Tenable has announced that it has acquired Indegy, an industrial cybersecurity firm which provides visibility, security and control across operational technology (OT) environments.
“For every company in every industry, OT is now part of the modern attack surface. CISOs are being asked to secure OT systems alongside IT but lack the necessary visibility and technology to manage and measure OT cyber risk in the same way as IT risk,” said Amit Yoran, chairman and CEO, Tenable.
“The combination of Tenable and Indegy brings together two pioneers of IT vulnerability management and industrial cybersecurity to deliver the industry’s first unified, risk-based view of IT and OT security. This is a game changer that will help transform how security and the C-suite make strategic decisions around OT risk. This acquisition is a critical milestone in delivering on our Cyber Exposure strategy to help organisations understand and reduce cyber risk across the entire modern attack surface. Indegy extends our depth of OT expertise and intelligence, and our breadth of OT-specific capabilities from vulnerability management to asset inventory, configuration management and threat detection. We look forward to working with the Indegy team to help the industry usher in the next wave of IT/OT convergence.”
Barak Perelman, co-founder and CEO, Indegy, said, “When we started Indegy we set out on a mission to protect industrial networks through a mix of cybersecurity expertise and hands-on OT experience, developing products which solve the hardest industrial cybersecurity challenges. We are excited to accelerate this mission by joining Tenable, a visionary IT cybersecurity leader with a trusted brand and proven track record of product innovation. We look forward to working with the Tenable team and bringing OT cyber capabilities to its broad customer base.”
In the digital era, OT cybersecurity risk is a critical business risk. Not only is the frequency of OT attacks increasing but the impact of an OT security event can have a material effect on business operations spanning beyond information leakage to equipment damage, safety concerns for employees, or a major environmental incident.
A recent survey by the Ponemon Institute and Siemens found that the majority of respondents viewed cyber threats to be a greater risk to OT environments than to IT. Modern OT environments increasingly interconnect with IT as companies consolidate their operational data to optimise costs and accelerate innovation. The result is a complex, sensitive and vastly expanded attack surface for Chief Information Security Officers (CISO) to manage, often without visibility into OT environments.
Tenable and Indegy deliver the following capabilities within a single platform:
- Risk-based measurement: Score, trend and benchmark IT and OT together in Tenable Lumin, the company’s advanced visualisation, analytics and measurement solution for cyber exposure. Organisations can apply a dedicated approach to IT and OT through asset-relevant policies, metrics and KPIs, while leveraging the power of Tenable Lumin to measure IT and OT risk together for more comprehensive decision-making.
- Unified view of IT and OT vulnerabilities: View and manage OT security issues alongside IT vulnerabilities, from assessment through closed-loop remediation verification. OT vulnerabilities now leverage the power of Tenable Predictive Prioritisation, which applies data science to prioritise OT issues for remediation based on the vulnerability and its likelihood of exploitability.
- Depth of intelligence into OT environments: Indegy brings a deep understanding of the complete OT device, including components from multiple vendors and how they relate to each other, for more accurate and comprehensive management.
- IT and OT vulnerability assessment: Through its deep OT device intelligence, Indegy pioneered and patented a safe and non-intrusive way to bring active analysis to OT devices alongside passive monitoring. Indegy’s assessment approach, alongside Tenable’s combination of agent-based scanning, active analysis and passive monitoring, create the industry’s most accurate and comprehensive vulnerability data set.
- OT-specific process management: Security and plant operations teams both benefit from Indegy’s powerful OT asset inventory, configuration management and threat detection capabilities, in addition to its vulnerability management.
The Indegy Industrial Cybersecurity Suite integration with Tenable.sc, for on-prem vulnerability management, is available. The Indegy integration with Tenable.io, for cloud-based vulnerability management, and Tenable Lumin will be available in the first half of 2020.