Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cyber Exposure:安全性的下一個疆界

The stakes have never been higher when it comes to cybersecurity. Global cyber attacks such as the recent WannaCry ransomware attack is a sobering reminder that cybersecurity is the existential threat of this generation. A new report from Lloyd’s of London estimates a serious cyber attack could cost the global economy more than $120 billion - as much as catastrophic natural disasters such as Hurricane Katrina and Sandy. According to the report, the most likely scenario is a malicious hack that would take down a cloud service provider at an estimated loss of $53 billion. With all of the attention and the hundreds of vendors in the security industry, why are we still here in this same situation, with it only getting worse and more severe?

The reality is these "future" technologies and compute platforms, such as IoT and cloud, are no longer the future. They are here and now. This means the cyber attack surface is no longer a laptop or a server in a data center. According to Business Intelligence, there will be nine billion active IoT devices in the enterprise by 2019. That’s more than the entire smartphone and tablet markets combined. According to a 2016 IDG Enterprise Cloud Computing Survey, 70 percent of organizations already have apps in the cloud and 16 percent more will in 12 months. We’re also seeing development shifts such as DevOps become mainstream, and with that comes the rise of containers and microservices as a way to make changes to smaller parts of the application in a more agile way. According to 451 Research, the container market is the fastest growing market of cloud-enabling technologies, with a CAGR of 40 percent through 2020, growing from $762 million to $2.7 billion by 2020.

So What Do We Do in Response?

We throw hundreds of tools at the problem, each designed to protect the organization from a niche, many times advanced "threat of the week" style attack. We have Configuration Management Databases (CMDBs) which give the organization an IT view of assets and configurations, but weren’t built to keep pace with modern assets and aren’t a security view. Vulnerability Management (VM) technologies are used by most organizations to scan the network to identify issues, but the problem with legacy VM tools is they are a "one size fits all" approach designed in the world of client/server and on-premise data centers which only assess "known" assets which are running at the time of the scan or that can have an agent deployed on them.

We are in the new, modern world of IoT, cloud, SaaS, mobile and DevOps, which means organizations need to approach understanding their cyber risk in a way that adapts to this new world of modern assets. For example, IoT and mobile devices may be undetectable with traditional tools, containers and cloud workloads which, as opposed to other types of assets that have lives of months to years, may have a life of minutes to hours, making them extremely hard to see and protect. There are also safety-critical infrastructure and Operational Technology like Industrial Control Systems which are a rising attack vector. These systems were designed to be walled off from the network and isolated from threats, and therefore not designed for frequent change or software deployments. As software permeates through every industry, these Industrial IoT devices which are now connected devices need to be protected but the old way is too intrusive.

歡迎來到 Cyber Exposure 的新時代

We believe that Cyber Exposure is the next frontier for empowering organizations to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. Cyber Exposure transforms security from a static or fragmented view to live and holistic visibility across every asset - whether that’s IoT or traditional IT devices, cloud infrastructure or Industrial Control Systems. From this live picture then you can start to accurately assess and analyze these assets for areas of exposure. This could be misconfigurations but it could also be other hygiene types of health indicators such as out-of-date antivirus or flagging high-risk users. By correlating this information with additional sources of data, such as a CMDB or threat intelligence, you can get a more complete picture of the business criticality and severity of the issue to prioritize remediation and work with IT to fix it.

Cyber Exposure is analogous to IT Service Management and how the execution of ITSM processes is supported with specialized software technology. At the core of ITSM software suites are a workflow management system (service desk) for managing incidents and maintaining a knowledge base system of record, and a Configuration Management Database (CMDB) for discovering and mapping Configuration Items and their dependencies. Bringing these technologies together creates an intuitive way to link incidents with change and service requests together, but also provides a view of business services and the underlying IT infrastructure to help accelerate troubleshooting and change impact analysis, for example. Just as ITSM provides a process for planning, delivering and operating IT services to better support customers, Cyber Exposure provides a discipline and a process for managing and measuring cyber risk against the modern attack surface. This will help security and IT teams collaborate to more effectively and efficiently identify and resolve issues, but will also provide an objective way for the CISO, CIO and the business to measure cyber risk and use it for strategic decisions and planning. Cyber Exposure technologies will provide the data, visualization, process management and metrics to help drive a new way to manage security to reduce risk, make better business decisions and actually enable digital transformation instead of being the impediment to it.

Communicating Cyber Risk to the Board

There has also been a lot of conversation around cybersecurity awareness and readiness within the C-suite and the board of directors: how do you represent and communicate cyber risk in non-technical, business terms? Today the CISO has to translate a mountain of data in multiple spreadsheets into intuitive insights the business can use to make decisions from. Cyber Exposure will help the CISO drive a new level of dialogue with the business. If you know which areas of your business are secure - or exposed - and you can measure your organization against a larger set of data, this opens up a whole new set of discussions and decisions about where the organization needs to focus. For example, how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions. Every function has its organizational system of record to manage, measure and predict the business exposure relevant to that function. For example, CRM for revenue and forecasting exposure, ERP for financial and supply chain exposure and Human Capital Management (HCM) for employee satisfaction and attrition exposure. Imagine a future where every strategic business decision factors in Cyber Exposure data as a key risk metric, just as the business does with all of these types of exposures. We believe the future doesn’t need to be in the future. We believe the future is now.

We’re excited to apply our years of expertise and knowledge in understanding assets, networks and vulnerabilities to usher in this new modern era of Cyber Exposure. And we’re just getting started...

訂閱 Tenable 部落格

免費試用 立即購買

選擇 Tenable.io

免費試用 60 天

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。 立即註冊。

立即購買 Tenable.io

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

65 資產



免費試用 立即購買

免費試用 Nessus Professional

免費試用 7 天

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊互動。

購買 Nessus Professional

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊互動。


免費試用 立即購買

試用 Tenable.io Web Application Scanning

免費試用 60 天

享受我們專為現代應用程式而設計,屬於 Tenable.io 平台一部分的最新 Web 應用程式掃描產品的所有功能。不需耗費大量人力或中斷重要 Web 應用程式,即可高度準確且安全地掃描您整個線上產品系列中是否含有任何弱點。 立即註冊。

購買 Tenable.io Web Application Scanning

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。




免費試用 聯絡業務人員

試用 Tenable.io Container Security

免費試用 60 天

享受整合至弱點管理平台中的唯一容器安全產品的完整功能。監控容器映像中是否有弱點、惡意軟體及政策違規的情形。與持續整合和持續部署 (CI/CD) 系統整合,以支援 DevOps 作法、加強安全性並支援企業政策合規性。

購買 Tenable.io Container Security

Tenable.io Container Security 整合了建置程序,能提供包含弱點、惡意軟體和政策違規等容器影像安全性的能見度,讓您無縫並安全地啟用 DevOps 流程。

深入瞭解 Industrial Security

取得 Tenable.sc 產品示範

請填寫以下表格並附上您的聯絡資訊,我們的業務代表將盡快與您聯絡,以安排產品示範。您也可以附上簡短註解 (字元上限為 255 個)。請注意,標示星號 (*) 的欄位是必填欄位。