Tenable —the Exposure Management company— emphasised a paradigm shift in cybersecurity, from reactive detection to proactive exposure management. Bernard Montel, EMEA Technical Director and Security Strategist, explains how Tenable’s strategic acquisitions, innovative AI-driven tools, and unified platform approach are helping businesses understand and reduce cyber risk from a business perspective.
In this interview, Montel dives deep into Tenable’s latest capabilities, including vulnerability intelligence, attack path analysis, and the growing role of AI in anticipating and mitigating threats.
What did Tenable showcase at GISEC Global 2025?
We focused on three core elements. First is exposure management, which is our strategic direction, especially after a key acquisition in February. It’s about understanding exposures from a business risk lens, transitioning from traditional vulnerability management to holistic attack surface visibility. Second, we demonstrated how exposure management can proactively identify open paths that attackers might exploit. Third, we aimed to change the mindset in cybersecurity from reactive to proactive, helping organisations reduce complexity and improve risk-based decision-making.
Can Tenable predict and block attacks in real time using AI?
We differentiate between reactive and proactive cybersecurity. While most organisations invest heavily in detection and response (reactive), Tenable is rooted in proactive defence. We don’t detect active attacks—we detect paths that could lead to an attack. By identifying and closing these paths, we help prevent potential breaches before they occur. This shift helps reduce the need for overly complex detection systems and allows security teams to focus on meaningful risk mitigation.
Could you share an anonymised use case where exposure management prevented significant damage?
Absolutely. We’ve helped clients reduce ransomware risk by detecting exposure paths aligned to specific emerging threats. One recent case involved a top-down response—where a CISO, alarmed by news of an ongoing ransomware campaign, asked whether their organisation was exposed. Our platform quickly identified attack paths and exposures related to that campaign, enabling rapid remediation and preventing potential impact.
How does exposure management enhance operational efficiency for security teams?
It’s a game-changer. By investing in proactive measures, organisations reduce the number of detection rules and simplify incident response workflows. For example, once we detect an open attack path, we can initiate tailored actions—investigate if it’s already been exploited or activate specific response protocols. This seamless integration with Security Operations Centres (SOCs) significantly boosts operational efficiency.
What new features are being introduced in Tenable’s Security Centre, and how do they improve security posture?
We’ve enhanced our platform with vulnerability intelligence. This gives users access to 20 years of Tenable research and threat data—before scanning even begins. Instead of scanning first and analysing later, we provide context-rich insights upfront. This enables faster decision-making and more effective prioritisation. We’ve also opened the platform to third-party sources to enrich context, making our exposure management platform even more powerful.
With increasing demand for OT security, how is Tenable addressing regional cybersecurity challenges?
We were pioneers in recognising IT/OT convergence, starting back in 2019. Today, we go beyond IT and OT to include IoT and cloud in a unified risk view. Given the region’s critical infrastructure sectors—utilities, oil and gas, and transport—we offer visibility from factory floor to cloud. Our unique ability to link all these environments within the Tenable One platform gives unmatched insight into how attackers could exploit interconnected systems.
How is Tenable integrating AI into its defence strategy, particularly with the rise of GenAI?
AI isn’t new for us—we’ve used machine learning for years in scoring vulnerabilities and misconfigurations. With GenAI, we’re enhancing that further. For example, attackers are already using GenAI to generate malware. On the defence side, we use GenAI to simplify complex attack paths, contextualise risk, and generate tailored remediation advice. Our chatbot interface, trained on our vulnerability intelligence database, helps security practitioners understand their exposures faster and more clearly.
Which technologies are shaping the future of exposure management?
Exposure management is becoming the next-generation cybersecurity framework. Gartner’s CTEM (Continuous Threat Exposure Management) is a strong validation of this. Key technologies include multi-source data integration (from both Tenable and third parties), advanced analytics, and automated workflows with playbooks for contextual response. Most importantly, the evolution is moving toward business-aligned risk visibility—empowering C-level decision-makers with clear answers to the question: “Is my business exposed today?”
Image Credit: Tenable
