SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Exclusive: Tenable highlights the importance of a company's attack surface
Wed, 28th Feb 2024

In an exclusive interview with Jason Merrick, Senior Vice President of Product at Tenable, insights into the ever-evolving landscape of cybersecurity were shared, highlighting the critical role of vulnerability and exposure management in safeguarding organisational assets against cyber threats. Tenable operates worldwide, providing solutions to customers across every major country, including a significant presence in Australia and New Zealand since 2015.

Merrick shed light on the comprehensive suite of products under Tenable One, which addresses a broad spectrum of cybersecurity needs, from vulnerability management to operational technology and cloud security. This suite, according to Merrick, is in high demand due to its integrated approach to managing and mitigating risks across the attack surface. "Tenable One is by far the highest demand product... it's everything from vulnerability management, web application security, cloud security, identity, operational technology, attack surface management, and basically integrated through analytics," Merrick explained.

The adoption of artificial intelligence (AI) and machine learning within Tenable's solutions is pivotal in enhancing the capability to provide actionable insights for prioritisation and remediation strategies. Merrick announced at BlackHat the company's initiative named Exposure AI, aimed at leveraging Tenable's extensive data to deliver faster, more precise, and understandable insights to their customers. "Exposure AI is helping leverage the Tenable data to provide richer insights for our customers... to save time, to give concrete information to help with prioritisation and probably most importantly, explainability," Merrick stated, underlining the transformative impact of AI in cybersecurity.

One of the paramount challenges faced by organisations today, as Merrick highlighted, is gaining a comprehensive understanding of their attack surface due to its dynamic nature. The transition to ephemeral assets and the complexity of managing digital identities have compounded the difficulty in ensuring effective cybersecurity measures. The Microsoft breach served as a poignant reminder of these challenges, with Merrick pointing out that "identity is the new perimeter." This incident underscores the necessity for organisations to maintain stringent control and visibility over their identity configurations to prevent breaches.

The conversation also delved into the aftermath of significant cyber incidents, like the Microsoft breach, emphasising the importance of transparency and the adoption of a zero-trust policy. Merrick praised Microsoft for its handling of the breach, noting that such openness is crucial for the industry to learn and improve. He further discussed the shift in customer inquiries towards understanding indicators of exposure and attack, especially concerning identity management and the hygiene of systems like Active Directory.

In addressing preventative measures, Merrick advocated for foundational practices such as multi-factor authentication and the development of comprehensive identity governance policies. He stressed the complexity of managing user entitlements across various platforms, from Active Directory to cloud-based applications, highlighting the intricate web of access rights that organisations must navigate.

Merrick's insights reveal a cybersecurity landscape fraught with challenges yet buoyed by innovative solutions like Tenable One and the strategic application of AI. As organisations grapple with the complexities of digital transformation and the expanding attack surface, the role of cybersecurity firms like Tenable becomes increasingly critical in providing the tools and expertise needed to navigate these turbulent waters. Merrick not only sheds light on the current state of cybersecurity but also offers a glimpse into the future directions of this ever-important field, where technology and strategy converge to protect against the ever-present threat of cyber attacks.