passive listening to ensure that full visibility is maintained continually. Once an organisation can actually see what they have then the analysis of that information can take place.
So, once that information about the support status of systems, the installed software and associated patches, service packs, etc. has been collected it now becomes a matter of what to do with that information. If it’s an out of support system then maybe it’s worth removing it from the network. If we can’t do that for some reason, then what protections can we put in place around that asset to ensure that an exploit can not take advantage. If it’s a missing patch then a decision has to be made about what action to take. Do you install the patch immediately, test it, put further protections around etc.
Given the glut of information that you will receive putting a risk based approach in place should be a priority so that the most immediate action is targeted at the most risky assets in the organisation. This should not, however, be done to the exclusion of everything else. For the recent attacks, it wasn’t the most critical systems that were necessarily affected.
What are your five top tips for an organization who’s objective it is to withstand a significant cyberattack?
I’m going to back out of putting a definitive order together and just give five options that are open to all organizations. The priority of those should be assessed based on a risk analysis of the organisation in question:
- HA/DR
It’s vital that an organization finds where it’s critical data and assets are and ensures that backups AND restores work flawlessly so that, if the very worst were to happen, the business can be back on its feet in a timely fashion. This hasn’t changed in years, but is still a vital component of preparing for the worst. For those critical business systems, look at how high availability can be implemented so that there is limited downtime. There is a lot within this subject that should be looked at that is beyond the scope of this particular piece.
- Gain visibility into your network
The vast majority of organizations don’t know what is on their network from one day to the next. They typically know where all their ‘critical’ assets are, but what about those virtual ones that dev keep spinning up, or the containers that the web app team keep firing into the DMZ. How about that exec laptop that seems to be very non-standard? If you can’t see it, you can’t protect it. An attack will hit was is least well protected. Not knowing that something is on your network and posing a significant risk to your business is unforgivable.
- Patch what you can and protect what you can’t patch
Find where your vulnerable and unpatched systems are and patch those that can be patched. The majority of exploited vulnerabilities tend to have patches already available, so there really is no excuse for not patching those things that can be patched. Consider what testing cycles you need and where. For pre-prod and dev platforms it may be easier to deal with potential consequences of patches rather than delay the patches going out whereas in production you may need to do some testing. However, ensure that you put other protections in place whilst testing to ensure a maximum reduction in risk. For those systems that can’t be patched consider complete removal or other types of protection (ACLs, white/black lists etc.)
- Make security an organisational issue
Security should be everywhere. All the employees of a company should know what to do if they believe they have been targeted by a cyberattack, who to contact and what NOT to do (probably more important). How to get this done is one of the questions that has been plaguing IT Security for years, but the tide is slowly turning and the tone from the top is starting to embrace this. If that is the case in your organisation, latch on to it and exploit it as much as possible. If it’s not, then see if you can be that agent of change.
- Continually monitor
Taking a snapshot in time for what your network looks like and then acting upon that will have limited impact on reducing the vulnerability risk within an organisation if it is not continually checked and updated. The rise in virtualisation, cloud, BYOD etc. means that by the time you have finished scanning for what you own, something else will probably have arrived that you know nothing about. Gaining visibility into what is happening and when it is happening will allow you to be more responsive to possible vulnerabilities and, thus, reduce the risk to the environment. Remember, it’s the stuff you don’t know about that is most likely to be exploited.
And finally, why does Tenable work with Cognosec?
Tenable is a channel-led organization, partnering with leading security technology resellers. Cognosec have a strong depth and knowledge of customers across many verticals including Government, Financial and Public Sector organisations. Working with Tenable, Cognosec will focus on PCI compliance, GDPR compliance, Assurance and managed cybersecurity services for their customers. Tenable's certified training program for partners ensures customer success in developing and launching our joint, enhanced solutions. We are looking forward to continuing our relationship with the Cognosec team to help their customers transform the security of their networks with continuous visibility and critical context, enabling decisive action.
