Tenable Inc. today announced the release of Tenable One for OT/IoT, which it claimed is “the first and only exposure management platform that provides holistic visibility into assets across IT and operational technology (OT) environments.” Such assets that could require cybersecurity protection include robots in warehouses and other facilities.
“On a daily basis, we witness threat actors finding creative ways to disrupt businesses through non-traditional paths,” explained Amir Hirsh, senior vice president and general manager of OT Security at Tenable, in a release. “Risk doesn’t end at IT. For those that rely on physical computing technology, OT and IoT [Internet of Things] often power their most business-critical activities.”
“Any disruption is extremely damaging and often results in an inability to function,” he added. “We understand that OT environments require a different approach from IT, and we’ve designed our security solution so teams no longer have to choose between cybersecurity or productivity. They can have both.”
Columbia, Md.-based Tenable has created Nessus and said it has extended its expertise in vulnerabilities to deliver a platform to see and secure any digital asset on any computing platform. The company said it has around 43,000 customers worldwide, including about 60% of the Fortune 500, 40% of the Global 2,000, and large government agencies.
Convergence leads to cybersecurity risk
Physical assets and information technologies have converged in devices such as mobile and surgical robots, HVAC systems in data centers, badge readers in office buildings, and cameras on manufacturing floors. This has resulted in a broader cyberattack surface, according to Tenable.
As IT, OT, and IoT assets become increasingly interconnected, cyberattacks are often originating in IT systems and then spreading into OT environments, with potentially devastating results, the company asserted. Chief information security officers (CISOs) find themselves responsible and accountable for securing OT and IoT environments, it added.
A U.S. Congressional hearing recently focused on the threats to operational technologies from nation-state actors. Leaders from the Cyber and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Office of the National Cyber Director (ONCD) and the National Security Agency testified. They warned that U.S. electricity systems, water utilities, military organizations and other critical services are actively being targeted by Chinese hacking campaigns.
After that, an international advisory from CISA confirmed that Volt Typhoon, which is sponsored by the People’s Republic of China, has pre-positioned itself on U.S. IT networks to enable lateral movement to OT assets and to disrupt functions.
Tenable One for OT/IoT offers visibility
“Tenable One for OT/IoT extends visibility beyond IT, to include OT and IoT, and helps security leaders gain a clear picture of true exposure across their entire attack surface,” said Tenable. “This first-of-its-kind approach allows organizations to prioritize security risks wherever they reside — be it in the cloud, data center, or the OT environment — and most importantly, to understand how these risks create attack paths across their infrastructure.”
Users can also view their global exposure, including OT assets, to see how their security posture compares with those of other companies in their industries, the company said. It added that they can gain insights from their OT assets “to make better decisions, faster.”
Tenable One now covers IT assets, cloud resources, containers, Web apps, identity systems, OT, and IoT assets. It builds on the threat intelligence, regulatory compliance, and vulnerability expertise and data from Tenable Research. The company said its platform also includes data analytics to prioritize actions and reduce cyber risk, enabling:
- Comprehensive visibility beyond the IT environment to the modern attack surface
- Risk intelligence to mitigate operational risks
- Actionable planning and decision making across enterprise and critical infrastructure environments
The license for Tenable One for OT/IoT includes not only Tenable One, but a companion license of Tenable OT Security and Tenable Security Center. The company will present a webinar titled “The Invisible Bridge: How to Effectively Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” on March 26.
Editor’s note: Register for our related webinar on “The Robotic Warehouse: Automation, Robotics, and Smart Controls — How to Begin Replacing Repetitive Tasks With Smart Motion in the Warehouse,” which will be at 2:00 p.m. EDT on Wednesday, April 10, 2024.