Tenable witnesses shift to risk-based vulnerability management solutions

Diwakar Dayal, Managing Director, Tenable India

Diwakar Dayal, Managing Director, Tenable India shares the company’s channel strategies for 2020

What have been the key highlights of 2019 and how 2020 will be an important year for the IT channel industry?
In 2019, it was encouraging to witness Indian businesses and government organisations take concrete steps to digitise their operations to deliver products and services at scale. On the flip side, digital transformation has also created a complex computing environment of cloud, DevOps, mobility, IoT and operational technology where everything is connected as part of the new, modern attack surface. Traditional vulnerability management solutions didn’t prove to be adequate, because they weren’t designed to handle today’s dynamic computing environments, nor the increased threats that organisations now face.

As we progress further in 2020, we’ll see a stronger need by CISOs to understand vulnerabilities in the context of business risk, and use that data to prioritise efforts. We believe that there will be a shift in India’s cybersecurity industry towards a risk-based approach to vulnerability management which uses machine learning analytics to correlate vulnerability severity, threat actor activity and asset criticality to identify and manage issues posing the greatest business risk. This innovative approach will help Indian organisations focus on the vulnerabilities that matter most and address true business risk instead of focusing on flaws that have a low likelihood of being exploited. We encourage the channel to recognise this shift to risk-based vulnerability management solutions.

What are the top three technology trends that channel community should be focusing on, and why?

  • Emergence of IT/OT attacks: As more of India’s critical infrastructure systems are brought online for efficiency and efficacy, one cannot deny that the increased connectivity leaves them exposed to cybersecurity threats. For example, attackers can infiltrate an OT network and change the configuration of programmable logic controllers (PLCs) by leveraging connectivity that exists between IT and OT environments. Alternatively, they can connect an infected or malicious device directly into the OT network. In many cases, organisations don’t have a complete inventory of the devices in these complex networks which leads to increased risk in both enterprise IT and industrial OT environments. Organisations need a holistic view of both IT and OT networks, with the ability to be alerted to any changes across the networks, to understand what incidents happened, where they happened and how to effectively mitigate them. Having all the necessary data when a threat is detected, significantly reduces incident response times and can help mitigate or contain the incident.
  • Cloud integrations: Cloud technologies, particularly integrations with some of the most popular public cloud providers, will ramp up. We have seen adoption of cloud services explode in recent years and this will continue as organisations look for more flexibility and functionality for day-to-day work. Alongside this will be security technologies that are designed for cloud environments, rather than adapted from existing solutions, to make sure organisations can make the migration securely.
  • AI and ML: Today’s expanding attack surface makes vulnerability overload worse. Security teams are inundated with the sheer number of vulnerabilities, making it difficult to distinguish noise from signal and identifying which vulnerabilities pose the greatest risk. To curb this problem, ML and AI algorithms can instantaneously digest feeds from thousands of sources, connect all the dots and build a picture of the enterprise that focuses on the business’ critical assets and the actual threat they face, rather than the theoretical risks that may be present.

What are the top channel directions your company has set for partners, and where should partners invest to be aligned with these directions?
We continue to invest time and resources into our Tenable Assure Partner Program, which positions partners to build long-term, consultative relationships with customers. Our partner programme provides long-term protection for partners by registering all enterprise and commercial deals and helping partners build predictable annual revenue by protecting incumbent partners at renewal.

We’ll continue to focus our efforts on increasing our depth of partner training and certification, ensuring that they have the technical expertise to provide customers with world-class service.

As we continue to cement our position as the leader in cyber exposure, we encourage partners to get on this journey with us to add more value to customers.


Please enter your comment!
Please enter your name here