Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Is Your DevOps Secure?

DevOps has become a competitive advantage for many organizations. However, many of these processes are not secure and raise serious challenges for cybersecurity professionals. Here’s how Tenable can help.

DevOps gives business leaders a lot to be excited about. After all, this new approach to software development drastically improves time to market for new services, making it possible to outpace competitors. Organizations have realized other important benefits as well, such as reducing the time spent maintaining existing apps and improving the quality and performance of deployed apps.

It’s no surprise, then, that DevOps has finally reached mainstream status, with one research report indicating that 96% of organizations have implemented or plan to implement DevOps. DevOps is an important differentiator as all companies eventually become software companies.

On the flip slide, DevOps gives security leaders a lot to be worried about. According to the latest State of DevOps Report from Puppet and DORA, high IT performers with mature DevOps processes deploy code 46 times more frequently than low IT performers. In raw numbers, that’s more than 1,400 deployments per year for the high IT performers, compared to only 30 for the low performers.

Unfortunately, security teams are largely disconnected from this continuous software delivery process, relying instead on downstream gates designed for the era of waterfall development. Only 20% of organizations incorporate any security testing during development, with another 17% stating they are not using any technologies at all to protect their applications.

To make matters even more difficult, security teams are often outnumbered by developers in the organization by 100:1. How can security teams possibly keep up with DevOps velocity while being constrained by limited resources?

Hackers are already taking advantage of poor DevOps cyber hygiene with cryptomining malware attacks using Docker Hub backdoors, wide open Kubernetes accounts, and unpatched Drupal web applications. While attacks today are harnessing vast amounts of computational power to generate cryptocurrency revenue, it doesn’t take much imagination to envision future attacks targeting sensitive enterprise or customer data.

Security professionals need to rethink traditional vulnerability management and embrace new security methodologies to secure DevOps processes. We at Tenable believe a new security discipline, called Cyber Exposure, is required to cover the breadth of the modern attack surface (e.g., cloud services, mobile devices, IoT/OT assets) and provide a new depth of insight into vulnerability data for more accurate visibility and decision-making. Cyber Exposure will help security leaders incorporate new secure DevOps principles to better manage and measure cyber risk by providing:

  • Continuous discovery and scanning. Monthly or quarterly scans do not cut it in the DevOps world. Continuous software delivery means the environment is constantly changing, requiring continuous discovery and assessment of cyber risk. This should occur across the software development lifecycle—from development through operations—to provide full visibility.
  • Security integration into DevOps processes. Security tests and controls need to be an integral part of the software development lifecycle and embedded into the development pipeline. Vulnerabilities, malware, and misconfigurations should be treated as any other type of software defect that diminishes code quality and should be remediated as early as possible in the development lifecycle.
  • Automation of security workflows. To support the scale and speed of DevOps, security controls must be exposed programmatically with APIs into DevOps systems to take advantage of automation throughout the software development lifecycle. For example, instead of security teams manually assessing images during predefined security gates, security testing can be triggered automatically to assess all new builds as they are created.

Tenable offers a variety of solutions to help you on your secure DevOps journey. Cloud connectors in Tenable.io continuously track asset changes to ensure all cloud workloads are known and assessed for vulnerabilities. Tenable.io Container Security plugs into continuous integration and continuous delivery (CI/CD) systems to remediate vulnerabilities and malware during development. Well-documented APIs in Tenable.io allow you to automate security scans and integrate controls in your workflows. And earlier this month, Tenable announced several new Tenable.io platform enhancements to support heterogeneous cloud platforms and enable security to be built into the entire software development lifecycle from build to production.

In fact, here’s how one Tenable customer is taking advantage of many of these secure DevOps capabilities today:

“The Tenable.io AWS connector is the key to automating our DevSecOps pipeline. It allows us to gain real-time visibility into our cloud environment to track assets as they are spun up and down so that our other tools can be integrated into the pipeline in an automated fashion.” -- Mick Kohler, Senior Manager, Cyber Security, Enterprise Security, Sysco

Want to learn more about securing DevOps? The following resources will help you on your journey:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training