Predictive Prioritization has the potential of changing the way companies run their vulnerability management programs. According to the National Vulnerability Database, there were 16,500 new vulnerabilities disclosed in 2018 alone, of which only a small fraction was actively weaponized for cyberattacks. Predictive Prioritization addresses this problem by enabling organizations to reduce business risk by focusing on the three percent of vulnerabilities with the greatest likelihood of being exploited in the next 28 days, says Diwakar Dayal, Managing Director, Tenable India, in an interview with CIO AXIS where he delineates on what can be expected in 2019 from security point of view.
How are the trends that are going to dominate the security landscape in 2019?
One of the major trends we’re expecting to see in 2019 is the continued impact of digital transformation. The emergence of new technologies, from containers to IoT to mobile, has expanded an organization’s attack surface and created new blind spots. Security teams are struggling to gain holistic visibility into where they are exposed and to what extent, leaving them increasingly vulnerable to attack. The pace of technological innovation isn’t going to slow down, so the security industry must keep up in 2019.
As the line between network perimeter and endpoint security getting blurred, will it be easier for CISOs to choose between network security and end point security?
Security isn’t a one-size-fits-all approach. CISOs must invest in the technology and processes that work best for their organization’s business needs and priorities. That said, one of the most fundamental and critical components of any security strategy is unified visibility across the digital infrastructure. CISOs must have visibility into all assets across all computing platforms in order to effectively manage, measure and reduce cyber risk.
Are CISOs acknowledging the importance of vulnerability management as a ‘must have’ for their companies?
According to Tenable’s Cyber Defender Strategies Report, nearly 48 percent of organizations globally have embraced strategic vulnerability assessment — defined as mature or moderately mature programs that include targeted and tailored scanning and prioritizing computing resources based on business criticality — as a foundational element of their cyber defense and a critical step toward reducing risk. This is a strong indicator that CISOs are acknowledging and prioritizing strong vulnerability management.
What are the best practices for companies and their CISOs to make their security architecture future-proof?
Unfortunately, CISOs don’t have a crystal ball to see the security challenges of tomorrow. But they can implement basic cyber hygiene practices, such as using two-factor authentication and maintaining their systems, to build a strong foundation for their security program. With these basic, but critically important processes in place, CISOs can be better prepared for future security challenges.
Does regulatory compliance boost the acceptance of vulnerability assessment tools? What about dangers of IoT in the future?
While regulatory compliance is a good baseline standard for security measures, organizations shouldn’t approach security or vulnerability assessments as a checked-box activity.
Tell us about your Pedictive Prioritization Technology. How do you select partners to join your Cyber Exposure mission.
Organizations have long struggled to effectively prioritize remediation efforts due to the barrage of new vulnerabilities in their environments. According to the National Vulnerability Database, there were 16,500 new vulnerabilities disclosed in 2018 alone, of which only a small fraction was actively weaponized for cyberattacks. Predictive Prioritization addresses this problem by enabling organizations to reduce business risk by focusing on the three percent of vulnerabilities with the greatest likelihood of being exploited in the next 28 days.
It’s important that we select the most reputable partners to join our Cyber Exposure mission, helping us improve the security posture of customers around the world. To tackle today’s cybersecurity challenges, our customers need a combination of the right tools and technology, as well as the right skill set. Channel partners with strong cybersecurity practices and a team of skilled consultants with relevant certifications and experience can add tremendous value in helping our customers reduce their Cyber Exposure gap. Our technology is foundational to customers’ cybersecurity readiness posture which greatly benefits partners that are willing to make cybersecurity a part of their core practice.
How do you stand different from others?
Tenable is the first and only provider of Cyber Exposure solutions — an emerging discipline for managing and measuring cybersecurity risk in the digital era. Cyber Exposure builds on the roots of vulnerability management, moving from identifying bugs and misconfigurations and expanding to live discovery of digital assets, continuous visibility into where an asset is exposed and to what extent, prioritization of remediation based on business risk and benchmarking security metrics against industry peers.
What kind of challenges do you foresee for the year 2019 from cybersecurity point of view? What would be the key priorities for Tenable in 2019?
In 2019, we will continue to see security challenges brought on by digital transformation. Today’s corporate environments are a complex mix of modern and traditional assets, with many CISOs struggling to get their arms around the expanding attack surface. In fact, according to an independent study conducted by Ponemon Institute on behalf of Tenable, less than one third (29 percent) of respondents surveyed reported having sufficient visibility into their attack surface to effectively reduce their exposure to risk.
Tenable is laser-focused on our Cyber Exposure vision — helping organizations manage, measure and reduce their cyber risk in the digital era. The launch of Predictive Prioritization is the next phase of our Cyber Exposure journey, which shifts vulnerability remediation efforts from reactive to predictive.