central view of all assets and identities – whether they are in IT, OT, cloud or IoT environments – and the risks associated with them. The platform also unifies data from third-party tools, consolidating them into a single pane of glass and providing full risk context.
This enables organisations to see all their cyber risks in one place, identify the true exposures threatening their business value, and make more informed investments to optimise their overall security posture.
Can you share a real-world example or use-case where Tenable’ s OT solutions have made a significant impact?
A regional beverage manufacturer has been using Tenable Nessus and Tenable Security Center as a key part of its vulnerability management strategy in the IT network for several years. It asked Tenable to support it with a Proof of Value( PoV) for its OT environment. The test installation at a remote site, which was scheduled at short notice and implemented within just two weeks, proved to be a real game changer.
Although the facility runs the most diverse machine park of all the sites, ranging from modern high-tech systems to legacy devices from the late 1980s, which is not unusual for OT environments, Tenable OT Security delivered a detailed inventory after a short period of finetuning. In addition to a comprehensive list of systems, it also contained extensive information about the system software, the software versions and the vulnerabilities, thus laying a robust foundation for securing the environment.
This manufacturer quickly decided to transfer the PoV to live operation at the beginning of 2024 and rolled out the system successively at all locations. As of today, all sites are connected to Tenable OT Security.
In late fall 2024, they commissioned a new dosing system for chemicals at one of its sites. While the system was being set up, Tenable OT Security detected that several of the machine’ s control systems had massive known security vulnerabilities for which patches had actually been available for years. Without Tenable OT Security, the production environment would inevitably have become vulnerable.
When first installed, Tenable OT Security generated over 80 alerts per 1,000 systems. Today, our customer has reduced that number by more than 52 %, bringing it down to just 38 per 1,000. This represents a remarkable improvement, with nearly all of the remaining vulnerabilities classified as non-critical.
What do you see the future of exposure management in OT holding?
Organisations are increasingly realising that you can’ t address your risk by looking at different areas of the business – you have to look at it holistically. Technology has evolved, obliterating the barrier between IT and OT. This sprawling, ever-changing landscape of laptops, servers, cloud platforms, mobile devices and interconnected operational technologies increases business risk that has to be addressed holistically.
Exposure management, as a discipline, does exactly that by providing unified visibility, better insights and preemptive action. Security teams can’ t reduce risk when everything is scattered. Just like how the IT and OT worlds have collided, we now have to bring all our threat intel together.
WWW. INTELLIGENTCISO. COM 27