Tenable unveils benchmarking solution
Software company Tenable announced a new feature, called Tenable.io Lumin, which the company said will enable organizations to quantify and communicate their cyber risk.
In cyber security, the concept of an “attack surface” refers to the total number of points or vectors an attacker might seize to take advantage of an environment. Companies undergoing digital transformation expand their attack surface by using new cloud and web connected technologies, making them more susceptible to vulnerabilities in return. Tenable reports over 60% of vulnerabilities detected by its customers in 2017 classified as high or critical severity.
“With the digital transformation at its height, a company’s assets are no longer just laptops or servers,” explained Dave Cole, chief product officer at Tenable, in an email exchange with RCR Wireless News. “It’s now a complex mix of digital compute platforms and assets which represent the modern attack surface, where the assets themselves and their associated vulnerabilities are constantly expanding, contracting and evolving – like a living organism.This elastic attack surface has created a massive gap in an organization’s ability to truly understand its cyber exposure at any given time. This is called the cyber exposure gap.”
Tenable’s cyber exposure Software-as-a-Service (SaaS) platform, Tenable.io, is intended to address these kinds of threats. Launched in January 2017, the platform provides vulnerability management, web application scanning and container security. Lumin is included as an application of the Tenable.io platform. It serves as a benchmarking tool that compares an organization’s efforts against other companies to optimize security processes and investments.
“The Tenable.io platform and it’s different applications provides customers a way for managing and measuring the modern attack surface to accurately understand and reduce cyber risk,” said Cole. “Specifically, Lumin, transforms security from a raw list of vulnerabilities to a metrics-driven program, where cyber risk is quantified and measured alongside every other business risk and every strategic business decision will rely on it. Lumin enables companies to understand their Cyber Exposure so that it is not an impediment to digital transformation.”
Lumin also leverages third-party APIs to important, normalize and consolidate vulnerability and asset data alongside Nessus vulnerability data within Tenable.io. Out of the box APIs include Qualys for vulnerability data, Amazon Web Services (AWS) for cloud workload data as well as ServiceNow for IT asset data. The company said it will begin a beta for Tenable.io Lumin in second quarter of 2018 and announce new capabilities throughout the year. Tenable added the product will be generally available in the second half of 2018.
“In spite of decades of hard work, the attackers have the advantage. The stakes are too high for the status quo to remain,” said Cole in a statement. “We must come together as an industry to transform vulnerability management, putting the CISO in the driver’s seat so organizations can proactively measure and manage cyber risk in the same way as other business risks, such as production forecasting and managing potential supply chain disruptions. It’s time to flip the advantage into the hands of Security. Cyber Exposure will help drive this transformation, and Tenable.io Lumin is a significant step forward to making this a reality.”
