Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

2017 Trends in Vulnerability Management, Featuring Forrester Research

Earlier this week, guest speaker Josh Zelonis, Senior Analyst at Forrester, and Michael Applebaum, VP Product Marketing at Tenable spoke at a webinar about some of the big trends in vulnerability management in 2017.

You can access an on-demand recording anytime on our Webinars web page. If you’re wondering what it was all about, here are a few highlights.

Forrester survey results

49% of organizations suffered one or more breaches in the past year

Josh kicked off the talk by sharing a few results from a recent Forrester Global Security Survey. I was surprised by the first result he shared -- that 49% of organizations had suffered one or more breaches in the past year. I know the breaches are common; any Google search for “data breach” will come up with pages of results. A search today, for example, shows that job seekers are one group who had a bad week with breaches reported at the Illinois Department of Employment Security, IdahoWorks, and America's JobLink Alliance (AJLA) affecting millions of job applicants in multiple states. Still, I was surprised that the survey result showed breaches affected almost half of all organizations.

The #1 issue that was pervasive across the attacks was software vulnerabilities or software exploits

Given all the focus and research we do on vulnerability management here at Tenable, less surprising was the detail how those breaches occurred. Of those 49% of organizations that had reported being breached, 56% had experienced one of those breaches as an external attack and the #1 issue that was pervasive across the attacks was software vulnerabilities or software exploits. We know that vulnerability management is a significant challenge for organizations in 2017.

The mix of active scanners, agents and passive listening sensors in Tenable.io are designed to maximize scan coverage

One reason Josh gave for vulnerability management being such a challenge is that organizations have a difficult time knowing what assets are in their environment, especially fluid, or dynamic assets that come and go from the network frequently like cloud services or containers. Tenable research shows that dynamic assets are difficult to track using traditional vulnerability management methods like active scanning alone. If a cloud service or container isn’t on the network when an active scan is taking place, it won’t be included in the results. That’s one reason why Tenable has invested so much in Tenable.io and specifically the Tenable.io Container Security application. The mix of active scanners, agents and passive listening sensors in Tenable.io are designed to maximize scan coverage, while the specific capabilities of Tenable.io Container Security bring security into the container build process.

DevOps and early detection

These dynamic assets though, as Josh put it, can actually be a gift to security. Dynamic assets like containers are often discussed in the context of DevOps. DevOps, as you likely know, is the cooperation between developers and operations professionals (and often QA and security) with a goal to accelerate IT and development processes. DevOps gives organizations the ability to set goals, determine processes, and test for security misconfigurations and vulnerabilities earlier in the development lifecycle. Software flaws can be identified and addressed in the QA environment, which is not only more secure, but also more efficient than fixing flaws in production applications.

Learn more

There’s more good insights from Josh and others in the webinar. I encourage you take a few minutes to enjoy the webinar and also learn more about Tenable.io via any of these resources:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training