"Tenable.cs helps organizations to programmatically detect and fix cloud infrastructure misconfigurations in the design"

Kartik Shahani, Country Manager, Tenable India

Tenable India has pioneered the IT Vulnerability Management market with a vision to empower all organizations to understand and reduce their cybersecurity risk.  The company is at the forefront of innovation in this new era to help organizations of all sizes rethink how they can secure the modern digital enterprise as the pioneer of the emerging Cyber Exposure market. Tenable has recently brought Tenable.cs, which is a developer-friendly, cloud-native application platform that enables organizations to secure cloud resources, container images and cloud assets, providing end-to-end security from code to cloud to workload. It will help enterprises manage cloud security posture and extend vulnerability management practices from the cloud to code. In this context, Kartik Shahani, Country Manager, Tenable India throws light on the current security trends, latest security technologies, importance of the IaC security etc.

Present security trends in India

While discussing about the current security trends in the country, Kartik points out:

“A shift-left approach to security: As organizations in India continue to adopt cloud-native technologies the detection of vulnerabilities and cloud misconfigurations will have to move from being reactive to proactive. This is because risks identified at runtime are already exposed to attackers, and fixes applied in runtime will be overwritten with the next code deployment. Organizations cannot achieve cyber resilience with legacy cloud security tools. The only way to ensure ephemeral cloud assets are secure is by codifying security throughout the development lifecycle, making the software secure by design.

5G and cybersecurity: The Indian government announced the allocation of the 5G spectrum in 2022. The benefits of 5G in India are very tangible but it also enhances risks. 5G will increase our dependence on digital infrastructures, increasing the negative impact on society when this infrastructure malfunctions due to cyberattacks. Businesses must carefully consider the cyber resilience and security of the systems that will utilize this game-changing technology. 

Active Directory security:  One of the most overlooked aspects of cybersecurity is the Active Directory (AD). Ransomware operators have concentrated their focus on leveraging vulnerabilities and misconfigurations in the AD as a pivotal step in their attack path. Cybercriminals know that compromising AD is the easiest way to gain unrestrained access to an organization’s network and obtain the “keys to the kingdom”. Unfortunately, too few organizations are adequately assessing AD for security and governance issues. We expect organizations in India to focus on securing the AD and building zero-trust environments to increase resilience.”

The latest security technologies

Tenable announced new capabilities for Tenable.cs, its cloud-native application security platform. By using Tenable.cs, organizations will be able to programmatically detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of the Software Development Lifecycle.

Importance of the IaC security

According to Kartik, “Supply chain attacks, which are a type of cyberattack that targets a third-party vendor that offers software vital to the supply chain; have become very common over the years. By implementing security into the developer build process - continuous integration and continuous delivery (CI/CD) and DevOps Pipelines, these types of attacks can be mitigated. With Infrastructure-as-Code (IaC), all resources and respective configurations are defined in code. This means scanning can easily determine what controls are available and what they’re able to address. It also means that if vulnerability is found, the impact on the broader environment can be quantified. The ability of a software tool to automatically detect issues and remediate them before deployment is at the core of building a highly effective DevSecOps team.” 

IaC building security into the core of applications

In his concluding lines Kartik says, “IaC has the ability to modernize manual processes in security and operations. It offers a way to describe infrastructure in the form of source code. Security can enable the DevOps team with a security syntax check for Infrastructure as Code, assessing Terraform and Kubernetes scripts for issues. In this way, they can ensure that what is deployed is secure by default and that any fixes are a simple merge request rather than a patch or operational afterthought.”