DEVOPSdigest

Tenable Network Security introduced Tenable.io, a cloud-based vulnerability management platform to secure the full range of assets in the modern elastic IT environment.

According to a recent Gartner report, “organizations with large or growing cloud, virtualization and DevOps deployments must select a [vulnerability assessment] solution with these asset demographics in mind, and must consider a vendor’s current and future commitment to these technologies.” [Gartner source: Market Guide for Vulnerability Assessment by Oliver Rochford and Prateek Bhajanka, published Dec. 5 2016]

The challenge for most organizations is that virtualization, cloud, and the accelerating use of web applications and short-lived assets like containers has changed how and when they need to assess vulnerabilities.

“Networks, assets and threats have all changed dramatically over the last few years, but vulnerability management hasn’t kept up,” said Amit Yoran, CEO, Tenable Network Security. “This innovation gap has left organizations everywhere struggling to answer the most basic question in security: what is my vulnerability and risk exposure? Tenable.io represents a new, more strategic approach to vulnerability management for today’s elastic attack surface, with the capabilities and flexibility organizations need to understand and improve their cybersecurity risk posture.”

Tenable.io delivers the broadest coverage of any vulnerability management solution for unparalleled visibility into the security status of modern IT infrastructure. Unique auditing and assessment capabilities help customers identify and remediate vulnerabilities across more technologies, including containers, web applications and cloud instances. It is also the first major vulnerability management solution licensed by assets instead of IP addresses.

Tenable.io capabilities include:

- Advanced asset tracking: Tenable.io tracks changes to assets and their vulnerabilities with unsurpassed accuracy — no matter how they roam or how long they last. Using an advanced asset fingerprinting algorithm, Tenable.io pinpoints the true identity of each resource — even dynamic assets like laptops, virtual machines and cloud instances. As a result, customers better understand the true state of their environment.

- Elastic asset licensing: Tenable is the first major vulnerability management provider to offer asset-based elastic licensing. With asset-based licensing, just a single license unit is consumed per asset, even if the asset has multiple IP addresses. This elastic model permits scanning even when license counts are temporarily exceeded and automatically recovers licenses for rarely scanned assets or one-time bursts.

- Openness and integration: The Tenable.io application programming interface (API) and software development kit (SDK) simplify the export and import of vulnerability, asset, threat and other data. Customers can quickly integrate Tenable.io with other technologies to better understand their level of vulnerability exposure and risk, and to gain a deeper level of visibility and insight. Through the Tenable Technology Integration Partner (TIP) program, partners such as BMC Software, CyberArk, ForeScout, IBM Security and Phantom are also integrating their solutions with Tenable.io, which comes with pre-built integrations for popular patch management, credential management, mobile device management and even other vulnerability management solutions.

- 360-degree visibility: Traditional scanning tools have not kept up with new assets like cloud, mobile and virtual workloads in elastic IT environments. Drawing on Nessus® technology, Tenable.io employs active and agent scanning as well as passive traffic listening to deliver the broadest coverage of assets and vulnerabilities and eliminate persistent blind spots.

Tenable also announced plans to extend Tenable.io capabilities in early 2017 with two new products. These application security offerings address the increased exposure from DevOps-led container adoption and the explosion of web applications:

- Tenable.io Container Security: Based on the company’s acquisition last October of San Francisco-based FlawCheck, Tenable.io Container Security (available April 2017) continuously monitors container images for vulnerabilities, malware, and enterprise policy compliance. By bringing security into the container build process up-front, organizations can gain visibility into the hidden risks in containers and remediate them before they reach production, without slowing innovation cycles.

- Tenable.io Web Application Scanning: Safely scan web applications to identify and manage application vulnerabilities in a single integrated platform, alongside other network vulnerabilities and container flaws.

In coming quarters, Tenable.io will continue introducing capabilities that advance vulnerability management toward the strategic and integrated model of threat and vulnerability management (TVM), building on the platform’s unique asset coverage, openness, comprehensive vulnerability data, and licensing model.