The partnership combines Tenable’s vulnerability management insights with Splunk’s log and flow consolidation capabilities to help simplify risk prioritization, accelerate threat response and reduce overall risk.

The companies hope the combined solutions will help security teams get ahead of cyber risk by reducing alert fatigue and giving them more time to address issues proactively instead of responding to incidents.

Tenable will give Splunk customers full visibility into their assets and continually assess those assets for exposures and vulnerabilities, assigning each weakness a vulnerability prioritization rating that signifies relative risk to the business.

This rating system will be paired with the log and flow consolidation capabilities provided by Splunk, giving customers correlation data and advanced analytics for incident response and helping them to prioritize and focus security event investigations on the biggest risks in one dashboard.

The capabilities are now available for joint customers.

“Together with Tenable, we provide our joint customers the ability to detect, investigate and take action on vulnerabilities to their technology assets,” said Hitu Chawla, GVP, partner strategy and solutions at Splunk, in a statement. “We’ve launched this partnership with Tenable because of its effective exposure management capabilities and commitment to helping customers understand and reduce business risk.”

“Uniting Splunk’s log and flow consolidation capabilities and Tenable’s visibility and vulnerability data, organizations can respond quickly to actual risk, rather than perceived risk,” said Ray Komar, vice president of technical alliances at Tenable, in a statement. “With this data at their fingertips, cybersecurity teams can address security incidents faster, freeing up their time to focus on other meaningful initiatives.”

The post Tenable, Splunk Launch Partnership for Risk Prioritization appeared first on My TechDecisions.

The Columbia, Md.-based vulnerability management software provider’s research team is conducting ongoing experimentation with generative AI applications such as ChatGPT, and researchers have made them publicly available to the security research community through a GitHub repository.

G-3PO for reverse engineering

One such tool is called G-3PO, a reverse engineering tool that adds another layer of automation to the reverse engineering workflow of Ghidra, an extensible software reverse engineering framework developed by the NSA and released to the pubic in 2019.

According to Tenable, Ghidra “automates several reverse engineering tasks, including disassembling a binary into its assembly language listing, reconstructing its control flow graph and decompiling that assembly listing into something resembling source code in the C programming language.”

However, that is typically where Ghidra’s translation of machine-readable binary code into something humans can understand ends, resulting in manual work for interpretation and annotation.

Human engineers then have to analyze the decompiled code by repeatedly comparing it to the original assembly listing to ensures no errors from the decompilation process are overlooked. As the engineer examines the code, they add explanatory comments and assign descriptive names to variables and functions to improve readability.

According to Tenable, this is where G-3PO comes in by adding another layer of automation to the reverse engineering workflow by submitting a function’s decompiled C code to a language model (it currently supports models from both OpenAI and Anthropic) and requests an explanation of what the function does along with suggestions for descriptive variable names, according to Tenable.

G-3PO can then automatically add these names and comments to the Ghidra decompilation listing, the company says.

The result is the reverse engineer’s fast, high-level understanding of the code’s functionality without having to decipher every line, giving humans a “bird’s eye view” of the binary in question and allowing them to direct attention to regions of code that most concern them. There, they can manually analyze those binaries.

AI Assistant for debugging

Tenable also developed an AI assistant for the GNU Debugger to simplify the debugging process. The company says its tool was implemented as a plugin for two popular GDB extension frameworks; GEF and Pwndbg.

This tool supports language models from Anthropic and OpenAI, allowing the tool to analyze debugging information and answer questions about runtime state or assembly code, Tenable says. The AI assistant debugger reduces the complexities of the debugging process by providing an interactive tool for exploring the debugging context.

“It receives information on registers, stack values, backtrace, assembly and decompiled code if using the Ghidra extension in Pwndbg, providing as much of the relevant context as possible to accompany the user’s queries,” Tenable says in published research. “The user can pose whatever question they like to the model — from general queries like ‘What’s going on here?’ or ‘Does this function look vulnerable?’ to more specific questions like ‘Are there any circumstances that will lead to this function calling free() twice on the same pointer?’ The user can then ask the model follow-up questions for the sake of clarification or correction.”

BurpGPT for web app vulnerability testing

Tenable also built BurpGPT, an AI assistant extension of its Burp Suite of web application vulnerability testing tool. According to the company, the tool works by leveraging Burp’s proxy feature to intercept HTTP traffic and prompts the OpenAI API to analyze the traffic to identify risks and potential fixes to any identified issues.

The company says BurpGPT can be used to discover injection points, misconfigurations and more. The tool–leveraging GPT 3.5 and GPT 4–has successfully identified cross-site scripting vulnerabilities and misconfigured HTTP headers without requiring any additional fine-tuning.

As is the goal with other AI assistants, this is designed to reduce manual work, specifically the testing and automating of security testing for web application developers. Tenable researchers also get another tool to help identify novel new exploitation techniques that can be implemented into Tenable products.

EscalateGPT for IAM security

Tenable is also developing EscalateGPT, an AI-powered tool designed to help identify identity and access management policy issues. Specifically, Tenable calls it a Python tool designed to identify privilege-escalation opportunities in Amazon Web Services IAM.

According to Tenable, EscalateGPT can be used to retrieve all IAM policies associated with users or groups and will then prompt the OpenAI API, asking it to identify potential escalation opportunities and any relevant mitigations. The tool then returns results in a JSON format that includes the path, the Amazon Resource Name (ARN) of the policy that could be exploited for privilege escalation and the recommended mitigation strategies to address the identified vulnerabilities.

The company says testing against real-world AWS environments found that GPT-4 managed to identify complex scenarios of privilege escalation based on non-trivial policies through multi-IAM accounts. With GPT3.5-turbo, Tenable found that only half of the privilege escalation cases tested for were identified.

Generative AI and cybersecurity

Tenable notes that malicious actors are already using generative AI and large language models (LLMs) to conduct attacks, but defenders can also leverage these tools to help with a variety of security tasks, such as log parsing, anomaly detection, triaging, incident response, and more.

Early use cases of ChatGPT and generative AI have already included programming and code analysis. Coupled with threat detection and intelligence from trained AI models, defenders will have many other use cases for this emerging technology, the company says.

“While we’re only at the start of our journey in implementing AI into tools for security research, it’s clear the unique capabilities these LLMs provide will continue to have profound impacts for both attackers and defenders,” Tenable says in its research report.

 Read Tenable’s research for examples and use cases.

The post Tenable Developing Four Generative AI Tools for Security Research appeared first on My TechDecisions.

According to the company, this integration is designed to streamline exposure management for hybrid vulnerability management deployments and can help on-premises organizations transition to the cloud more quickly. Tenable now claims to be the only vendor that offers exposure management for both on-premises and hybrid deployment models.

Tenable One customers can now get access to both Tenable Vulnerability Management and Tenable Security Center, giving them flexibility to deploy vulnerability management assets in the cloud, on-premises or both in a hybrid approach. In addition, Tenable Security Center customers can leverage Tenable One’s advanced exposure management features such as Lumin Exposure View, Attack Path Analysis and Asset Inventory.

The Tenable One platform includes vulnerability management, cloud security, external attack surface management, identity exposure, web app scanning and attack path analysis data. With the integration, Tenable Security Center customers can use Tenable One for a single view of their exposure data. Both Tenable Security Center Plus and Security Center Director are integrated to deliver enhanced visibility and simplified management, the company says.

Glen Pendley, Tenable’s chief technology officer, says in a statement, that visibility into cyber risk factors should be a right and not a privilege. However, on-premises vulnerability management solutions aren’t giving organizations the full picture of where their threats exist.

“Tenable’s platform approach with Tenable One is continuing to expand its reach throughout the security stack and not only creating economies of scale but flexibility for customers as well,” Pendley says.

Tenable Security Center 6.1 will be generally available later in the second quarter of 2023, and the company is holding a webinar to go over the new capabilities on May 11.

The post Tenable Launches Integration Between Tenable One Platform, Security Center 6.1 appeared first on My TechDecisions.

The Columbia, M.D.-based provider of vulnerability management software finds in its 2022 Threat Landscape Report that the number one group of most frequently exploited vulnerabilities are a large pool of known vulnerabilities, including some that date back to 2017. Organizations repeatedly failed to apply the vendor’s patches for these bugs, resulting in increasing attacks throughout last year.

According to Tenable, the top exploited vulnerabilities within this group included several older high-severity flaws in Microsoft Exchange, Zoho ManageEngine products and VPN solutions from Fortinet, Citrix and Pulse Secure.

Of course, Log4Shell, the critical remote code execution bug in Java logger Log4j discovered in December 2021, was among the most frequently exploited vulnerabilities in 2022, according to Tenable. Others included Follina, a remote code execution bug in the Microsoft Support Diagnostic Tool; an Atlassian Confluence Server and Data Center vulnerability; and ProxyShell, a chain of three vulnerabilities in Microsoft Exchange Server.

In all of those cases, the vulnerabilities, mitigations and patches were highly publicized, and organizations had the ability to fix these issues immediately. In addition, four of the first five zero-day vulnerabilities exploited in the wild in 2022 were disclosed to the public on the same day the vendor released patches and mitigations, according to Tenable.

Bob Huber, chief security officer and head of research at Tenable, says in a statement that older, long-known vulnerabilities cause more destruction than new ones.

“Cyberattackers repeatedly find success exploiting these overlooked vulnerabilities to obtain access to sensitive information,” Huber says. “Numbers like these conclusively demonstrate that reactive post-event cybersecurity measures aren’t effective at mitigating risk. The only way to turn the tide is to shift to preventive security and exposure management.”

According to the report, older vulnerabilities in Fortinet FortiOS and Zoho ManageEngine were spotted in changed attacks with Log4Shell and various Exchange Server bugs. Tenable says it has been highlighting some of these bugs “for years,” and they are all listed in CISA’s catalog of Known Exploited Vulnerabilities.

The 2017 vulnerability listed in Tenable’s report is a memory corruption bug in Microsoft Office Equation Editor that has a CVSSv3 score of 7.8. Meanwhile, the report lists three 20178 bugs, a 3030 bug and three 2021 bugs as among the most actively exploited in 2022.

Read Tenable’s report for more information.

The post Older, Unpatched Vulnerabilities Are Still Wreaking Havoc appeared first on My TechDecisions.

According to Tenable, the Cyber Insurance Report will enable insurers, for the first time, to measure preventative security programs by sharing vulnerability data that resides within the firewall. The Cyber Insurance Report is free with a Tenable Vulnerability Management account.

The Columbia, M.D.-based company says it has also partnered with Measured Analytics and Insurance on a referral program designed to provide qualifying Tenable customers with savings on cyber insurance policies.

The company says the relationship represents a new data-drive model for the cyber insurance business, with tangible savings offered to customers.

The Tenable Cyber Insurance Report comes as cyber insurance policy premiums are rising and as obtaining a cyber insurance policy is no longer guaranteed. With the Cyber Insurance Report, customers can share data hat shows the insurance companies clear data that they maintain good security hygiene.

Measured Insurance CEO Jack Vines says the company was founded on the principle that not just any data can be used to underwrite cyber insurance policies.

“By enhancing our AI-driven underwriting models with ‘inside-out’ data from Tenable and other partners, we’re able to build a holistic understanding of a client’s risk profile, which often results in savings on cyber insurance,” Vines says. “Our integrated partner approach provides distinctive insight on risk, making all participants more secure and cyber resilient.”

According to Tenable’s announcement, incident response companies have been major partners for insurance providers investigating claims, but not much as been done to reduce exposure by helping to prevent the core issue that leads to security incidents.

Tenable hopes to provide a way for customers to reduce their exposure and assess their exposure management proficiency with metrics that show how well prepared a company is to prevent a breach rather than simplify responding to one.

“Most of the focus to date on assessing cyber risk for cyber insurance policies has been on whether a company has an adequate breach detection and response capability. But incident response means something has already gone wrong,” says Ray Komar, vice president of technical alliances at Tenable. “There’s never been a way for insurers to measure preventive security, until now.”

Cyber insurance policies with Measured are available for qualifying customers in the U.S. only. Tenable will continue to work with insurance partners to further refine data sources and reporting as part of the ongoing program, Tenable says.

The post Tenable Launches Cyber Insurance Report, Partners With Insurance Provider appeared first on My TechDecisions.

Nearly 70% of organizations are planning to do business in the metaverse over the next three years, but more than 40% have concerns that the security of the metaverse is a significant factor in their metaverse investment decisions, according to a study from vulnerability management company Tenable.

Tenable polled 1,500 IT, cybersecurity and DevOps professionals in the U.S., U.K. and Australia and found that 23% have already started investing in the metaverse, 68% say they plan to do so over the next two-plus years. Just 9% say they either don’t have plans or have decided to not invest in the metaverse. However, fewer than 50% say they are confident in their ability to address cybersecurity threats in the metaverse.

Citing things such as enhanced customer engagement, improved learning and training, remote working/collaboration, new revenue streams, enhanced services, entertainment and digital real estate, it’s clear that organizations see value in the metaverse.

However, those same organizations also see threats, according to Tenable, which found that 41% of organizations are concerned with cybersecurity in the metaverse. Meanwhile, 38% of respondents say their organization will wait to see how the macroeconomic conditions unfold before exploring the metaverse.

What are the threats in the metaverse?

The metaverse is a broad term to describe several different iterations of a virtual world that is used to communicate, collaborate, socialize and conduct business. However, there are several different players in the metaverse market, such as Decentraland, Roblox, Sandbox, Microsoft, Meta and others.

According to Satnam Narang, senior staff research engineer at Tenable, even the game Fortnite could be considered a metaverse.

Account hijacking

Social engineering and phishing tricks designed to compromise accounts and take them over have been the preferred method of malicious actors for several years, and Narang says metaverse users should expect to see more of the same.

“When you think about it from the consumer perceptive, it comes to threats to user accounts being compromised, impersonation or avatar cloning,” Narang says.

Cloning of voice and facial features and hijacking video recordings using avatars were one of the threats that Tenable identified in the study. Avatars with synthetic voices and features that mimic those of real users or employees is one of the draws to the metaverse, but those avatars also generate a lot of data, such as voice, video and message.

This presents a scenario in which there is no way of identifying who is really behind the avatars, especially since personal information and content stored in a virtual environment can always be forged or leaked, Tenable asserts in the study.

Eavesdropping

Tenable’s study also identified man-in-the-room attacks, which the company says is done by leveraging security vulnerabilities in the widely used VR social application Bigscreen. These vulnerabilities allow attackers to invisibly eavesdrop in virtual reality rooms, and attacks could also exploit the flaws to gain complete control over Bigscreen users’ computers to covertly deliver malware or even start a worm infection spreading through virtual reality.

According to Narang, this is similar to what happened with Clubhouse, a social audio app, at the beginning of the pandemic. Researchers figured out a way to join private clubhouse rooms without being detected and eavesdrop of conversations.

In business context, eavesdropping on sensitive meetings is a massive security concern, Narang says.

Conventional attacks

Although a new and emerging technology that is expected to grow into an $800 billion market in 2024, the cybersecurity threats facing the metaverse aren’t all that new, Narang says.

“A lot of the security concerns, from a business perspective, are all stuff we’re pretty familiar with, such as patching vulnerabilities and securing code at runtime,” Narang says.

In fact, Tenable’s study identified phishing, malware and ransomware as the most likely security threat facing the metaverse. With a long history of success with exploiting unpatched vulnerabilities and cloud misconfigurations, cybercriminals will be just as likely to use the same tactics where applicable in the metaverse.

Compromised machine identifies and API transactions

Also identified by Tenable as a potential security threat to the metaverse is the compromising of machine identities and API transactions. Traditional IT systems now boast “billions of machine-to-machine communications” across the IoT, sensors, control systems, edge devices, cloud systems and traditional IT systems, all without zero human interaction daily.  

Per the study, 78% of respondents say it is very likely or somewhat likely that compromised machine identities and API transactions might occur across metaverses.

Prevention and new required skills

According to Narang, preventing attacks and ensuring security of the metaverse depends on the specific offering and its structure. For example, blockchain-based metaverses such as Decentraland and Sandbox include tokeneomics, which adds a financial component to the equation.

“Your seed phrase is your own,” Narang says. “You’re basically authenticating to Decentraland or Sandox. You’re connecting your account, your wallet, to that service. You are the owner of that wallet and your profile is governed by your ownership of it.”

Users don’t create an account on those platforms, and instead are connecting their crypocurrecny wallet to it, Narang explains.

On the flipside, Roblox and Fortnite users create accounts on the platform , allowing users to reset passwords and reach out to customer support for assistance.

“There are different challenges for different platforms,” Narang says.

Similarly, the skills required to help secure metaverse platforms differ based on the underlying infrastructure of each offering.

For metaverse offerings built in the cloud, Narang suggests learning cloud development and identity security skills.

For organizations looking to partner and build experiences on the platforms, they need to due their due diligence and vet the security of the metaverse offerings they explore. That should include looking to see how the platforms are meeting compliance and standards for how they capture and control user information.

For blockchain-based platforms, Narang suggests making sure that there’s been some type of third-party auditing of the underpinning code for that blockchain.

It comes down to the basics

While a new and exciting technology that is beginning to find its way into the enterprise, IT and security professionals don’t need to reinvent the wheel when it comes to security in the metaverse, Narang says.

Companies need to remain vigilant about patching vulnerabilities and should proceed with caution when things just don’t seem right.

“All it really takes is one avenue for an attacker to get into a network before they can wreak havoc, and there are a lot of different approaches they can take,” Narang says. “While the basic cyber hygiene message is old and is something we continue to hear, we’re still seeing a lot of struggles in that area.

The post The Metaverse Presents Opportunity, but Also Security Risks appeared first on My TechDecisions.

When Log4Shell was discovered in December 2021, Tenable found that one in 10 assets were vulnerable. Those assets included a wide range of servers, web applications, containers and IoT devices. In October, analysis showed improvements, with 2.5% of assets vulnerable.

However, nearly one-third of those assets had recurrences of Log4Shell after the vulnerability was fully remediated.

Despite that progress, just 28% of organizations report having fully remediated Log4Shell as of the start of October. While that is a 14-point improvement from what Tenable found in May, 29% of vulnerable assets saw Log4Shell reintroduced after full remediation.

Over half of organizations were vulnerable to Log4Shell during the time period of Tenable’s study, which the company says underscores the pervasive nature of Log4J and the necessary ongoing efforts to remediate the bug even if full remediation was already achieved.

The Columbia, M.D. company’s analysis also suggests that some industries are in better shape than others, with engineering, legal services, financial services, non-profit and government all above 30% fully remediated. However, critical infrastructure organizations–which the U.S. government has warned about attacks–are just 28% fully remediated.

Organizations in North America are leading the way for fully Log4Shell remediation at 28%, with Europe, Middle East and Africa closely behind at 27%. Organizations in Asia-Pacific and Latin America didn’t do as well, with full remediation at 25% and 21%, respectively.

North America also leads in partial remediation at 90%, with no other geographic region above 85%.

Bob Huber, chief security officer at Tenable, says in a statement that full remediation of Log4Shell is very difficult due to Log4j’s pervasiveness, and organizations should not take a one-and-done approach.

“While an organization may have been fully remediated at some point, as they’ve added new assets to their environments, they are likely to encounter Log4Shell again and again,” Huber says. “Eradicating Log4Shell is an ongoing battle that calls for organizations to continually assess their environments for the flaw, as well as other known vulnerabilities.”

The post Three-quarters of Organizations are Still Vulnerable to Log4Shell appeared first on My TechDecisions.

According to the company, the Tenable Research Alliance Program allows security teams and system administrators to address attack paths and mitigate vulnerabilities before hackers are able to leverage the bugs and gain access into victim environments.

Beginning with five inaugural members Canonical, CIQ, GreyNoise and TuxCare [the new brand name for CloudLinux Enterprise services], the technology partners will share vulnerability details in accordance with Coordinated Vulnerability Disclosure (CVD) best practices to make it more likely that software scripts that find instances of the flaw to be developed, tested and deployed to coincide with public disclosure announcements.

According to the U.S. Cybersecurity and Infrastructure Security Agency, threat actors are able to exploit a vulnerability within 15 days of its discovery. However, a 2020 Tenable report found that 73% of vulnerabilities are still unpatched within 30 days of the first assessment, and about 54% still exist after 120 days.

The median time to assess all instances of a given vulnerability across a single organization is 29 days, and the median time to remediate all of those instances is 40 days, according to the Tenable report.

By giving organizations the same intelligence as threat actors and the tools they need to find and fix flaws, the Tenable Research Alliance program enables organizations to remediate their IT environments on day zero before any threat actors are able to search for vulnerable instances and exploit the flaws.

Robert Huber, chief security officer and head of research at Tenable, says the “dinner bell” sounds for both good and bad actors alike when a vulnerability is disclosed.

“We know threat actors are monitoring disclosure programs in the same way we are, looking for newly announced vulnerabilities, studying all available information such as proof of concepts, but they’re looking to utilize the flaw,” Huber says. “By giving our customers the tools to address these weaknesses when they’re publicly announced, we reduce that intelligence gap and hand the advantage back to the good guys.”

The post Tenable Launches Initiative to Help Organizations Remediate Vulnerabilities Faster appeared first on My TechDecisions.

The company says Tenable One combines vulnerability management, external attack surface management, identity management and cloud security data to help security teams identity weaknesses before attackers can exploit them. By continuously monitoring IT environments from across traditional assets to cloud and identity systems, the solution delivers context-driven risk analytics so security teams can take a more proactive preventative approach rather than having to scramble to react to security risks.

Following the recent steps of many other security companies, the unified Tenable One platform is designed to help companies cut down on the number of point solutions, as the average large organization uses more than 130.

According to Tenable, the new platform helps organizations translate technical asset, vulnerability and threat data from both on-premises and cloud-based assets into actionable intelligence and business insights for the technical practitioner and business decision maker alike by giving clear and easy-to-decipher metrics that easily communicate cyber risk.

Drawing upon the vulnerability management data set from Nessus, Tenable One aggregates vulnerability data across IT infrastructure, web apps, public cloud and identity systems to help IT and security leaders anticipate the consequences of a cyberattack.

The company says the Tenable One solution will deliver three new capabilities it calls “foundational to exposure management programs,” including a Lumin Exposure View that gives clear insights into an organization’s cyber exposure and helps security teams surface and answer critical questions about security posture, Attack Path Analysis to help security teams focus on mitigating areas of highest risk, and Asset Inventory that gives users a centralized view of all assets.

Hackers don’t take a siloed approach to exploiting attack surfaces, so security teams shouldn’t either, says Glen Pendley, chief technology officer at Tenable.

“A platform approach to exposure management is the real game changer, surpassing the ineffective and expensive point solution approach that the industry has taken for decades,” Pendley says. “Tenable One delivers holistic insight into exposures that can serve as a true north for security teams.”

The platform comes with a single license that gives customers the ability to adjust their asset allocations across vulnerability management, cloud security, AD security and web app scanning tools as their business needs change. It is available today in both standard and enterprise versions.

The post Tenable Releases Exposure Management Platform Tenable One for Unified Visibility appeared first on My TechDecisions.

This unifies the company’s cloud security posture and vulnerability management tools into a single, agentless solution designed to help customers address the critical window between when a vulnerability is discovered and when organizations apply patches, which Tenable says continues to shrink.

According to Tenable, attackers start scanning for vulnerabilities within just 15 minutes of a CVE being published, putting more burden on IT and security teams to act quickly and apply patches or other mitigations.

The Agentless Assessment solution unifies Cloud Security Posture Management (CSPM) and vulnerability management into a single solution that allows IT and security teams to gain continuous visibility into the state of their cloud assets. Tenable says the solution is an improvement over the first generation of cloud-native security solutions, providing greater speed, scale and cost savings.

According to Tenable, the solution is 100% agentless and API-based, enabling cloud security teams to use the power of its Nessus vulnerability scanning tool for vulnerability assessments without the need to install scanners or agents, configure credentials on target hosts or set up scan policies.

Tenable Agentless Assessment uses a proprietary approach enabling users to onboard cloud accounts within minutes and scan all assets for software and misconfiguration vulnerabilities without impacting compute speed or costs, the company says.

Live Results inspects collected data to look for matches to updates in the Research Vulnerability and Threat Library feed, helping cloud security teams and developers identify security issues and prevent risky deployments, the company says.

When a new vulnerability is published to the threat library, Tenable Live Results enables security teams to see if a vulnerability exists in their current asset inventory, without needing to execute a new scan, according to Tenable.

The company says the solution will help block zero-day vulnerabilities faster and give customers easy-to-deploy exposure management with drift detection for cloud resources, along with multi-cloud discovery and governance to support security and compliance.

New Tenable Cloud Security solution capabilities, including prioritized results for containers, are scheduled to be generally available for Amazon Web Services in the third quarter of 2022. Support for Microsoft Azure and GCP is expected by the end of 2022.

Glen Pendley, Tenable’s CTO, in a statement called Agentless Assessment a big step forward in cloud vulnerability scanning technology.

“As the period from vulnerability disclosure to exploitation shrinks, cybersecurity teams have even less time to respond,” Pendley says. “Tenable Cloud Security is an Easy Button that takes the time-consuming manual labor out of the equation, proactively detecting and assessing vulnerabilities in near real time. This enhanced visibility and continuous assessment on a single platform enables customers to improve risk prioritization and zero in on remediating the vulnerabilities that matter most.”

The post Tenable Announces Cloud Security Agentless Assessment for Faster Detection appeared first on My TechDecisions.