RSA 2017: Special conference coverage
Reporting and analysis from IT events
SAN FRANCISCO -- Tenable Network Security is hoping to make vulnerability management great again.
The security vendor, based in Columbia, Md., unveiled a new cloud-based vulnerability management platform, dubbed Tenable.io, this week at RSA Conference 2017. Tenable.io, which is delivered as a software-as-a-service offering, includes an API and software development kit that allows third parties to export and import vulnerability data. The vulnerability management platform includes web application scanning and container security monitoring features, as well as an asset tracking algorithm that tracks not only devices, but virtual machines and cloud instances, as well.
"We're looking to be the information security hub for the industry," Cris Thomas, security strategist at Tenable, told SearchSecurity. "It was important for us to build an ecosystem that works together for everyone."
Thomas said Tenable.io builds on the foundation of existing products like Nessus, Tenable's vulnerability scanning and configuration auditing tool. However, the vulnerability management platform was largely built from the ground up as a totally new, cloud-based offering. For example, Tenable.io has a service-level agreement with an uptime guarantee that's similar to SLAs of other major cloud providers.
The vulnerability management platform is also integrated with the IT service management workflows of several other security vendors and technology providers, including Amazon Web Services, CyberArk and ForeScout. The Tenable Technology Integration Partner program allows other companies to collaborate with Tenable and build integrations into the Tenable.io platform.
"We designed this to be easy to use," Thomas said. "You can export the data and feed it into other products, if you like. We obviously prefer you use it with Tenable products, but we make it work for pretty much any product."
Thomas admitted vulnerability management hasn't been the hottest of security technology categories in recent years and is often overlooked by many companies today. But he said better vulnerability management is crucial for enterprises with today's massive threat landscape, and the more companies that take part in Tenable.io, the more valuable vulnerability data will be generated for the participants.
"One of the issues that makes this sort of thing challenging is that it's hard to get critical mass," Thomas said. "But we have close to 2,500 customers that are already using products that are the basis for Tenable.io."
Learn how to adapt your enterprise's vulnerability monitoring strategy to hybrid cloud use
Find out how the Google Cloud Security Scanner compares to traditional vulnerability scanners
Examine the pros and cons of using a third-party web application scanner over a cloud provider's