Tenable unveils cybersecurity benchmarking tool

Tenable unveils cybersecurity benchmarking tool

American cybersecurity firm Tenable has unveiled a new tool that lets CIOs and IT managers visualise, analyse, and measure the security threats posed to their organisations against industry benchmarks.

Lumin, which the company describes as the world’s first cyber exposure benchmarking tool, is aimed at businesses that use a range of different technology platforms.

The company claims that while digital transformation efforts are helping companies to increase productivity, this is also resulting in a “dramatic growth” in cyber attacks.

As the Internet of Things spreads and connected device types multiply, the attack surface is constantly expanding, and so organisations need tools that give them insight into the scale and detail of the problem.

“This expanding attack surface has given rise to an unrelenting barrage of vulnerabilities,” said the firm in a written statement. “2017 was a record year for them, with more than 60 percent detected by Tenable customers classified as ‘high’ or ‘critical’ severity, according to Tenable research.”

Read more: IoT ramps up cyber security risk, says in-depth report

Read more: Vendors, users ignoring IoT security in rush to market – report

Visual tech

Lumin offers a visual approach to understanding security threats, by tapping into vulnerability and asset data to build a picture of so-called attack interfaces.

Tenable explained that the solution, “applies data science to the industry’s richest set of vulnerability intelligence, so CISOs can quantify their organisation’s cyber risk, benchmark it against the industry, and make better strategic decisions”.

Users receive exposure analytics and benchmarking data across internal groups and industry peers, along with risk scoring. Tenable explained that the latter “weighs vulnerabilities, threat data, and each asset’s business value and criticality”.

Set to roll out in the second half of 2018, the platform comes with a number of APIs out of the box too. These include Qualys (vulnerability data), Amazon Web Services (cloud workload data), and ServiceNow (IT asset data).

Tracking threats

Dave Cole, chief product officer at Tenable, claimed the new tool allows technology and security professionals to stay one step ahead of attackers. “In spite of decades of hard work, the attackers have the advantage. The stakes are too high for the status quo to remain,” he said.

“We must come together as an industry to transform vulnerability management, putting the CISO in the driver’s seat so organisations can proactively measure and manage cyber risk in the same way as other business risks, such as production forecasting and potential supply chain disruptions.

“It’s time to flip the advantage into the hands of security.”

Read more: UK government proposes IoT security and device labelling scheme

Internet of Business says

Report after report has suggested that the Internet of Things is a security blindspot for many organisations, while others have suggested that vendors are rushing insecure devices to market for competitive advantage.

While many users recognise that new levels of threat exist, too few enterprises are taking steps to deal with the problem strategically and holistically. This is one reason why governments are now stepping in to reinforce regulations for connected devices. We welcome any company or product that helps users to see and manage the full scale of the problem.