En la economía digital, la transformación digital ya no se trata de interrupciones. Es supervivencia. Cyber Exposure es una disciplina emergente para administrar y medir su superficie de ataque moderna para comprender con precisión y reducir su riesgo cibernético. Si estás volando a ciegas ante una creciente brecha de exposición cibernética, eso es insostenible
3. The attack surface is expanding
3
Server Desktop Network
infrastructure
ICS/SCADAIndustrial IoT
Web app Mobile Laptop
Enterprise IoT
Virtual machine
Cloud Container
IT
Cloud
IoT
4. Creating a Cyber Exposure Gap
4
Server Desktop Network
infrastructure
ICS/SCADA
Web app Mobile Laptop
Enterprise IoT
Virtual machine
Cloud Container
IT
Cloud
IoT
Industrial IoT
5. Managing and measuring your modern
attack surface to accurately understand
and reduce your cyber risk
Cyber Exposure
is an emerging discipline for:
5
6. Live discovery of
every asset
Continuous
exposure visibility
Communicationof
cybersecurity risk
Risk-based scoring
& prioritization
Strategic decision
support
Cyber Exposure:
From vulnerability management to strategic guidance
6
7. The Four Questions
7
?
Where are we
exposed?
Where should
we prioritize
based on risk?
?
How are we
reducing
exposure over
time?
?
How do we
compare?
?
Company Confidential: Do Not Distribute
8. Assess
AnalyzeFix
Measure
Addressing the full Cyber Exposure lifecycle
8
IoT
OT Cloud
IT
Discover
Identify and map every asset for visibility
across any computing environment
Understand the state of all assets,
including vulnerabilities,
misconfigurations and other
health indicators
Understand exposures in context, to
prioritize remediation based on asset
criticality, threat context and
vulnerability severity
Model and analyze cyber
exposure to make better business
and technology decisions
Prioritize which exposures to fix
first, if at all, and apply the
appropriate remediation technique
9. Advanced Analytics Across Entire Attack Surface
9
•Public & Private Clouds, IoT & OT, Web
Apps, Containers, Traditional IT
•Unified asset & vulnerability data
(including 3rd parties)
•Explore by geography, business units and
asset types
Company Confidential: Do Not Distribute
10. Breakthrough Business Insight
10
•Risk Scoring by vulnerabilities,
threats, asset value & location
•Trend analysis and benchmarking
against industry averages
Company Confidential: Do Not Distribute
12. 12
Platform and Integration Services
Vulnerability
Management
Web
Application
Scanning
PCI ASV
Nessus
Scanner
Nessus
Agent
Nessus
Network
Monitor
Image
Registry
Tenable Ecosystem
3rd Party Data
Assets
Vulnerabilities
Threats
Tenable Ecosystem
3rd Party Systems
CMDB
IT Systems Mgmt
GRC
Lumin:
Analytics, Prioritization, Benchmarking
Web App
Scanner
Container
Security
Tenable.io Lumin:
Complementing & Enhancing Tenable.io Applications
13. Flexible yet powerful for complete visibility
Enterprise IoTIndustrial IoT ICS/SCADA Container Cloud Web App
Network
Infrastructure
Virtual
Machine
MobileLaptop
Server
Desktop
Trusted by 1.6 million users worldwide
14. If you are flying blind to a
widening Cyber Exposure Gap,
that’s just untenable.
14
Notas do Editor
Every security leader wants to answer 4 questions for their CEO or Board:
Where are we exposed?
This means what assets are affected, where, and what is the significance/severity? The changing technology and threat landscape has made this harder to see.
Where should we prioritize based on risk?
Data overload and lack of security staffing have made this more important than ever.
How are we reducing exposure over time?
Security leaders want to understand and report on their progress, and show the value of their investments to senior management.
How do we compare to others – particularly those in our industry?
Security needs to be put into perspective. What is an appropriate level of security for one industry (ex education) might be vastly different from another (ex. financial services). Knowing where one stands amongst peers is crucial in developing budgets and deploying corporate resources.
This is about seeing more and doing more – what is the true state of my environment and how can I effectively secure it?
Tenable.io Lumin provides organizations the ability to see and analyze exposure across their entire attack surface; including public and private clouds, IoT and OT, web applications and containers as well as traditional IT assets.
It integrates and normalizes its own asset and vulnerability data with third-party asset and vulnerability data, and correlates with threat intelligence, to provide risk-driven prioritization, benchmarking and exposure scoring, and visualization of the entire modern attack surface.
Tenable.io Lumin lets you interactively explore your cyber exposure across geographic regions, business units, and asset types.
Tenable.io Lumin allows anyone from analyst to executive to quickly understand and explore their organization’s Cyber Exposure. Advanced risk-based exposure scoring weighs vulnerabilities, threats, asset value and location, providing clear guidance about what to focus on.
It empowers you to benchmark and compare your efforts against other organizations to optimize your security processes and investments.
CISOs, the C-suite and the Board of Directors gain an objective measurement of cyber risk to help drive better strategic decisions and investment priorities. While security managers and analysts can prioritize and remediate issues more effectively, based on risk.
Tenable.io Lumin complements and enhances existing Tenable.io applications. It can import third-party asset and vulnerability data and then normalize and consolidate it with data collected natively by Tenable.io, making it easier to manage Cyber Exposure through analytics, prioritization and benchmarking.
With Tenable.io, we introduced a Cyber Exposure platform for any asset on any computing platform.
With Tenable.io, we offer applications for specific business problems: Vulnerability Management, Web App Scanning, Container Security – and now Tenable.io Lumin.
These apps leverage the data sensors in the bottom row. And unlike other vendors, we give you unlimited active scanners, agents, and passive network monitoring at no extra cost.
Container security is especially important because containers represent the newest blind spot for many organizations.
Tenable.io assesses container images before they’re deployed into production, and integrates into your container build process and SDLC (software development lifecycle).
We also built a specialized application for web application scanning. It provides superior accuracy and safe scanning of critical web apps.
Tenable.io integrates with many 3rd party solutions to bring data in and send data to other systems, supporting your broader business processes.
It also includes an extensive and well documented API and SDK.
Tenable.io is also the only solution that provides true asset tracking (not IP-based), so you can see the real state of your assets and vulnerabilities.
Across all of your applications and data, we provide reporting, dashboarding and prioritization – so you can see and act with confidence.
Tenable.io even scales to the largest organizations. It was deployed by a Fortune 100 company to over a million assets in 100 days.