Features, Insight, Interviews

Preventive Cyber Defence 

Maher Jadallah, Senior Director Middle East & North Africa, Tenable details their plans to empower organisations with comprehensive exposure management across an ever-expanding attack surface. 

Can you outline to our readers how your company has harnessed cutting-edge cybersecurity technologies to transform how you conduct your day-to-day operations to deliver the level of security that your customers, end-users, and partners’ demand in todays threat landscape? 

For far too long security teams have been treating the symptoms of cybercrime rather than curing the disease. The current approach is reactive and relies heavily on post-event data to find the origin of an attack and clean up the mess. This modus operandi is a losing battle against asymmetric cybercriminal activity where defenders need to be right 100% of the time and threat actors only once.  

Instead of waiting to be attacked and then responding, it’s vital that security teams take a preventive approach to cyber defence. The need to understand the attack surface and proactively manage risk to the business has never been more urgent. The only way to stay ahead of the curve is to find the weak spots in defences proactively, before attackers can, and prioritise remediations based on organisational risk. 

Tenable has, for years, harnessed Artificial Intelligence (AI) and Machine Learning (ML) in multiple ways across its solutions. This includes enhancing models around asset criticality assessment, in prioritisation techniques, and other methods we use to differentiate our offerings and add valuable insight for customers. Tenable uses AI (generative artificial intelligence, deep learning, AI and machine learning) to fuel our exposure management capabilities with the following use cases: 

  • Explain: Derive succinct guidance to better understand product findings. 
  • Search: Simplify search across your asset inventory for complete visibility. 
  • Action: Proactively deliver insights for actions with the most impact. 

If you have unique data then you’re going to have unique intelligence guiding decisions. It’s truly “garbage in, garbage out” — or “gold in, gold out” — depending on the source. Tenable’s exposure data stands as the world’s largest repository of contextual exposure data, fuelling the capabilities of Tenable ExposureAI. This unified data platform – representing more than 1 trillion unique exposures, IT assets and security findings (vulnerabilities, misconfigurations and identities) across IT, public cloud and OT environments – is the largest repository of contextual exposure data in the world and feeds all of Tenable’s Exposure Management products. 

With leading breadth and depth of data and context, Tenable empowers organisations with comprehensive exposure management across the ever-expanding attack surface. It provides a wealth of information, enabling organisations to gain valuable insights into potential vulnerabilities, threats and misconfigurations. 

OpenAI and ChatGPT are all the rage, and these new AI integrations have been tipped to fundamentally reshape all major industries including cybersecurity. What is your view on the impact of AI on cybersecurity? Are you excited about the opportunities it presents, or do you think more regulation is needed to control its impact on cybersecurity? 

For security teams and organisations, generative AI is the same as any other new technology that enters the arena. While created as a tool for good, AI can just as easily be weaponised by malicious cyber attackers to accelerate their money making schemes or even create misinformation and we need to keep one step ahead. 

There is a learning curve and we’re on the cusp of understanding what AI is capable of. With generative AI — such as Google Virtex AI, OpenAI GPT-4, LangChain and many others — it is possible to return new intelligent information in minutes in simple language even non-technical people can understand. For security, these insights will continue to become more accessible and capable of turning anyone into expert defenders. 

Digital and cloud transformation projects have become increasingly prevalent in the Middle East. From a cybersecurity perspective, what are the key processes that enterprises should adopt to ensure a successful and secure transformation journey? 

Successful hybrid cloud security requires a unified approach. With cloud computing the traditional perimeter is moved outside of the enterprise data centre which means identity replaces networks as the primary trust boundary. Rather than malicious actors, the overwhelming majority of cloud security incidents stem from misconfigurations.  

To preventatively secure the modern attack surface security teams must first gain an understanding of all the conditions that matter in today’s complex and dynamic environments. This requires a holistic view of cloud and on-premise, IT and OT environments, and everything in between including the interdependencies that exist for critical functionality, to determine where weaknesses and vulnerabilities exist. 

In your expert opinion, what do you consider the biggest cybersecurity challenges faced by enterprises in the IT and technology industry across the Middle East? 

The threats organisations typically face are spearphishing and malicious downloads to known vulnerabilities and weak passwords. When it comes to these cyberattacks, what we know is that threat actors’ attack methodology is not advanced or even unique but opportunistic. They’re looking for an open window to crawl through.   

When evaluating an organisation’s attack surface, they’re probing for the right combination of vulnerabilities, misconfigurations and identity privileges. In the majority of instances it is a known vulnerability that allows threat actors an entry point to the organisation’s infrastructure. Having gained entry threat actors will then look to exploit misconfigurations in Active Directory to further infiltrate the organisation to steal data, encrypt stems or other nefarious activities. 

To mitigate the risks requires a holistic view — of IT and OT environments, on-premises and in the cloud, and everything in between — with the interdependencies that exist for critical functionality, to determine where weaknesses and vulnerabilities exist. Once a holistic viewpoint is established, the next step is to identify what would cause theoretical versus practical damage. From this stance steps can be taken to remediate the risks where possible, or monitor the assets related to the risk for deviations, to attacks. 

This supplement is titled Tech Vision, so with that in mind, what does the future hold for the cybersecurity landscape in the Middle East? What key cybersecurity trends and technologies do you believe will drive significant changes over the next ‘digital decade’? 

The infrastructure that underpins organisations today has experienced dramatic transformation with automation driving progress.  Over the next 10 years we can expect this to continue to morph and change as new ways of working are developed, powered by Artificial Intelligence. Security teams are already struggling to gain visibility of what is within their infrastructure and what is connecting to it and we should expect this complexity to be amplified.  

Attackers see many ways in and multiple paths through technology environments to do damage to organisations. Organisations aren’t helpless. Security teams need to look at business risk holistically. That said, it’s impractical to remediate everything at once, so instead it’s important to understand which fixes give the biggest bang for their buck to tackle threats in the right order. Getting visibility into where the biggest areas of risk are – we call this exposure management – is absolutely critical to knowing which doors and windows are wide open and need to be closed first irrespective of how complicated or connected the environment becomes. 

Exposure management provides an understanding of all the conditions that matter in today’s complex and dynamic environments that helps an organisation determine the full breadth and depth of its exposures, allowing security teams to take the actions needed to reduce them through remediation and incident response workflows. 

An exposure management program combines the people, processes and technologies associated with exposure management. Technologies such as vulnerability management, web application security, cloud security, identity security, attack path analysis and attack surface management are used to help an organisation understand the full breadth and depth of its exposures and take the actions needed to reduce them through remediation and incident response workflows. 

Previous ArticleNext Article

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines