Sophia Antipolis, 5 October 2023

ETSI is pleased to announce the extension of its Zero touch network and Service Management group (ISG ZSM) for an additional 2 year-period.

Read More...

Sophia Antipolis, 9 July 2024

ETSI is excited to announce OpenCAPIF Release 1 is now available in the ETSI Labs.

OpenCAPIF develops a Common API Framework as defined by 3GPP and this new version introduces several improvements and new features to deliver a more robust, secure, and efficient API Management Platform. These advancements are developed in tight collaboration and incorporating feedback from a growing Research Ecosystem including SNS projects such as 6G-SANDBOX, FIDAL, IMAGINEB5G, SAFE6G, ORIGAMI, ENVELOPE and SUNRISE6G.

Read More...

Starts: Wed, 20 Nov 2024 19:30:00 -0500
11/20/2024 06:00:00PM
Location: Toronto, Canada

Vulnerability management remains a cornerstone of preventive cybersecurity, but organizations still struggle with vulnerability overload and sophisticated threats. Tenable’s new Exposure Signals gives security teams comprehensive context, so they can shift from vulnerability management to exposure management and effectively prioritize high-risk exposures across their complex attack surface.

A critical vulnerability has been disclosed and attackers worldwide are actively exploiting it in the wild. Your vulnerability management team jumps into action and determines that the vulnerability is present in hundreds of your organization’s assets. Which ones do you patch first? How do you prioritize your remediation efforts? What criteria do you use? The clock is ticking. Hackers are on the prowl.

Historically, your vulnerability management team would rely on severity scores like Vulnerability Priority Rating (VPR). This is a great start, but only gives you one indicator of risk. To prioritize remediation precisely and effectively, you need to consider a variety of other criteria, such as a vulnerable asset’s type, owner, and function; the access-level and privileges on the asset; and critical attack paths into your environment.

This type of comprehensive, holistic context will let you prioritize correctly, but it can only be achieved with a different approach that goes beyond traditional vulnerability management. That approach is exposure management. 

With exposure management, your vulnerability management team would be able to pinpoint the subset of assets affected by our hypothetical vulnerability that, for example, are externally accessible, possess domain-level privileges and are part of a critical attack path. That way they would know where the greatest risk is and what they need to remediate first. Having this deep insight, context and visibility transforms the risk assessment equation, and allows your vulnerability management team to move decisively, quickly and strategically.

In this blog, we’ll outline why it’s imperative for your vulnerability management teams to shift to an exposure management mindset, and we’ll explain how Tenable can help them do it.

To pinpoint riskiest vulns, vulnerability management needs broader exposure context 

In today's evolving cybersecurity landscape, vulnerability management remains one of the foundational pieces of an organization's proactive defense strategy. However, these teams still have difficulty in addressing the increased level of risks posed by the continuous surge of Common Vulnerabilities and Exposures (CVEs) and other flaws.

Many security teams are frequently overwhelmed by the sheer volume of vulnerabilities with limited resources to manage them effectively. The sophistication and speed of threat actors has escalated, with attackers having more entry points and using new tactics, techniques and procedures to access other critical areas of the business - demonstrating that attacks are no longer linear but multifaceted.

It’s common for security teams to struggle with:

• Vulnerability overload - This long-standing problem keeps getting worse. Security teams are finding it more difficult than ever to sift through the avalanche of CVEs and identify the areas of the business that have the most risk.
   
•  Lack of exposure context for prioritization - Your teams are making decisions while missing layers of context. Threat intelligence and vulnerability severity are a great start, but limiting yourself to them doesn’t give you the full context you need to prioritize properly. 
   
• Slow remediation response - Both proactive and reactive security teams devote massive amounts of time to responding to critical vulnerabilities. Resources are spread thin, making it more important than ever for teams to confidently identify the most high risk exposures when recommending remediation efforts.

Need to shift from a vulnerability to an exposure mindset

Knowing the struggles that you are dealing with today can help illuminate the benefits of exposure management. The missing links between a vulnerability and an exposure are the additional layers of context. Having multidimensional context enables you to understand not just the vulnerabilities themselves but their potential impact within the broader attack surface. This approach provides a more comprehensive view of an organization's security posture by considering factors such as threat intelligence, asset criticality, identities and access, as well as other pieces of context. With this additional information, you spend significantly less time sorting through stacks of similar vulnerabilities and you can be more focused on identifying key issues that pose risk - exposures.

For those who have never heard of exposure management or are just getting started, there are many benefits to this discipline. When it comes to Tenable’s approach, we adopt that same mentality with our exposure management platform. The goal is simple: exposure management empowers organizations to prioritize remediation efforts more effectively. It surfaces information that helps develop strategies to address not only the vulnerabilities themselves but the emergence of exposures that could lead to significant breaches.

The jump from vulnerability to exposure

Bridging the gap from vulnerability management to exposure management requires connecting context across the entire attack surface. Vulnerability management provides context that predicts the likelihood of an attack and displays key drivers, age of vulnerability and threat sources. These attributes are helpful, but we can go much further to improve our prioritization effectiveness. This requires having broader visibility and deeper insights across the attack surface to understand the bigger picture of exposures.

Specifically, security teams need additional context around:

• Asset context - There are many levels to an asset that can help drive prioritization decisions. It’s key to understand the criticality of an asset related to its type, function, owner name and its relationships to other assets. Even knowing if the asset is accessible from the internet or not will shape how its remediation is prioritized.
   
• Identities - Identities serve as the cornerstone for successful attacks, so it’s key to contextualize them for exposure management. Understanding user-privilege levels, entitlements and user information can help prevent attackers from gaining privilege escalation and moving laterally. Focusing prioritization efforts on vulnerable assets with domain and admin-level privileges is a critical best practice in order to reduce the likelihood of a breach.
   
• Threat context - Having various levels of threat context is also important to prioritize exposures. We know that threats change over time, so leveraging dynamic scoring like VPR or Asset Exposure Score (AES) can show indicators of risk. We can also bring in context from attack path modeling to influence remediation decisions based on the attacker’s perspective by understanding the number of critical attack paths or choke points in your environment.

When security analysts have this additional information, they can now truly understand the breadth and depth of the exposure. This is how prioritization is done in this new world of exposure management.

Introducing Exposure Signals

To help make it easier for you to shift to this exposure management mindset, we have developed a new prioritization capability called Exposure Signals. Available in Tenable One, Tenable’s exposure management platform, Exposure Signals allows security teams to have more comprehensive context in a centralized place for a focused view of risk. 

There are two ways to use these new Exposure Signals. The first is to access a comprehensive library of high-risk, prebuilt signals. Easy to refer to, they signal potential risk in your environment and create a great starting point for you to get your exposure management juices flowing. For example, you can easily see and refer to: 

• Domain admin group on internet-exposed hosts with critical vulnerabilities
• Devices exposed to the internet via RDP with an associated identity account with a compromised password
• Cloud assets with critical severity findings and asset exposure score above 700

Exposure Signals allow you to track the number of violations that signal high-risk scenarios in your environment. View this list on a regular basis to see how it changes over time with its unique trendline. Take exploration into your own hands by viewing the impacted asset and its contextual intelligence in our Inventory Module. 

The second way to use Exposure Signals is by creating your own signals using a query builder or natural language processing (NLP) search powered by ExposureAI. That way, you can go as broad or as precise as needed. For example, let’s say there is a new zero day vulnerability that sweeps the industry, similar to Log4Shell. You can easily create a signal to target which assets have the vulnerability, are internet facing and have domain admin-level privileges. We are stringing these components together so that you can understand your true risk and better direct your prioritization efforts.

To learn more about Tenable One and Exposure Signals, check out our interactive demo:

In 2021, General Secretary Xi Jinping solemnly declared that China's poverty alleviation battle has achieved a comprehensive victory. However, there is still a long way to go to solve the problem of unbalanced and insufficient development, narrow the development gap between urban and rural areas, and achieve comprehensive human development and common prosperity for all people.

TORONTO – The Canadian Securities Administrators (CSA), the Canadian Investment Regulatory Organization (CIRO), and the Ombudsman for Banking Services and Investments (OBSI) remind investors that they all offer investors services related to claims or complaints free of charge.

Ethiopia possesses abundant water resources and hydropower potential, yet less than 5 percent of irrigable land in the Blue Nile basin has been developed for food production, and more than 80 percent of Ethiopians lack access to electricity. Consequently, the Ethiopian government is pursuing plans to develop hydropower and irrigation along the Blue Nile River in an effort to tap into this underused potential.

Tenable®, the exposure management company, today announced that it has been ranked first for 2023 worldwide market share for device vulnerability management in the IDC Worldwide Device Vulnerability Management Market Shares (doc #US51417424, July 2024) report. This is the sixth consecutive year Tenable has been ranked first for market share.

According to the IDC market share report, Tenable is ranked first in global 2023 market share and revenue. Tenable credits its success to its strategic approach to risk management, which includes a suite of industry-leading exposure management solutions that expose and close security gaps, safeguarding business value, reputation and trust. The Tenable One Exposure Management Platform, the world’s only AI-powered exposure management platform, radically unifies security visibility, insight and action across the modern attack surface – IT, cloud, OT and IoT, web apps and identity systems.

According to the IDC market share report, “The top 3 device vulnerability management vendors remained the same in 2023 as previous years, with Tenable once again being the top vendor.”

The report highlighted Tenable’s use of generative AI, noting, “ExposureAI, available as part of the Tenable One platform, provides GenAI-based capabilities that include natural language search queries, attack path and asset exposure summaries, mitigation guidance suggestions, and a bot assistant to ask specific questions about attack path results.”

Tenable’s latest innovations in the vulnerability management market – Vulnerability Intelligence and Exposure Response – were also highlighted in the report, stating, “Vulnerability Intelligence provides dynamic vulnerability information collected from multiple data sources and vetted by Tenable researchers, while Exposure Response enables security teams to create campaigns based on risk posture trends so remediation progress can be monitored internally.”

The report also spotlighted the Tenable Assure Partner Program and MDR partnerships, noting, “Tenable has made more of a strategic effort to recruit managed security service providers (SPs) and improve the onboarding experience for them, as well as their customers. Managed detection and response (MDR) providers have been adding proactive exposure management because it helps shrink the customer attack surface, helping them provide better outcomes. Sophos and Coalfire are recently announced partners adding managed exposure management services to their MDR and pen testing services, respectively.”

“At Tenable, we build products for a cloud-first, platform centric world, meeting customers' evolving risk management needs,” said Shai Morag, chief product officer, Tenable. “We leverage cutting edge technology, innovating across our portfolio to help customers know, expose and close priority security gaps that put businesses at risk.” 

"The device vulnerability management market is characterized by a focus on broader exposure management, with a number of acquisitions to round out exposure management portfolios," said Michelle Abraham, senior research director, Security and Trust at IDC. "Vendors are advised to enhance their offerings with additional security signals and automated remediation workflows to stay competitive in this evolving landscape."

To read an excerpt of the IDC market share report, visit https://www.tenable.com/analyst-research/idc-worldwide-device-vulnerability-management-market-share-report-2023 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced new data security posture management (DSPM) and artificial intelligence security posture management (AI-SPM) capabilities for Tenable Cloud Security, the actionable cloud security solution. By extending exposure management capabilities to cloud data and AI resources, Tenable Cloud Security reduces risk to two of the biggest emerging threats.

Today’s cloud environments are more complex than ever. The challenge of managing this complexity has led to preventable security gaps caused by misconfigurations, risky entitlements and vulnerabilities, leaving sensitive data and AI resources vulnerable. In fact, Tenable Research found that 38% of organizations are battling a toxic cloud trilogy – cloud workloads that are publicly exposed, critically vulnerable and highly privileged. 

Tenable Cloud Security exposes risk from across hybrid and multi-cloud environments, including vulnerabilities, misconfigurations and excess privilege, that affects data and AI resources. Integrating DSPM and AI-SPM into Tenable Cloud Security enables users to automatically discover, classify and analyze sensitive data risk with flexible, agentless scanning. With Tenable Cloud Security’s intuitive user interface, security leaders can easily answer tough questions – such as “What type of data do I have in the cloud and where is it located?,” “What AI resources are vulnerable and how do I remediate the issue?” and “Who has access to my sensitive cloud and AI data?”

“Data is constantly on the move and new uses for data in today’s AI-driven world have created new risks,” said Liat Hayun, vice president of product management for Tenable Cloud Security. “DSPM and AI-SPM capabilities from Tenable Cloud Security bring context into complex risk relationships, so teams can prioritize threats based on the data involved. This gives customers the confidence to unlock the full potential of their data without compromising security.”

“The importance of cloud data has made communicating data exposure risk one of the biggest security challenges for CISOs,” said Philip Bues, senior research manager, Cloud Security at IDC. “Tenable is at the forefront of this emerging DSPM-CNAPP conversation, enabling customers to contextualize and prioritize data risk and communicate it, which is pertinent to almost every domain in CNAPP.”

AI-SPM features enable customers to confidently forge ahead with AI adoption by enforcing AI and machine learning configuration best practices and securing training data. With the combined power of AI-SPM and Tenable Cloud Security’s market-leading cloud infrastructure entitlement management (CIEM) and Cloud Workload Protection (CWP) capabilities, customers can manage AI entitlements, reduce exposure risk of AI resources, and safeguard critical AI and machine learning training data to ensure data integrity. 

Available to all Tenable Cloud Security and Tenable One customers, these new features enable customers to:

• Gain complete visibility and understanding of cloud and AI data - Tenable Cloud Security continuously monitors multi-cloud environments to discover and classify data types, assign sensitivity levels and prioritize data risk findings in the context of the entire cloud attack surface. 
• Effectively prioritize and remediate cloud risk - Backed by vulnerability intelligence from Tenable Research, context-driven analytics provides security teams with prioritized and actionable remediation guidance to remediate the most threatening cloud exposures.
• Proactively identify cloud and AI data exposure - Unique identity and access insights enable security teams to reduce data exposure in multi-cloud environments and AI resources by monitoring how data is being accessed and used and detect anomalous activity. 

Join the upcoming Tenable webinar, “Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?” on October 22, 2024 at 10 am BST and 11 am ET, by registering here. 

Read today’s blog post, “Harden your cloud security posture by protecting your cloud data and AI resources” here. 

With a Net Promoter Score of 73, Tenable Cloud Security helps customers around the world expose and close priority threats. More information about DSPM and AI-SPM capabilities available in Tenable Cloud Security is available at: https://www.tenable.com/announcements/dspm-ai-spm

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

HeadnotePursuant to National Policy 11-203 Process for Exemptive Relief Applications in Multiple Jurisdictions -- Relief from the prohibition on the use of corporate officer titles by certain registered individuals in respect of institutional clients -- Relief does not extend to interact

HeadnoteNational Policy 11-203 Process for Exemptive Relief Applications in Multiple Jurisdictions -- Exemption granted to existing and future alternative investment funds from the margin deposit limits in subsection 6.8(1) and paragraph 6.8(2)(c) of NI 81-102 to permit each fund to depo

HeadnoteNational Policy 11-203 -- Process for Exemptive Relief Applications in Multiple Jurisdictions -- Relief granted from NI 41-101 to funds offering exchange-traded and conventional mutual fund series under a single simplified prospectus -- subject to conditions -- Technical relief g

Toronto, ON – With the pace of change in healthcare and the life sciences sector accelerating at unprecedented rates, a new Executive MBA program from the University of Toronto’s Rotman School of Management aims to prepare working professionals in the sector to lead their organizations, businesses and health systems. The Global Executive MBA in Healthcare & […]

Toronto, ON – Current faculty members and a former doctoral student from the areas of accounting, organizational behaviour and strategic management have received awards for their research papers from academic associations and publications. A paper published in Administrative Science Quarterly was honoured with two top awards last month. Whitened Résumés: Race and Self-Presentation in the Labor […]

Toronto, ON – Mikhail (Mike) Simutin, an associate professor of finance at the University of Toronto’s Rotman School of Management, has been appointed the associate director of research for the International Centre for Pension Management (ICPM). In the new role he will drive ICPM’s research initiatives and strengthen the organization’s position as a global pension […]

Toronto, ON – A professor at the University of Toronto’s Rotman School of Management who has become known for his research and teaching on catastrophes and risk management has been named to the 2017 Thinkers50 Radar list of the 30 management thinkers in the world most likely to shape the future of how organizations are managed […]

Toronto, ON – The world’s preeminent trading competition for university students returns for its 14th year at the University of Toronto’s Rotman School of Management. The students, along with their faculty advisors, from 52 different universities which include teams from China, Iceland, India, and South Africa, will participate in the competition which takes place from February […]

Toronto, ON – Seven faculty members at the University of Toronto’s Rotman School of Management have received awards for achievements in research and teaching. Four faculty members were awarded with the 2016 Roger Martin Awards for Excellence in Research and Teaching. Established by Prof. Roger Martin, a former Dean of the Rotman School, the awards are […]

Toronto, ON – For the second year, a Joseph L. Rotman Scholarship has been awarded to an incoming student in the Full-Time MBA program at the University of Toronto’s Rotman School of Management. Heather Beatty is the recipient of the full tuition scholarship, which she received, based on the strength of her overall application to […]

Toronto, ON – Fare evaders are a problem faced by public transit systems in cities across the world. Evaders are willing to break the law and risk a significant penalty for the free ride. In Toronto, fare evasion is estimated to cost around $20 million a year in lost revenue. An event at the University […]

Toronto, ON – A new program at the University of Toronto’s Rotman School of Management aims to equip graduates with the skills to succeed in the field of management analytics. The Master of Management Analytics (MMA) is a rigorous nine-month program aimed at recent university graduates and provides students with advanced data management, analytical and […]

Toronto, ON – From Volkswagon to BP, from Blackberry to Bombardier, from United Airlines to Equifax, businesses — large and small — face threats to their survival. These worries keep corporate leaders awake and night. Is there anything businesses can do about it? This question and more is answered in new book, Survive and Thrive: […]

Toronto, ON – A new chair has been established in honour of William Downe, a graduate of the MBA program at the University of Toronto’s Rotman School of Management. The chair was announced at the Rotman Alumni Awards Dinner on October 18 where Downe received a Lifetime Achievement Award. Downe is the former Chief Executive Officer […]

Toronto, ON – A professor and former Dean of the University of Toronto’s Rotman School of Management was named as the number one management thinker in the world by Thinkers50, the premier ranking of global business thinkers. Prof. Roger Martin, the former Dean of the Rotman School from 1998 to 2012, received the honour during […]

Toronto, ON – A new partnership has been launched at the University of Toronto’s Rotman School of Management to promote and develop initiatives for students and faculty in the area of financial innovation across all of the school’s programs. The Rotman Financial Innovation Hub in Advanced Analytics (Rotman FinHub) will create new classes and learning […]

Since they have achieved this cyber security status, EPM are currently ahead of the industry. Less than 30% of companies are where they need to be with cyber security compliance, according to their auditor.

In March 2013, Lululemon, a billion-dollar Canadian athletic apparel company, made headlines after the media got wind of an unusual story. The Vancouver-based company recalled its popular black yoga pants after customers complained that the active wear was too sheer.

Though FaciliWorks CMMS is already used by hundreds of Mexican companies, there is still an enormous number of potential clients who are in need of a system like FaciliWorks.

Machine vision projects often face challenges such as slow progress, difficulty in getting quotes, cost overruns, and unreliable operation. These issues require recognizing and adapting to the unique nature of machine vision projects compared to other types of projects.

To help quality professionals understand how their processes and approaches compare to those of other companies and the future outlook, ENGINE interviewed quality and environmental health and safety (EHS) professionals to develop the present "2021 Quality Management Trends Report," commissioned by Veeva.

A paper released by the U.S. Energy Information Administration (EIA) addresses the importance of renewable energy in mitigating climate change and the challenges posed by the global energy crisis. It emphasizes the need to improve energy efficiency in response to increased energy consumption worldwide.

A quality management system program ensures that products and services meet predefined standards, customer expectations, and company-wide benchmarks. One key principle is "first time right," addressing errors immediately at every step.

QT9 Software launched QT9 QMS Version 16.0, adding two new modules and numerous improvements to its quality management software (QMS).

Don't cut corners on color-matching tools. Professional equipment has advantages that imitations can't match. Learn more in this article.

How is the ISO involved with Greenhouse Gasses (GHG)? Over the past 20 years or so, ISO has released a number of standards around GHG.

In today's competitive industrial landscape, adhering to quality management certification and audit standards is vital for consistency and excellence, especially in sectors like aviation and defense. These standards drive improvement and build customer trust. Understanding the audit process is crucial, as preparation varies by audit type, enabling organizations to effectively meet auditors' expectations.

In our ever-changing world of global business, quality is a cornerstone of success. Organizations striving for excellence cannot afford to overlook Total Quality Management (TQM), a management philosophy centered on the continuous improvement of processes, products, and services through the involvement of all employees. 

A bad boss creates more bad bosses.

Getting authority is easier than keeping it.

We explore two critical applications of AI and ML in quality management: predictive quality analytics and automated quality inspections.

Manufacturers thrive in a competitive market by prioritizing customer needs: price, quality, and delivery. However, long-term success hinges on quality, which ensures products perform as expected from manufacturing through to post-sale. While price is influenced by costs and market dynamics, and delivery by productivity, quality is key to building trust and customer loyalty.

The automotive industry is innovating to produce safer and more efficient vehicles. Quality standards are vital, as small defects can lead to serious safety issues. Digital twins and augmented reality (AR) are transforming quality management. This article explores their impact and associated challenges.

Automation requires precise data and careful attention to uncertainty, especially in longer processes with less human involvement, according to Chris Gordon from Optronic Laboratories.

With the ongoing HFC phasedown, strong refrigerant management strategies are crucial to ensuring compliance, environmental responsibility, and business growth.

This service reduces fleet downtime due to roadside emergencies or inconveniences like dead batteries, empty fuel tanks, flat tires, etc.

This product provides central management on one platform for both employees and owners.

GPS Insight, a provider of fleet software for organizations, announced the acquisition of ServiceBridge.

Here are managerial strategies that contractors can incorporate to improve driver safety and management during the winter season.

Since the COVID-19 pandemic struck nearly three years ago, automobile manufacturers have had trouble getting many of the parts — computer chips especially — required to assemble the vans and trucks that field-service businesses use daily.

Heat-only, direct-fired, and indirect-fired makeup air units have been added to the company’s product line.