Sophia Antipolis, 11 July 2023

ETSI is pleased to announce three new Reports developed by its Securing AI group (ISG SAI). They address explicability and transparency of AI processing and provide an AI computing platform security framework. The last Report is a multi-partner Proofs of Concepts framework.

Read More...

Sophia Antipolis, 28 August 2023

ETSI is pleased to announce the completion of its Release 2 specifications on Fifth Generation Fixed Network (F5G). Building upon the accomplishments of Release 1, the ETSI F5G group has introduced an array of additional features that bring fiber fixed networks into the next level.

Read More...

BILBAO, Spain—Open Source Summit Europe, 19 September 2023

The Linux Foundation, the nonprofit organization focused on fostering innovation through open source, and ETSI, the independent organization providing global standards for ICT services across all sectors of industry, today announced expanded collaboration. While the two organizations have been working together for years, the 2019 formal Memorandum of Understanding (MOU)  recently has been updated and expanded.

Read More...

Sophia Antipolis, 27 September 2023

The Telecom Infra Project (TIP) Open Optical & Packet Transport (OOPT) group is making significant strides in advancing network management and interoperability.

Read More...

Sophia Antipolis, 19 October 2023

ETSI’s well-known Security Conference came to a close today with nearly 250 onsite attendees from 29 countries. This year’s event focused on security research and global security standards in action, considering broader aspects such as attracting the next generation of cybersecurity standardization professionals and supporting SMEs.

Read More...

Sophia Antipolis, 30 April 2024

The ETSI TeraFlowSDN community is proud to announce the third release of TeraFlowSDN, an innovative and robust SDN orchestrator and controller, delivering a fully featured Network Automation Platform. In this latest release, TeraFlowSDN enhances its capabilities with the integration of an Optical SDN controller, expanding device support to include gNMI and OpenConfig protocols. It also features enriched network integrations for end-to-end orchestration like IP over DWDM, L3VPN, MEC, and network topology exposure. The management of network topologies is improved with the addition of a new BGP-LS speaker able to discover the topologies, and a new Forecaster component is introduced, providing predictive insights for network management. These additions substantially augment the versatility and management capabilities of the TeraFlowSDN platform.

Read More...

Sophia Antipolis, 4 September 2024

The ETSI Open Source MANO community is proud to announce OSM Release SIXTEEN, a Long-Term-Support (LTS) release of ETSI OSM, which becomes the most innovative and feature-packed release shipped by OSM to date.

This release brings a revolution in OSM’s functionality, positioning OSM as a generalized cloud-native orchestrator for infrastructure, platforms and services, which extends significantly its former scope. Full cloud-native management of Kubernetes clusters in public clouds, together with the applications or software units running on them, is now possible with Release SIXTEEN. Every operation related to the cluster management (creation, upgrading, scaling, deletion) or the applications running on them is reflected in Git repositories, following the GitOps model. This has been possible thanks to a major change in the internal architecture of OSM.

Read More...

Sophia Antipolis, 30 September 2024

Direct communications between vehicles, pedestrians and infrastructure based on 3GPP and ETSI TC ITS standards have been tested during the 4th C-V2X Plugtests™ interoperability event in Malaga, Spain, hosted by DEKRA (September 10- 13, 2024).

In partnership with 5GAA, this Cellular Vehicle-to-Everything (C-V2X) and ITS technologies event attracted the participation of 24 companies and 82 experts – both onsite and via remote connections – with 94% of the planned tests, based on over 60 test scenarios, successfully completed.

Read More...

Starts: Wed, 13 Nov 2024 19:00:00 -0500
11/13/2024 05:30:00PM
Location: Ottawa, Canada

Starts: Thu, 14 Nov 2024 20:00:00 -0500
11/14/2024 06:00:00PM
Location: montreal, Canada

Starts: Fri, 22 Nov 2024 19:00:00 -0500
11/22/2024 05:00:00PM
Location: Montreal, Canada

This document is only available in PDF format.

This document is only available as a PDF.

It ain’t a party if you can’t join us Towards the end of April, SpotOn

Vulnerability management remains a cornerstone of preventive cybersecurity, but organizations still struggle with vulnerability overload and sophisticated threats. Tenable’s new Exposure Signals gives security teams comprehensive context, so they can shift from vulnerability management to exposure management and effectively prioritize high-risk exposures across their complex attack surface.

A critical vulnerability has been disclosed and attackers worldwide are actively exploiting it in the wild. Your vulnerability management team jumps into action and determines that the vulnerability is present in hundreds of your organization’s assets. Which ones do you patch first? How do you prioritize your remediation efforts? What criteria do you use? The clock is ticking. Hackers are on the prowl.

Historically, your vulnerability management team would rely on severity scores like Vulnerability Priority Rating (VPR). This is a great start, but only gives you one indicator of risk. To prioritize remediation precisely and effectively, you need to consider a variety of other criteria, such as a vulnerable asset’s type, owner, and function; the access-level and privileges on the asset; and critical attack paths into your environment.

This type of comprehensive, holistic context will let you prioritize correctly, but it can only be achieved with a different approach that goes beyond traditional vulnerability management. That approach is exposure management. 

With exposure management, your vulnerability management team would be able to pinpoint the subset of assets affected by our hypothetical vulnerability that, for example, are externally accessible, possess domain-level privileges and are part of a critical attack path. That way they would know where the greatest risk is and what they need to remediate first. Having this deep insight, context and visibility transforms the risk assessment equation, and allows your vulnerability management team to move decisively, quickly and strategically.

In this blog, we’ll outline why it’s imperative for your vulnerability management teams to shift to an exposure management mindset, and we’ll explain how Tenable can help them do it.

To pinpoint riskiest vulns, vulnerability management needs broader exposure context 

In today's evolving cybersecurity landscape, vulnerability management remains one of the foundational pieces of an organization's proactive defense strategy. However, these teams still have difficulty in addressing the increased level of risks posed by the continuous surge of Common Vulnerabilities and Exposures (CVEs) and other flaws.

Many security teams are frequently overwhelmed by the sheer volume of vulnerabilities with limited resources to manage them effectively. The sophistication and speed of threat actors has escalated, with attackers having more entry points and using new tactics, techniques and procedures to access other critical areas of the business - demonstrating that attacks are no longer linear but multifaceted.

It’s common for security teams to struggle with:

• Vulnerability overload - This long-standing problem keeps getting worse. Security teams are finding it more difficult than ever to sift through the avalanche of CVEs and identify the areas of the business that have the most risk.
   
•  Lack of exposure context for prioritization - Your teams are making decisions while missing layers of context. Threat intelligence and vulnerability severity are a great start, but limiting yourself to them doesn’t give you the full context you need to prioritize properly. 
   
• Slow remediation response - Both proactive and reactive security teams devote massive amounts of time to responding to critical vulnerabilities. Resources are spread thin, making it more important than ever for teams to confidently identify the most high risk exposures when recommending remediation efforts.

Need to shift from a vulnerability to an exposure mindset

Knowing the struggles that you are dealing with today can help illuminate the benefits of exposure management. The missing links between a vulnerability and an exposure are the additional layers of context. Having multidimensional context enables you to understand not just the vulnerabilities themselves but their potential impact within the broader attack surface. This approach provides a more comprehensive view of an organization's security posture by considering factors such as threat intelligence, asset criticality, identities and access, as well as other pieces of context. With this additional information, you spend significantly less time sorting through stacks of similar vulnerabilities and you can be more focused on identifying key issues that pose risk - exposures.

For those who have never heard of exposure management or are just getting started, there are many benefits to this discipline. When it comes to Tenable’s approach, we adopt that same mentality with our exposure management platform. The goal is simple: exposure management empowers organizations to prioritize remediation efforts more effectively. It surfaces information that helps develop strategies to address not only the vulnerabilities themselves but the emergence of exposures that could lead to significant breaches.

The jump from vulnerability to exposure

Bridging the gap from vulnerability management to exposure management requires connecting context across the entire attack surface. Vulnerability management provides context that predicts the likelihood of an attack and displays key drivers, age of vulnerability and threat sources. These attributes are helpful, but we can go much further to improve our prioritization effectiveness. This requires having broader visibility and deeper insights across the attack surface to understand the bigger picture of exposures.

Specifically, security teams need additional context around:

• Asset context - There are many levels to an asset that can help drive prioritization decisions. It’s key to understand the criticality of an asset related to its type, function, owner name and its relationships to other assets. Even knowing if the asset is accessible from the internet or not will shape how its remediation is prioritized.
   
• Identities - Identities serve as the cornerstone for successful attacks, so it’s key to contextualize them for exposure management. Understanding user-privilege levels, entitlements and user information can help prevent attackers from gaining privilege escalation and moving laterally. Focusing prioritization efforts on vulnerable assets with domain and admin-level privileges is a critical best practice in order to reduce the likelihood of a breach.
   
• Threat context - Having various levels of threat context is also important to prioritize exposures. We know that threats change over time, so leveraging dynamic scoring like VPR or Asset Exposure Score (AES) can show indicators of risk. We can also bring in context from attack path modeling to influence remediation decisions based on the attacker’s perspective by understanding the number of critical attack paths or choke points in your environment.

When security analysts have this additional information, they can now truly understand the breadth and depth of the exposure. This is how prioritization is done in this new world of exposure management.

Introducing Exposure Signals

To help make it easier for you to shift to this exposure management mindset, we have developed a new prioritization capability called Exposure Signals. Available in Tenable One, Tenable’s exposure management platform, Exposure Signals allows security teams to have more comprehensive context in a centralized place for a focused view of risk. 

There are two ways to use these new Exposure Signals. The first is to access a comprehensive library of high-risk, prebuilt signals. Easy to refer to, they signal potential risk in your environment and create a great starting point for you to get your exposure management juices flowing. For example, you can easily see and refer to: 

• Domain admin group on internet-exposed hosts with critical vulnerabilities
• Devices exposed to the internet via RDP with an associated identity account with a compromised password
• Cloud assets with critical severity findings and asset exposure score above 700

Exposure Signals allow you to track the number of violations that signal high-risk scenarios in your environment. View this list on a regular basis to see how it changes over time with its unique trendline. Take exploration into your own hands by viewing the impacted asset and its contextual intelligence in our Inventory Module. 

The second way to use Exposure Signals is by creating your own signals using a query builder or natural language processing (NLP) search powered by ExposureAI. That way, you can go as broad or as precise as needed. For example, let’s say there is a new zero day vulnerability that sweeps the industry, similar to Log4Shell. You can easily create a signal to target which assets have the vulnerability, are internet facing and have domain admin-level privileges. We are stringing these components together so that you can understand your true risk and better direct your prioritization efforts.

To learn more about Tenable One and Exposure Signals, check out our interactive demo:

TORONTO – Participating Canadian securities regulators today published the results of their 10th consecutive annual review of disclosures relating to women on boards and in executive officer positions, as well as the underlying data that was used to prepare the report.

TORONTO – The Canadian Securities Administrators (CSA) today published

#solo12fraud

"Set in the years leading up the Hugo and Nebula Award-winning Dune— 'Dume: House Atreides transports readers to the far future on the desert planet Arrakis where Pardot Kynes seeks its secrets. Meanwhile, a violent coup is planned by the son of Emperor Elrood; an eight-year-old slave Duncan Idaho seeks to escape his cruel masters; and a young man named Leto Atreides begins a fateful journey. These unlikely souls are drawn together first as renegades and then as something more, as they discover their true fate— to change the very shape of history!" -- Description provided by publisher.

Since the 18th National Congress of the Communist Party of China, China’s economicdevelopment has entered a new stage. Under the circumstances, the goal of “Common Prosperity” has attracted more and more attention over the past several years. China’s long-term implementation of urban-biased policies led to a huge gap between urban and rural areas for a long time and hindered the realization of common prosperity.

#1 New York Times bestselling author Sandra Brown weaves a tale of murder, passion, and intrigue in the pristine corridors of the White House. Barrie Travis is not famous: she's just a damn good reporter stuck at a low-budget television station. Then, her old friend and now First Lady calls her to investigate the supposed SIDS death of her baby. Stunned by grief after the loss of her infant son, the President's wife hints that her child may have murdered. Blind to everything but finding the truth, Barrie delves into the private lives of the president and his wife and uncovers dark and terrible secrets that will test her ethics, her patriotism, and her courage. With the help of Gray Bondurant, a mysterious former presidential aide, this story could topple the presidency and change the course of history. In this fast-moving political thriller, Barrie must fight powerful forces that want nothing more than to see the scandalous past-and a certain young reporter-dead and buried.

Modern ideas get tangled up with traditional ones in the latest intriguing installment in the beloved, best-selling No. 1 Ladies' Detective Agency series. Precious Ramotswe has taken on two puzzling cases. First she is approached by the lawyer Mma Sheba, who is the executor of a deceased farmer's estate. Mma Sheba has a feeling that the young man who has stepped forward may be falsely impersonating the farmer's nephew in order to claim his inheritance. Mma Ramotswe agrees to visit the farm and find out what she can about the self-professed nephew. Then the proprietor of the Minor Adjustment Beauty Salon comes to Mma Ramotswe for advice. The opening of her new salon has been shadowed by misfortune. Not only has she received a bad omen in the mail, but rumors are swirling that the salon is using dangerous products that burn people's skin. Could someone be trying to put the salon out of business? Meanwhile, at the office, Mma Ramotswe has noticed something different about Grace Makutsi lately. Though Mma Makutsi has mentioned nothing, it has become clear that she is pregnant . . . But in Botswana-a land where family has always been held above all else-this may be cause for controversy as well as celebration. With genuine warmth, sympathy, and wit, Alexander McCall Smith explores some tough questions about married life, parenthood, grief, and the importance of the traditions that shape and guide our lives. This is the fourteenth installment in the series. This ebook edition includes a Reading Group Guide.

Find out what happened after the conclusion of the #1 New York Times bestselling Sookie Stackhouse series. Dead Ever After marked the end of the Sookie Stackhouse series-novels that garnered millions of fans and spawned the hit HBO television show True Blood. It also stoked a hunger that will never die...a hunger to know what happened next. With characters arranged alphabetically-from the Ancient Pythoness to Bethany Zanelli-bestselling author Charlaine Harris takes fans into the future of their favorite residents of Bon Temps and environs. You'll learn how Michele and Jason's marriage fared, what happened to Sookie's cousin Hunter, and whether Tara and JB's twins grew up to be solid citizens. This coda provides the answers to your lingering questions-including details of Sookie's own happily-ever-after...

Harlan Coben explores the dangers of obsession in this #1 New York Times bestselling masterpiece of modern suspense. Six years have passed since Jake Fisher watched Natalie, the love of his life, marry another man. Six years of hiding a broken heart by throwing himself into his career as a college professor. Six years of keeping his promise to leave Natalie alone, and six years of tortured dreams of her life with her new husband, Todd. But six years haven't come close to extinguishing his feelings, and when Jake comes across Todd's obituary, he can't keep himself away from the funeral. There he gets the glimpse of Todd's wife he's hoping for...but she is not Natalie. As Jake searches for the truth, his picture-perfect memories of Natalie begin to unravel. Mutual friends of the couple either can't be found, or don't remember Jake. No one has seen Natalie in years. And soon, Jake's search for the woman who broke his heart puts his very life at risk as he uncovers the secrets and lies that love can hide...

TORONTO – The Ontario Securities Commission (OSC) is warning the public about aggressive promotion of Crestview Exploration Inc.

TORONTO – The Ontario Securities Commission (OSC) is warning Ontario investors that FX Bit Pro and BitFxProSignals are not registered to deal or advise in securities in Ontario.

Citation Marivoet, Wim; and Hema, Aboubacar. 2024. How did households in Mali cope with covariate shocks between 2018 and 2023? Source: IFPRI Africa Regional Office (AFR)

Using a representative sample of irrigation schemes, the study documents the physical, knowledge, and governance infrastructures of irrigation schemes in Ethiopia’s most intensively used river basin, the Awash. The findings show that about 20 percent of the equipped area of irrigation schemes in the basin is not being irrigated, while the number of actual beneficiaries […] Source: IFPRI Ethiopia: Ethiopia Strategy Support Program

The 2022 Ethiopia Social Accounting Matrix (SAM) follows IFPRI's Standard Nexus SAM approach, by focusing on consistency, comparability, and transparency of data. The Nexus SAMs available on IFPRI's website separates domestic production into 42 activities. Factors are disaggregated into labor, agricultural land, and capital, with labor further disaggregated across three education-based categories. The household account […] Source: IFPRI Ethiopia: Ethiopia Strategy Support Program

Targeting is an important but challenging process in the design and delivery of social and humanitarian assistance programs. Community-based targeting (CBT) approaches are often preferred for their local information advantages, especially when data-driven methods are not feasible. However, how different variants of CBT approaches fare under various constraints and environments remains unclear. For example, it […] Source: IFPRI Ethiopia: Ethiopia Strategy Support Program

Este documento es parte de una consultoría del IFPRI con el Banco Mundial para apoyar al gobierno de Argentina, y en particular al Ministerio de Agricultura, Ganadería y Pesca (MAGyP), en el análisis de los derechos o impuestos de exportación (DEXs), llamados también retenciones en la Argentina. Este es un tema con importantes implicaciones políticas, económicas y sociales.

"This riveting story set in the future pits the old guard— Superman, Batman, Wonder Woman and their peers, against a new, uncompromising generation of heroes in the final war to determine the fate of the planet." -- Description provided by publisher.

On the very day of his wedding to the beautiful Mercedes, a young merchant sailor named Edmond Dantès is falsely imprisoned for life, laying to waste his plans of marriage and hard-earned fortune. Following several long years in prison he has managed to escape and reinvent himself as the mysterious Count of Monte Cristo. It is the reign of Napoleon Bonaparte and the Count has been plotting his revenge on the three men who had him falsely imprisoned. With a new identity, an incredible education abroad and a vast fortune, he has returned completely unrecognizable to those who had committed their crimes against him.

"Giant, sprawling future Gotham City is under martial law, protected and regulated by a private security force led by the infamous Peacekeepers. Their mandate is to maintain the safety of the citizens of Gotham, regardless of any Constitutional rights, and to hunt down, incarcerate, or kill all masked vigilantes, villains, and criminals in the city limits. It's a dangerous and violent look at a possible future Gotham City and the heroes and villains who live there!" -- Provided by publisher.

"Jim Panzee is out for his usual Wednesday walk when he accidentally squishes his stress orange into orange juice. He and his friends must cross the jungle before all of the fresh oranges are gone." -- Provided by publisher.

"'Remember the Alamo!' That rallying cry has been a part of Texas lore for generations. But what, exactly, should we remember? Who were the ragtag group of adventurers behind the famous slogan, and how did they end up barricaded in a fort against a Mexican army? Who survived, who died, and how? This sixth book in the bestselling Hazardous Tales series tracks the Lone Star State's bloody fight for independence from the Mexican government. It features the exploits of the notorious Jim Bowie, as well as Stephen Austin, Davy Crockett, and other settlers and soldiers who made the wild frontier of Texas their home— until the bitter end. Nathan Hale's Hazardous Tales are graphic novels that tell the thrilling, shocking, gruesome, and TRUE stories of American history. Read them all— if you dare!" -- Description provided by publisher.

The Donner Party expedition is one of the most notorious stories in all of American history. It's also a fascinating snapshot of the westward expansion of the United States, and the families and individuals who sacrificed so much to build new lives in a largely unknown landscape. From the preparation for the journey to each disastrous leg of the trip, this book shows the specific bad decisions that led to the party's predicament in the Sierra Nevada Mountains. The graphic novel focuses on the struggles of the Reed family to tell the true story of the catastrophic journey.

"Magic turned Aster's life upside-down— and it's not over! Get ready for more family, more fun, and even more magic in this graphic novel adventure. Moving to the middle of nowhere has been less of a disaster than Aster expected. Her mom's science experiments are actually pretty cool; her dad's cooking has gotten much better; her new dog is possibly the best canine companion anyone could ask for. And she's gotten to save the day— and her family— and the whole valley she lives in— from various magical calamities in what even she has to admit were extremely fun adventures. So now she can have a break, right? Guess what? Oh no; things get even more interesting." -- Description provided by publisher.

"A fascinating and entertaining biography of Alexander Hamilton, in graphic novel format. Alexander Hamilton: The Fighting Founding Father!tells the story of one of the most ambitious and controversial figures in American history in a graphic novel format. From a rough childhood on the Caribbean island of Nevis to the highest levels of American politics, Alexander Hamilton's life was filled with adventure, conflict, and controversy. Full-color illustrations and an entertaining narrative make this graphical biography of America's first Secretary of the Treasury accessible for readers of all ages." -- Provided by publisher.

This document is only available in PDF format.

Agricultural production remains the main source of livelihood for rural communities in Sub-Saharan Africa, providing employment to more than 60 percent of the population and contributing about 30 percent of gross domestic product. With likely long-term changes in rainfall patterns and shifting temperature zones, climate change is expected to significantly affect agricultural production, which could be detrimental to the region’s food security and economic growth.

Tenable®, the exposure management company, today announced new risk prioritization and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 – to help customers implement more effective prioritization for risk reduction and maintain compliance.

Due to evolving threats and expanding attack surfaces, organizations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems – EPSS and CVSS v4 – and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyzes Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.

“EPSS and CVSS are single variables in the risk equation – context around exposures delivers a deeper level of understanding around true risk,” said Shai Morag, chief product officer, Tenable. “Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimized Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritization strategies to address these critical few.”

Key features in this release include:

• EPSS and CVSS v4 Support enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritization strategy. This feature enables security teams to remain compliant with organizational policies that require the use of EPSS or CVSS as the primary scoring system.
• Nessus Offline Mode addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
• Declarative Agent Versioning On-Prem enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.

Learn more about vulnerability and risk scoring by checking out the Inaugural Study of EPSS Data and Performance developed by Cyentia Institute and the Forum of Incident Response and Security Teams (FIRST).

Join the upcoming Tenable webinar titled, From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurityon September 12, 2024 at 2:00 pm ET, by registering here.

Tenable Nessus is available as a standalone product and is included in Tenable Security Center and Tenable Vulnerability Management. More information on Tenable Nessus is available at: https://www.tenable.com/products/nessus

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organizations globally are leaving themselves exposed at the highest levels due to the “toxic cloud trilogy” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyber attackers.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. The Tenable Cloud Risk Report provides a deep dive into the most pressing cloud security issues observed in the first half of 2024, highlighting areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers and Kubernetes. It also offers mitigation guidance for organizations seeking ways to limit exposures in the cloud.

Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organizations have cloud workloads that meet all three of these toxic cloud trilogy criteria, representing a perfect storm of exposure for cyber attackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers, and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organization, with the 2024 average cost of a single data breach approaching $5 million.¹ 

Additional key findings from the report include: 

• 84% of organizations have risky access keys to cloud resources: The majority of organizations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk. 
• 23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions. 
• Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing. 
• 74% of organizations have publicly exposed storage: 74% of organizations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks. 
• 78% of organizations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organizations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from millions of cloud resources across multiple public cloud repositories, analyzed from January 1 through June 30, 2024.

To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024 

¹ IBM Security Cost of a Data Breach Report 2024

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Tenable®, the exposure management company, today announced that it has been ranked first for 2023 worldwide market share for device vulnerability management in the IDC Worldwide Device Vulnerability Management Market Shares (doc #US51417424, July 2024) report. This is the sixth consecutive year Tenable has been ranked first for market share.

According to the IDC market share report, Tenable is ranked first in global 2023 market share and revenue. Tenable credits its success to its strategic approach to risk management, which includes a suite of industry-leading exposure management solutions that expose and close security gaps, safeguarding business value, reputation and trust. The Tenable One Exposure Management Platform, the world’s only AI-powered exposure management platform, radically unifies security visibility, insight and action across the modern attack surface – IT, cloud, OT and IoT, web apps and identity systems.

According to the IDC market share report, “The top 3 device vulnerability management vendors remained the same in 2023 as previous years, with Tenable once again being the top vendor.”

The report highlighted Tenable’s use of generative AI, noting, “ExposureAI, available as part of the Tenable One platform, provides GenAI-based capabilities that include natural language search queries, attack path and asset exposure summaries, mitigation guidance suggestions, and a bot assistant to ask specific questions about attack path results.”

Tenable’s latest innovations in the vulnerability management market – Vulnerability Intelligence and Exposure Response – were also highlighted in the report, stating, “Vulnerability Intelligence provides dynamic vulnerability information collected from multiple data sources and vetted by Tenable researchers, while Exposure Response enables security teams to create campaigns based on risk posture trends so remediation progress can be monitored internally.”

The report also spotlighted the Tenable Assure Partner Program and MDR partnerships, noting, “Tenable has made more of a strategic effort to recruit managed security service providers (SPs) and improve the onboarding experience for them, as well as their customers. Managed detection and response (MDR) providers have been adding proactive exposure management because it helps shrink the customer attack surface, helping them provide better outcomes. Sophos and Coalfire are recently announced partners adding managed exposure management services to their MDR and pen testing services, respectively.”

“At Tenable, we build products for a cloud-first, platform centric world, meeting customers' evolving risk management needs,” said Shai Morag, chief product officer, Tenable. “We leverage cutting edge technology, innovating across our portfolio to help customers know, expose and close priority security gaps that put businesses at risk.” 

"The device vulnerability management market is characterized by a focus on broader exposure management, with a number of acquisitions to round out exposure management portfolios," said Michelle Abraham, senior research director, Security and Trust at IDC. "Vendors are advised to enhance their offerings with additional security signals and automated remediation workflows to stay competitive in this evolving landscape."

To read an excerpt of the IDC market share report, visit https://www.tenable.com/analyst-research/idc-worldwide-device-vulnerability-management-market-share-report-2023 

About Tenable

Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com. 

###

Media Contact:

Tenable

tenablepr@tenable.com

Punk rock zines inspire a feminist revolution at a small town Texan high school in the new novel from Jennifer Matheiu, author of The Truth About Alice. MOXIE GIRLS FIGHT BACK! Vivian Carter's mom was a Riot Grrrl in the 1990s, but now she and Viv live a pretty quiet life in a small Texas town. When Viv witnesses a series of sexist incidents at her high school, she takes a page from her mom's past and makes a feminist zine that she distributes anonymously to her classmates. Viv is just blowing off steam, but before she knows it, she's started a revolution. The latest novel from Jennifer Mathieu offers everything fans love about her writing-a relatable protagonist with a distinct voice, a conflict relevant to current events, and ultimately a story that is both heartbreaking and hopeful.

El Met inaugura la primera gran exposición en EE.UU. centrada en la pintura antigua sienesa...

El MFAH es la sede exclusiva en EE.UU. de «El mundo de Gauguin» Del 3...