Cancom

CANCOM chooses Tenable for its vulnerability management solution

To meet this challenge, CANCOM chose technology from Tenable, which specializes in exposure management solutions. Tenable supports B2B customers around the world who want to identify and reduce cybersecurity risks. As the developer of Tenable Nessus®, Tenable has extended its expertise in exposure management to provide the world's first platform for detecting and securing any digital asset on any computing platform.

User-friendliness is the decisive factor in security solutions. CANCOM conducted a proof-of-concept (PoC) with Tenable that quickly addressed any potential concerns. “Tenable is intuitive, easily customizable, and compatible with operating system environments like Windows and Linux and easily integrates with ITSM platforms such as ServiceNow. This seamless integration means that many processes can be automated,” explains Reifenberger.

Gradual rollout, integration into managed services portfolio is planned

All hardware is located in CANCOM data centers in Germany, much of it virtualized. CANCOM relies on comprehensive vulnerability management of its entire corporate environment as well as penetration tests to ensure that all vulnerabilities and possible entry points are found. In the future, Tenable Security Center (formerly Tenable.sc) will be used for vulnerability management. Tenable Security Center is managed on-premises, based on Tenable Nessus® technology, and provides comprehensive vulnerability coverage with continuous assessment of the network in real time.

The solution provides security teams with a risk-based overview of the state of their IT, security and compliance. Security executives have a comprehensive overall picture of all risks in the environment and know exactly which vulnerabilities and assets they should prioritize.

The introduction of Tenable at CANCOM will be gradual and will replace existing solutions. CANCOM intends to use Tenable's solutions not only in-house, but also to integrate them into its managed security services portfolio.

“Security is an essential trademark of CANCOM, and that's why we always use the most innovative solutions. We only offer our customers solutions if we ourselves are convinced that they meet the respective requirements in the best possible way. In this way we would like to take into account an increasing demand in the future. Nowadays, every company needs a solution for vulnerability and exposure management, otherwise the security of the business cannot be guaranteed,” explains Reifenberger.

New challenges of the wireless trend, cloud and hybrid working

The Internet of Things (IoT) will also lead to ever greater and more diverse security challenges for enterprises, as IoT devices bring new vulnerabilities to the corporate environment. Add to that 5G/6G and WLAN 6, because wireless is the future, and attacks through wireless infrastructure will increase as a result. Another critical security issue is the ongoing shift to cloud computing and hybrid working models, as this increases both the attack surface and the number of potential threats and vulnerabilities. Even before the pandemic began, CANCOM was well prepared for hybrid work, but it continues to bring new security challenges.

An ever-growing attack surface can also be attributed to corporate growth. CANCOM is growing rapidly and is constantly acquiring companies that need to be integrated into the security concept. This means that vulnerability scanning has to be a continuous, automated process.

Usability, performance and context are key

“End users need to be able to use a security solution without problems and see tangible benefits. You should have as little work as possible with security, so both usability and performance must be right,” explains Reifenberger. "Tenable is very compelling in this regard because it simplifies IT security while increasing the level of security.”

Roger Scheer, Tenable's Regional Vice President Central Europe, adds, "It's also important to assess vulnerabilities in the context of an organization's specific cyber risk. The importance of a particular vulnerability may change over time as the threat landscape changes as well. Also, a vulnerability in one type of asset may have a less severe impact than another type of asset. Modern, future-proof vulnerability management must be able to recognize exactly this and provide context for the environment that is to be protected. Only then can a company prioritize a vulnerability in such a way that the risk is reduced as much as possible.”

Automation pays off

Security is an increasingly complex issue and a challenge for many companies. The overarching goal is to continuously reduce cyber risk. It is therefore important to focus on the essentials, reduce complexity as much as possible and automate as much as possible. But many companies still do too much manual work when it comes to cybersecurity.

“Automation requires an initial investment, but it definitely pays off in the long run. Thanks to Tenable, we can do our 'homework' in terms of vulnerability management better and better,” concludes Reifenberger.