Thursday, August 09, 2018 8:53:02 AM
https://eresearch.fidelity.com/eresearch/evaluate/news/basicNewsStory.jhtml?symbols=TENB&storyid=201808081200PRIMZONEFULLFEED7339891&provider=PRIMZONE&product=FULLFEED&sb=1
Tenable Research Reveals Nearly Half of Organizations Use Strategic Vulnerability Assessment as Foundation of Cyber Defense
BY GlobeNewswire
— 12:00 PM ET 08/08/2018
LAS VEGAS, Aug. 08, 2018 (GLOBE NEWSWIRE) -- Tenable®, Inc., the Cyber Exposure company, released The Cyber Defender Strategies Report today that uses data science against real-world telemetry data to analyze how 2,100 organizations are assessing their exposure to vulnerabilities, a critical component to improving overall cybersecurity posture.
The report shows that nearly 48 percent of organizations globally have embraced strategic vulnerability assessment -- defined as mature or moderately mature programs that include targeted and tailored scanning and prioritizing computing resources based on business criticality -- as a foundational element of their cyber defense and a critical step toward reducing risk. Of those organizations, however, only five percent display the highest degree of maturity, with comprehensive asset coverage as a cornerstone of their programs. On the other end of the spectrum, 33 percent of organizations take a minimalistic approach to vulnerability assessments, doing the bare minimum as required by compliance mandates and increasing the risk of a business-impacting cyber event.
Image: Tenable Cyber Defender Strategies Report: Highlights
Vulnerability assessment style percentages among enterprises in the data set
Tenable’s last report, “Quantifying the Attacker’s First-Mover Advantage,” revealed that attackers generally have a median seven-day window of opportunity to exploit a known vulnerability, before defenders have even determined they are vulnerable. The resulting seven-day gap is directly related to how enterprises are conducting vulnerability assessments -- the more strategic and mature the approach, the smaller the gap is likely to be and the lesser the risk to the business.o
“In the not too distant future, there will be two types of organizations -- those who rise to the challenge of reducing cyber risk and those who fail to adapt to a constantly evolving and accelerating threat landscape in modern computing environments,” said Tom Parsons, senior director of product management, Tenable. “This research is a call to action for our industry to get serious about giving the advantage back to cyber defenders, starting with the rigorous and disciplined assessment of vulnerabilities as the basis for mature vulnerability management and ultimately, Cyber Exposure.”
Tenable Research analyzed telemetry data for over three months from organizations in more than 60 different countries using data science to identify distinct security maturity styles and strategic insights which can help organizations manage, measure and ultimately reduce cyber risk. The objective was to analyze and ultimately help to improve how defenders are responding.
Key findings include:
•
There are four distinct strategies of vulnerability assessment:
The Minimalist executes bare minimum vulnerability assessments as required by compliance mandates. Thirty-three percent of organizations fall into this category, running limited assessments on only selected assets. That represents a lot of enterprises which are exposed to risk and still have some work to do, with critical decisions to make on which KPIs to improve first.
The Surveyor conducts frequent broad-scope vulnerability assessments, but with little authentication and customization of scan templates. Nineteen percent of organizations follow the Surveying style, placing them at a low to medium maturity.
The Investigator executes vulnerability assessments with a high maturity, but only assesses selective assets. Forty-three percent follow the Investigative style, indicating a solid strategy based on a good scan cadence, targeted scan templates, broad asset authentication and prioritization. Considering the challenges involved in managing vulnerabilities, securing buy-in from management, cooperating with disparate business units such as IT operations, maintaining staff and skills, and the complexities of scale, this is a great achievement and provides a solid foundation upon which to mature further.
The Diligent represents the highest level of maturity, achieving near-continuous visibility into where an asset is secure or exposed and to what extent through high assessment frequency. Only five percent of organizations fall into this category, displaying comprehensive asset coverage, targeted, customized assessments and tailoring scans as required by use case.
• Across all levels of maturity, organizations benefit from avoiding a scattershot approach to vulnerability assessment and instead making strategic decisions and employing more mature tactics such as frequent, authenticated scans to improve the efficacy of vulnerability assessment programs.
For more information on the research, read the Tenable Research blog post here, https://www.tenable.com/blog/how-mature-are-your-cyber-defender-strategies.
Visit Tenable at Black Hat USA 2018 in Las Vegas (booth 404).
Recent TENB News
- Tenable Launches Tenable Enclave Security to Meet Demands of Highly Secure Environments • GlobeNewswire Inc. • 09/18/2024 01:00:00 PM
- Tenable Introduces AI Aware: A Groundbreaking Proactive Security Solution for AI and Large Language Models • GlobeNewswire Inc. • 09/10/2024 01:00:00 PM
- Tenable Enhances Nessus Risk Prioritization to Help Customers Expose and Close Exposures • GlobeNewswire Inc. • 09/04/2024 01:00:00 PM
- Tenable to Participate in Upcoming Investor Events • GlobeNewswire Inc. • 08/27/2024 01:00:00 PM
- Tenable Recognized as the Top Performer in Cloud Security by CRN 2024 Annual Report Card Award • GlobeNewswire Inc. • 08/14/2024 01:00:00 PM
- Tenable Names Cloud Security Expert, Shai Morag, Chief Product Officer • GlobeNewswire Inc. • 08/13/2024 01:00:00 PM
- Form 10-Q - Quarterly report [Sections 13 or 15(d)] • Edgar (US Regulatory) • 08/06/2024 08:49:30 PM
- Tenable Unveils Industry Leading Vulnerability Intelligence Data and Response Capabilities to Expose and Close Priority Threats that Drive Up Risk • GlobeNewswire Inc. • 08/05/2024 01:00:00 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 07/31/2024 08:06:59 PM
- Tenable Announces Second Quarter 2024 Financial Results • GlobeNewswire Inc. • 07/31/2024 08:05:04 PM
- ASML Rises 7% on Export Waiver; Intel Plans Layoffs, HSBC $3B Buyback Announced, and More • IH Market News • 07/31/2024 09:55:50 AM
- Tenable Launches Public Sector Advisory Board and Names Inaugural Members • GlobeNewswire Inc. • 07/18/2024 10:00:00 AM
- Tenable Announces Date For Its Second Quarter Earnings Conference Call • GlobeNewswire Inc. • 07/17/2024 08:05:00 PM
- Tenable to Acquire Eureka Security to Add Data Security Posture Management to its Cloud Security Platform • GlobeNewswire Inc. • 06/06/2024 01:20:35 PM
- Tenable and Deloitte Announce Strategic Alliance to Help Clients with Advanced Exposure Management • GlobeNewswire Inc. • 06/05/2024 01:00:00 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 05/28/2024 11:17:56 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 05/28/2024 11:17:07 PM
- Form 144 - Report of proposed sale of securities • Edgar (US Regulatory) • 05/24/2024 03:14:57 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 05/23/2024 09:25:42 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 05/23/2024 09:25:18 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 05/23/2024 09:24:44 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 05/23/2024 08:23:02 PM
- Form 10-Q - Quarterly report [Sections 13 or 15(d)] • Edgar (US Regulatory) • 05/07/2024 09:16:53 PM
- Tenable to Participate in Upcoming Investor Events • GlobeNewswire Inc. • 05/06/2024 08:05:00 PM
- Tenable Announces First Quarter 2024 Financial Results • GlobeNewswire Inc. • 05/01/2024 08:05:38 PM
VHAI - Vocodia Partners with Leading Political Super PACs to Revolutionize Fundraising Efforts • VHAI • Sep 19, 2024 11:48 AM
Dear Cashmere Group Holding Co. AKA Swifty Global Signs Binding Letter of Intent to be Acquired by Signing Day Sports • DRCR • Sep 19, 2024 10:26 AM
HealthLynked Launches Virtual Urgent Care Through Partnership with Lyric Health. • HLYK • Sep 19, 2024 8:00 AM
Element79 Gold Corp. Appoints Kevin Arias as Advisor to the Board of Directors, Strengthening Strategic Leadership • ELMGF • Sep 18, 2024 10:29 AM
Mawson Finland Limited Further Expands the Known Mineralized Zones at Rajapalot: Palokas step-out drills 7 metres @ 9.1 g/t gold & 706 ppm cobalt • MFL • Sep 17, 2024 9:02 AM
PickleJar Announces Integration With OptCulture to Deliver Holistic Fan Experiences at Venue Point of Sale • PKLE • Sep 17, 2024 8:00 AM