Bernard Montel, Tenable: it is becoming essential for CISOs to implement a preventive strategy for discovering vulnerabilities
October 2023 by Marc Jacob
For its new participation in the Cybersecurity Conference, Tenable will present Tenable ExposureAI, our technology based on generative artificial intelligence, Deep Learning and Machine Learning, which allows us to increase our exposure management capabilities. Bernard Montel, Technical Director EMEA and Security Strategist at Tenable, believes that it is becoming essential for CISOs to put in place a preventative strategy so that security teams address these vulnerabilities, even before cyberattacks can occur.
Global Security Mag: What will you be presenting at the Assises de la Sécurité?
Bernard Montel: Tenable recently introduced Tenable ExposureAI, our technology based on generative artificial intelligence, Deep Learning and Machine Learning, which powers our exposure management capabilities. The cornerstone of this functionality is Tenable Exposure Graph, our unified data platform within Tenable One that aggregates, normalizes and stores asset, exposure and threat data. It is the world’s largest repository of exposure data. ExposureAI transforms the approach of security teams through its ability to anticipate any attack, whatever its origin, thanks to accelerated analysis, decision-making and recommendations.
In addition, we will be on hand to discuss the latest topics in cybersecurity, as well as our entire portfolio of solutions, which includes our Tenable One exposure management platform, our Nessus vulnerability assessment solution, and our OT security and compliance solutions.
GS Mag: What will be the theme of your conference this year?
Bernard Montel: Managing cyber exposure has become essential in all interconnected digital environments. At Tenable, the areas covered by our solutions illustrate the trust that companies place in us.
This year, Tenable has organized a workshop with Safran, to demonstrate how exposure management has become decisive in the digital world. During this presentation, Safran will share a detailed RETEX highlighting practical applications and their strategic approach to cybersecurity resilience. This will be an opportunity to discover the future prospects of cyber exposure management for companies, and how they plan to amplify and strengthen their risk management with Tenable.
Thursday, October 12 from 10:00 to 10:45 / Salle Bosio 2
With Maria Tabiou, Senior Security Engineer at Tenable and Vincent Hiere, CISO Deputy at Safran.
GS Mag: The RGPD celebrates its fifth anniversary this year, how do your solutions bring answers to help companies comply with this regulation?
When a customer initiates an analysis of their data, only they know (or are able to know) the extent to which Personal Data may or may not reside on their networks. We also require all third-party service providers with whom we share information to enhance the user experience to comply with GDPR and protect such data through appropriate policies and procedures.
GS Mag: What is the current threat landscape?
Bernard Montel: According to Tenable’s latest threat landscape report, over 2.29 billion records were exposed in 2022, representing 257 terabytes of data. Over 3% of identified data breaches were caused by insecure databases, or more than 800 million records.
Tenable identified that the most frequently exploited vulnerabilities in 2022 corresponded to a large number of known vulnerabilities, some of which were initially disclosed as early as 2017. For most of these, patches and mitigations had been widely distributed and readily available. Four of the first five zero-day vulnerabilities exploited in the wild had even been disclosed to the public on the same day the vendor released patches and mitigation advice.
Of course, like all players in the cybersecurity market, we have compiled a long list of risks and threats that organizations are trying to address. We invite visitors to drop by our stand to find out more!
STAND NUMBER 243, RAVEL LEVEL
GS Mag: How will your offering evolve for 2023/2024?
Bernard Montel: On October 2 Tenable announced it has closed its acquisition of Ermetic, an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure entitlement management (CIEM). This acquisition combines two cybersecurity innovators and marks an important milestone in Tenable’s mission to shift organizations to proactive security. The combination of Tenable and Ermetic offerings will add capabilities to both the Tenable One Exposure Management Platform and the Tenable Cloud Security solution to deliver market-leading contextual risk visibility, prioritization and remediation across infrastructure and identities, both on-premises and in the cloud.
With unified CNAPP, iron-clad CSPM protection, and industry-leading CIEM, security teams receive the context and prioritization guidance to make efficient and accurate remediation decisions. Security teams will no longer need to be cloud security experts to understand where the most urgent risks exist and what to do about them.
GS Mag: What is your message to CISOs?
Bernard Montel: To counter the threats currently looming over the cybersecurity landscape, organizations need to move beyond a simple vulnerability response program, which only allows them to react once a vulnerability has been exploited. It is becoming essential for CISOs to put in place a preventive strategy to ensure that security teams address these vulnerabilities, even before cyber-attacks can occur.
Faced with an attack surface that is not compartmentalized, programs based on "all-to-customization" and mixing numerous technologies, each with a specific role, do not offer the visibility and access needed to manage vulnerabilities. To combat threats effectively, an organizational structure must have a unified view of the exposure of the entire attack surface.
Today, organizations produce more data than ever before. It is therefore imperative that CISOs and executives integrate tools that enable teams to link and analyze this data without getting lost in this constant flow. This facilitates decision-making and the prioritization of actions, as well as exploiting this data to derive useful information for the organization’s strategy.