Vulnerability Management in 2017: Leap Ahead or Fall...
Transcript of Vulnerability Management in 2017: Leap Ahead or Fall...
Vulnerability Management in 2017:Leap Ahead or Fall Behind
Josh Zelonis – Senior Analyst, Forrester ResearchMichael Applebaum – VP of Product Marketing, Tenable
© 2017 FORRESTER. REPRODUCTION PROHIBITED.
The Changing LandscapeOf Vulnerability ManagementJosh Zelonis, Senior Analyst
March 2017
3© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Agenda
› How Attack Trends Have Changed Vulnerability Management
› The Intersection of Application Security and Vulnerability Management
› Containers offer a unique solution
4© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Security vs Operations in Vulnerability Management
5© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Software Vulnerabilities Continue To Plague Us
Source: Top Cybersecurity Threats in 2017 Forrester report
6© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Elastic Infrastructure and BYOD Transform Your Network into a Shifting Landscape
7© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Traditional Patching Prioritization Is Meaningless
Source: Top Cybersecurity Threats In 2017 https://www.forrester.com/go?objectid=RES136712
8© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Application Security and Vulnerability Management have flirted together for years.
9© 2017 FORRESTER. REPRODUCTION PROHIBITED.
DevOps Is A Gift To Us All
10© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Automation Allows Us To Test Earlier In The SDLC
11© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Containers take this a step farther
12© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Unlike Virtual Machines, Containers Do Not Include A Full Guest OS
Source: Brief: Why Docker Is All The Rage Forrester report
13© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Containers Allow Us To Push Earlier Into The SDLC
Source: Five Steps to Reinforce and Harden Application Security
FORRESTER.COM
Thank you© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Josh Zelonis+1 [email protected]: @jz415
Tenable has introduced Tenable.io, a cloud-based platform we have been building since 2015. We will use it to transform Vulnerability Management, while expanding into application security.
We also maintain a long-term commitment to on-premises solutions.
Asset Model
Pricing /Licensing
Web App/Container
IntegrationFull Asset Visibility
Tenable has introduced Tenable.io, a cloud-based platform we have been building since 2015. We will use it to transform Vulnerability Management, while expanding into application security.
We also maintain a long-term commitment to on-premises solutions.
Full Asset Visibility
IntegrationWeb App/Container
Pricing /Licensing
Asset Model
Nessus Sensors Third Party Sources
Scanner Agent PVSVM
ProviderApp Sec Provider
CMDB Provider
Other 3rd Party
Vulnerability Management
Web Application Scanning
Container SecurityApplications
Platform
API and SDKIntegration
Sensors
Tenable.io manages by assets, not IPs
A simple definition:An asset is a resource that can be analyzed
http://www…
With Elastic Licensing for dynamic assets
Soft Enforcement
Keep working while upgrading your license
Baselines
Errors, bursts, and one-time assets are
automatically aged out
Threat context improves prioritization
We now offer Tenable.io Container Security to help customers with Dockervulnerability, malware & compliance analysis.
It integrates seamlessly into the build process – by integrating with common CI/CD tools.
This is the start of our push into application security.
Bringing security into the build process:Tenable.io Container Security
Define custom policies
That generate alerts or block deployment
Next Steps
Learn more or try a free evaluation today:
tenable.com/try-io
tenable.com/try-container
Thank You!