The integrated solution offering, which Tenable says is an industry first which was complex to accomplish, brings together the on-prem version of their platform with the industrial security offering they launched several months ago.
Today, Tenable which provides a real-time assessment of organizations’ security postures that allows them to find and fix vulnerabilities faster, is announcing an integrated solution that they describe as a first in the industry. The solution brings together the Tenable.sc platform and the Tenable Industrial Security OT solution, to provide a unified view of cyber risk covering both IT and operational technology [OT] industrial control systems through a single pane of glass.
Tenable.sc, which used to be called Tenable SecurityCenter, is Tenable’s on-prem security platform, the counterpart of the Tenable.io cloud platform. Both have Tenable’s longstanding Nessus vulnerability scanners as their foundation. The operational technology solution with which Tenable.sc is integrated is Tenable Industrial Security, a product which is based on some technology Tenable has had for years, but which was only released as a product in this form last November.
“Some of the underlying sensor technology in Tenable Industrial Security is quite mature, and this solution leverages that core technology,” said Eitan Goldstein, Senior Director of Strategic Initiatives at Tenable. “This was the first time we have released it as a standalone product, which expands the number of OT devices that we can monitor, and has a dedicated user interface.”
The reason why Tenable Security was first brought out as a separate solution, and then integrated into the larger platform four months later, stems from the complexity of the integration.
“It was technically quite challenging,” Goldstein said. “This is the first time we – or anybody – has brought the ability to manage IT and OT together with a single tool. It’s a testament to how complex this is that we are the first people to do it.” The OT coverage has also been expanded from the product introduced late last year, with devices from additional industrial manufacturers like Yokogawa and Emerson being added.
The solution takes security information gathered by Tenable.sc’s Nessus scanners from IT-based assets on OT and IT networks, and combines it with passively collected asset and vulnerability data from OT environments from Industrial Security, to help identify and prioritize OT risks.
“OT specialists like Siemens and GE provide an enormous amount of information on OT networks, but we look at the problem differently than they do,” Goldstein said. “We are taking a much wider view of exposure than they do, because we don’t see OT risk as siloed, but as part of the attack surface just like IT. What we have done here is provide a unified view of risk across all the devices, pulling it all together in a single tool for the first time. That’s the real innovation here.”
Goldstein said that in addition to the increased efficiency, making this work became a priority because the convergence between IT and OT means that IT is increasingly responsible for managing OT.
“What’s really remarkable to me today is we see IT security beginning to own OT security,” he said. “It’s coming over to the IT side because boards say that it’s too important not to have visibility into it. You see this even in industries like oil and gas which are all about OT. Increasingly, a totally different part of the organization would be responsible for this. They understand that it’s more efficient for the same people to cover everything. This has to be about measuring and managing against business risk.”
Tenable SecurityCenter will continue to be sold as a separate product, because a use case for it will remain,
“That standalone use case is where a company has someone else that they like on the IT side, but like what we do on the OT side,” Goldstein indicated.
Tenable’s channel go-to-market strategy with the joint offering will be multi-faceted.
“We have a very savvy network of channel partners, but there is value in training around this, and we will be offering that,” Goldstein said. “We are training our own team on this as well. In addition, we have had a strategic partnership with Siemens for the last 18 months, and some customers will want Siemens to deliver this.”