Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cyber Exposure: La próxima frontera para la seguridad

The stakes have never been higher when it comes to cybersecurity. Global cyber attacks such as the recent WannaCry ransomware attack is a sobering reminder that cybersecurity is the existential threat of this generation. A new report from Lloyd’s of London estimates a serious cyber attack could cost the global economy more than $120 billion - as much as catastrophic natural disasters such as Hurricane Katrina and Sandy. According to the report, the most likely scenario is a malicious hack that would take down a cloud service provider at an estimated loss of $53 billion. With all of the attention and the hundreds of vendors in the security industry, why are we still here in this same situation, with it only getting worse and more severe?

The reality is these "future" technologies and compute platforms, such as IoT and cloud, are no longer the future. They are here and now. This means the cyber attack surface is no longer a laptop or a server in a data center. According to Business Intelligence, there will be nine billion active IoT devices in the enterprise by 2019. That’s more than the entire smartphone and tablet markets combined. According to a 2016 IDG Enterprise Cloud Computing Survey, 70 percent of organizations already have apps in the cloud and 16 percent more will in 12 months. We’re also seeing development shifts such as DevOps become mainstream, and with that comes the rise of containers and microservices as a way to make changes to smaller parts of the application in a more agile way. According to 451 Research, the container market is the fastest growing market of cloud-enabling technologies, with a CAGR of 40 percent through 2020, growing from $762 million to $2.7 billion by 2020.

So What Do We Do in Response?

We throw hundreds of tools at the problem, each designed to protect the organization from a niche, many times advanced "threat of the week" style attack. We have Configuration Management Databases (CMDBs) which give the organization an IT view of assets and configurations, but weren’t built to keep pace with modern assets and aren’t a security view. Vulnerability Management (VM) technologies are used by most organizations to scan the network to identify issues, but the problem with legacy VM tools is they are a "one size fits all" approach designed in the world of client/server and on-premise data centers which only assess "known" assets which are running at the time of the scan or that can have an agent deployed on them.

We are in the new, modern world of IoT, cloud, SaaS, mobile and DevOps, which means organizations need to approach understanding their cyber risk in a way that adapts to this new world of modern assets. For example, IoT and mobile devices may be undetectable with traditional tools, containers and cloud workloads which, as opposed to other types of assets that have lives of months to years, may have a life of minutes to hours, making them extremely hard to see and protect. There are also safety-critical infrastructure and Operational Technology like Industrial Control Systems which are a rising attack vector. These systems were designed to be walled off from the network and isolated from threats, and therefore not designed for frequent change or software deployments. As software permeates through every industry, these Industrial IoT devices which are now connected devices need to be protected but the old way is too intrusive.

Bienvenido a la era moderna de Cyber Exposure

We believe that Cyber Exposure is the next frontier for empowering organizations to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. Cyber Exposure transforms security from a static or fragmented view to live and holistic visibility across every asset - whether that’s IoT or traditional IT devices, cloud infrastructure or Industrial Control Systems. From this live picture then you can start to accurately assess and analyze these assets for areas of exposure. This could be misconfigurations but it could also be other hygiene types of health indicators such as out-of-date antivirus or flagging high-risk users. By correlating this information with additional sources of data, such as a CMDB or threat intelligence, you can get a more complete picture of the business criticality and severity of the issue to prioritize remediation and work with IT to fix it.

Cyber Exposure is analogous to IT Service Management and how the execution of ITSM processes is supported with specialized software technology. At the core of ITSM software suites are a workflow management system (service desk) for managing incidents and maintaining a knowledge base system of record, and a Configuration Management Database (CMDB) for discovering and mapping Configuration Items and their dependencies. Bringing these technologies together creates an intuitive way to link incidents with change and service requests together, but also provides a view of business services and the underlying IT infrastructure to help accelerate troubleshooting and change impact analysis, for example. Just as ITSM provides a process for planning, delivering and operating IT services to better support customers, Cyber Exposure provides a discipline and a process for managing and measuring cyber risk against the modern attack surface. This will help security and IT teams collaborate to more effectively and efficiently identify and resolve issues, but will also provide an objective way for the CISO, CIO and the business to measure cyber risk and use it for strategic decisions and planning. Cyber Exposure technologies will provide the data, visualization, process management and metrics to help drive a new way to manage security to reduce risk, make better business decisions and actually enable digital transformation instead of being the impediment to it.

Communicating Cyber Risk to the Board

There has also been a lot of conversation around cybersecurity awareness and readiness within the C-suite and the board of directors: how do you represent and communicate cyber risk in non-technical, business terms? Today the CISO has to translate a mountain of data in multiple spreadsheets into intuitive insights the business can use to make decisions from. Cyber Exposure will help the CISO drive a new level of dialogue with the business. If you know which areas of your business are secure - or exposed - and you can measure your organization against a larger set of data, this opens up a whole new set of discussions and decisions about where the organization needs to focus. For example, how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions. Every function has its organizational system of record to manage, measure and predict the business exposure relevant to that function. For example, CRM for revenue and forecasting exposure, ERP for financial and supply chain exposure and Human Capital Management (HCM) for employee satisfaction and attrition exposure. Imagine a future where every strategic business decision factors in Cyber Exposure data as a key risk metric, just as the business does with all of these types of exposures. We believe the future doesn’t need to be in the future. We believe the future is now.

We’re excited to apply our years of expertise and knowledge in understanding assets, networks and vulnerabilities to usher in this new modern era of Cyber Exposure. And we’re just getting started...

Suscríbase al blog de Tenable

Suscribirme
Solución de prueba Compre ahora

Pruebe Tenable.io

GRATIS POR 60 DÍAS

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Regístrese ahora.

Compre Tenable.io

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

65 activos

$2,275.00

Compre ahora

Solución de prueba Compre ahora

Pruebe Nessus Professional gratis

GRATIS DURANTE 7 DÍAS

Nessus® es el analizador de vulnerabilidades más completo en el mercado actual. Nessus Professional le ayudará a automatizar el proceso de análisis de vulnerabilidades, le ahorrará tiempo en sus ciclos de cumplimiento y permitirá la participación su equipo de TI.

Compre Nessus Professional

Nessus® es el analizador de vulnerabilidades más completo en el mercado actual. Nessus Professional le ayudará a automatizar el proceso de análisis de vulnerabilidades, le ahorrará tiempo en sus ciclos de cumplimiento y permitirá la participación su equipo de TI.

Compre una licencia plurianual y ahorre

Solución de prueba Compre ahora

Pruebe Tenable.io Web Application Scanning

GRATIS POR 60 DÍAS

Disfrute el acceso completo a nuestra oferta de productos más recientes para el escaneo de aplicaciones web diseñados para aplicaciones modernas como parte de la plataforma Tenable.io. Escanee de manera segura todo su portafolio en línea para detectar vulnerabilidades con alto grado de exactitud sin el esfuerzo manual intensivo ni la interrupción de aplicaciones web críticas. Regístrese ahora.

Adquiera Tenable.io Web Application Scanning

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

5 FQDN

$3,578.00

Compre ahora

Versión de prueba Compre ahora

Pruebe Tenable.io Container Security

GRATIS POR 60 DÍAS

Disfrute del acceso sin límites a la única oferta de productos para la seguridad de contenedores integrada en una plataforma de gestión de vulnerabilidades. Supervisa imágenes de contenedores para detectar vulnerabilidades, malware e infracciones a las políticas. Integración con sistemas de implementación continua (CI/CD) para respaldar las prácticas de las operaciones de desarrollo, fortalecer la seguridad y respaldar el cumplimiento con las políticas empresariales.

Adquiera Tenable.io Container Security

Tenable.io Container Security permite de forma fácil y segura procesos de DevOps al ofrecer visibilidad sobre la seguridad de las imágenes de contenedores, incluyendo vulnerabilidades, malware e infracciones a políticas, mediante la integración con el proceso de desarrollo.

Obtenga más información sobre la seguridad industrial

Obtenga una demostración de Tenable.sc

Complete el formulario que se encuentra a continuación con su información de contacto y un representante de ventas se comunicará con usted en breve para programar una demostración. También puede incluir un comentario breve (hasta 255 caracteres). Tenga en cuenta que los campos que tienen un asterisco (*) son obligatorios.