ETSI releases specification for Energy Efficient IP Video Surveillance enabling further IoT interoperability

Sophia Antipolis, 13 June 2019

The ETSI Technical Committee ATTM has just released the ETSI specification TS 105 176-2, to provide interoperable Ethernet and Power over Coax solutions for IP video surveillance.

Read More...

AIOTI, ISO/IEC JTC1, ETSI, oneM2M and W3C Collaborate on Two Joint White Papers on Semantic Interoperability Targeting Developers and Standardization Engineers

Cross-organization expert group works together on accelerating adoption of semantic technologies in IoT.

AIOTI today announced its collaborative role in the publication of two joint white papers on semantic interoperability entitled Semantic IoT Solutions - A Developer Perspective and Towards semantic interoperability standards based on ontologies in conjunction with organizations closely tied to the advancement of the IoT ecosystem.

Read More...

First ETSI C-V2X interoperability event tests ETSI ITS and 3GPP standards

Registration now open!

Sophia Antipolis, 8 November 2019

ETSI, with experts from its Center for Testing and Interoperability, in partnership with the 5GAA, is organizing the first C‑V2X Plugtests^TM event.

Hosted by DEKRA in its Connected Vehicle Test Development Centre in Malaga from 2-6 December 2019, the event will enable vendors to run interoperability test sessions to assess the level of interoperability of their implementations and validate their understanding of the standards. Interoperability testing checks that devices built to the same standards can work together and provide the functionalities specified in the standards.

Read More...

First ETSI C-V2X interoperability event: success rate of 95% achieved

Sophia Antipolis, 11 December 2019

The first ETSI C-V2X Plugtests^TM, performed in partnership with 5GAA, came to a close with a success rate of 95% of the executed tests, showing an extremely positive level of multi-vendor interoperability. 320 test scenarios were executed in lab and field environments for interoperability with 70 people present onsite for testing.

Read More...

ETSI issues two major standards for emergency calls: Next Generation 112 and Advanced Mobile Location

Sophia Antipolis, 20 January 2020

ETSI’s Emergency Communication Special Committee has recently released two major specifications, ETSI TS 103 479, for NG112, the next generation of European emergency services and ETSI TS 103 625, for the specific Advanced Mobile Location function. AML is already implemented in 22 countries worldwide following the publication of the first ETSI technical report TR 103 393.

Read More...

ETSI launches remote Plugtests^TM Programme for Mission Critical Services to accelerate adoption and interoperability

Sophia Antipolis, 28 April 2020

To accelerate Mission Critical Services (MCS) adoption and interoperability, a key enabler to MCS deployment, ETSI is running an innovative MCX Plugtests^TM Programme. Testing sessions will also benefit from the latest ETSI specification, ETSI TS 103 564, on Plugtests scenarios for Mission Critical Services.

Read More...

Second ETSI C-V2X interoperability test event, remote, to connect vehicles in Europe and in the rest of the world

Register now for this remote event!

Sophia Antipolis, 5 May 2020

ETSI, in partnership with the 5GAA, is organizing the second “Cellular-Vehicle-to-Everything” (C-V2X) Plugtests^TM event. It will be held remotely, from 20 to 31 July 2020. ETSI has recently setup a remote lab for all participants, it leverages the ETSI Hub for Interoperability and Validation (HIVE) to interconnect participants’ labs and allow for multi-party interoperability testing.

Read More...

ETSI’s new group on COVID-19 tracing apps interoperability moving fast: officials elected and work programme set up

Sophia Antipolis, 11 June 2020

The ETSI E4P group, “Europe for Privacy-Preserving Pandemic Protection”, launched a month ago has already held two meetings. The work of ISG E4P aims to facilitate the development of backward-compatible and interoperable proximity tracing applications to be used to combat pandemics by helping to break viral transmission chains.

Read More...

ETSI C-V2X Plugtest achieves interoperability success rate of 94%

Sophia Antipolis, 18 August 2020

ETSI has just released the report of its 2nd C-V2X Plugtests event organized remotely in partnership with the 5GAA the last week of July. The 81 remote participants benefited from ETSI’s remote lab to run their sessions in their own labs. Observers from different organizations witnessed the execution of 288 test sessions based on the ETSI test specification ETSI TS 103 600, and interoperability results were reported in the Test reporting tool. An overall interoperability success rate of 94% was achieved.

Read More...

ETSI Mission Critical Plugtests to drive Future Railway Mobile Communication System

Sophia Antipolis, 10 September 2020

ETSI, with the support of the European Commission, EFTA, TCCA and UIC, is organizing its fifth MCX Plugtests^TM event. The remote-only event will take place from 21 September to 2 October 2020. Pre-testing started on 31 August to debug any connectivity issues before the main event.

Read More...

ETSI unveils NFV&MEC 2020 Interoperability Report:
Strong focus on Containerized and 5G Network Services

Sophia Antipolis, 22 September 2020

ETSI is pleased to release the report of its NFV&MEC Plugtests^TM  event that took place remotely in June 2020. After several weeks of remote integration and pre-testing, the event offered NFV and MEC solution providers as well as open source communities an opportunity to discuss and solve interoperability challenges while validating their implementation of NFV and MEC specifications and APIs.

Read More...

ETSI Mission Critical Plugtests event achieves a 95% interoperability success rate

Sophia Antipolis, 2 November 2020

ETSI is pleased to announce it has now released the Report of its fifth MCX Plugtests^TM remote event that took place from 21 September to 2 October 2020. Results of the testing sessions outline an interoperability rate of 95%, giving industry a reliable set of standards for successful implementations.

Highlights of this event included initial railway-oriented capabilities in 3GPP Release-15, such as functional aliases, multi-talker, helping Future Railway Mobile Communication System (FRMCS) move forward. 173 delegates from all over the world executed around 1350 test cases in 169 test sessions, interoperability results were reported in the ETSI Test reporting tool. Around fifty new test cases were developed for this event and will be added to ETSI TS 103 564.

Read More...

ETSI unveils its Report comparing worldwide COVID-19 contact-tracing systems – a first step toward interoperability

Sophia Antipolis, 2 February 2021

The COVID-19 pandemic has stretched the planet’s health systems to their limits and tested the measures adopted to alleviate difficulties. Contact tracking or tracing to identify infected people has been one such example. However, contact tracing based on interviews with identified or suspected patients presents known weaknesses from previous pandemics. Turning to digital means in a world where global mobility is the rule was therefore of the essence.

Read More...

ETSI announces first interoperability event for future railway communication

Sophia Antipolis, 19 April 2021

ETSI has announced that its Future Railway Mobile Communication System (FRMCS) Plugtests™ event will take place from 14 to 18 June 2021. Over 20 vendors and more than 80 participants will participate.

Read More...

ETSI's Director-General speaks of the future of railway mobile communication systems at COIT event

Sophia Antipolis, 28 June 2021

On 23 June, as part of the commemoration of the European Year of Rail, the COIT Smart Railways Working Group conducted an online session to publicise the features and advantages of the FRMCS (Future Railway Mobile Communication System). This system will replace the current GSM-R and technologically mark the next decades of a means of transport that is living its best moment.

Read More...

Draft of ETSI Coordinated vulnerability disclosure guide available for public comments

Sophia Antipolis, 24 August 2021

ETSI will soon release a Guide to Coordinated Vulnerability Disclosure. Before publication, it made the draft publicly available for comments. Please send your feedback by 15 September to the technical committee CYBER at cybersupport@etsi.org 

Read More...

ETSI releases Report on Coordinated Vulnerability Disclosure - Helping organizations fix security vulnerabilities

Sophia Antipolis, 17 February 2022

ETSI has released on 27 January a Guide to Coordinated Vulnerability Disclosure. The Technical Report ETSI TR 103 838 will help companies and organizations of all sizes to implement a vulnerability disclosure process and fix vulnerability issues before they’re publicly disclosed.

Read More...

ETSI Advanced Mobile Location standard now permits European smartphones to send caller location in emergency calls

Sophia Antipolis, 22 March 2022

Since 17 March all smartphones sold in Europe are required to comply with Advanced Mobile Location for emergency communications. AML was standardized in ETSI TS 103 625 by the ETSI technical committee on emergency communications (EMTEL) in December 2019. It is already helping emergency services dispatch the needed resources efficiently in Europe and worldwide.

Read More...

ETSI C-V2X Plugtests event achieves a 93% interoperability success rate

Sophia Antipolis, 21 April 2022

The 3^rd ETSI C-V2X Plugtests^TM event, held in partnership with 5GAA and hosted by DEKRA from 28 March to 1^st April, achieved a success rate of 93% of the executed tests, showing an extremely positive level of multi-vendor interoperability. 226 test scenarios were executed in a laboratory and outdoor environment for interoperability, with 80 people from 25 companies participating in onsite and remote testing. All results are available in the newly released Report.

Read More...

Sophia Antipolis, 13 June 2022

The 2nd FRMCS Plugtests^TM event, organized remotely by ETSI with the support of the European Commission, EFTA, TCCA and UIC from 16 to 20 May 2022, has concluded with a success rate of 95% of the executed tests.

ETSI Plugtests events are essential to ensure seamless access to mission critical services across different vendors’ products and implementations. The MCX ETSI Plugtests series is the first independent testing of public safety and other mission critical LTE services. The MCX services are the basis for the Future Rail Mobile Communications System (FRMCS), and tests are based on the MCX (collectively for MCPTT, MCVideo and MCData services) framework.

Read More...

ETSI IoT week highlights how ICT standards can help sustainability

Sophia Antipolis, 17 October 2022

Last week ETSI hosted the 2022 ETSI IoT Week event, focused on “Pursuing the Digital and Green Transformation”. 52 speakers from industry, research, universities, cities and other SDOs demonstrated, with concrete examples, how ICT standards can help reach the UN Sustainable Development Goals (SDGs) and the European Green Deal to an audience from 22 countries around the world.

Read More...

New Extension for Disabled People to the ETSI Mobile Emergency App Framework

Sophia Antipolis, 16 January 2023

The ETSI emergency communications technical committee has just released a specification for a Pan-European Mobile Emergency Application framework (PEMEA) Real-Time Text Extension. Real-Time Text (RTT) communications are used extensively by people with hearing and speech disabilities around the world. These systems convey letters as they are typed from the source to the destination.

Read More...

Testing end-to-end service configuration of Millimetre Wave network devices in a Software Defined network using NETCONF

Sophia Antipolis, 8 March 2023

ETSI has organized the fourth millimetre Wave Transmission (mWT) Software Defined Networking (SDN) Plugtests™ event from 20 to 24 February 2023. The event took place at the ETSI headquarters, in Sophia Antipolis, France.

Read More...

Sophia Antipolis, 4 April 2023

Organized on 30 March as a hybrid event in ETSI facilities, France, the ETSI Summit on how ICT developments and standards can enable sustainability and have a positive impact on society, focused on the key role of the ICT industry and related standardization activities to support Green initiatives. The event brought a large and global audience of over 220 stakeholders including operators, solution providers, policy makers and standards bodies or fora working on the topic.

Read More...

Sophia Antipolis, 3 July 2023

ETSI is starting today its 3rd FRMCS (Future Railway Mobile Communication System) Plugtests™ event. GSM-R is one of the main standards for railway telecommunication services. It is developed and maintained by the ETSI Technical Committee Railway Telecommunications. With the increased need for more throughput, higher capacity and flexible deployment options, FRMCS is being developed based on 3GPP Mission Critical Services.

Read More...

Sophia Antipolis, 5 July 2024

ETSI is pleased to announce the successful conclusion of the FRMCS #4 Plugtests event, held at Sophia Antipolis, ETSI HQ, from July 1 – 5, 2024. This event brought together key stakeholders, including railway operators, telecom vendors, system integrators, and industry experts worldwide. ETSI organized the event with the support of the European Union, EFTA, TCCA-Critical Communications, and UIC— International Union of Railways.

Read More...

Sophia Antipolis, 30 September 2024

Direct communications between vehicles, pedestrians and infrastructure based on 3GPP and ETSI TC ITS standards have been tested during the 4th C-V2X Plugtests™ interoperability event in Malaga, Spain, hosted by DEKRA (September 10- 13, 2024).

In partnership with 5GAA, this Cellular Vehicle-to-Everything (C-V2X) and ITS technologies event attracted the participation of 24 companies and 82 experts – both onsite and via remote connections – with 94% of the planned tests, based on over 60 test scenarios, successfully completed.

Read More...

Starts: Thu, 28 Nov 2024 18:30:00 -0500
11/28/2024 05:30:00PM
Location: Montreal, Canada

Vulnerability management remains a cornerstone of preventive cybersecurity, but organizations still struggle with vulnerability overload and sophisticated threats. Tenable’s new Exposure Signals gives security teams comprehensive context, so they can shift from vulnerability management to exposure management and effectively prioritize high-risk exposures across their complex attack surface.

A critical vulnerability has been disclosed and attackers worldwide are actively exploiting it in the wild. Your vulnerability management team jumps into action and determines that the vulnerability is present in hundreds of your organization’s assets. Which ones do you patch first? How do you prioritize your remediation efforts? What criteria do you use? The clock is ticking. Hackers are on the prowl.

Historically, your vulnerability management team would rely on severity scores like Vulnerability Priority Rating (VPR). This is a great start, but only gives you one indicator of risk. To prioritize remediation precisely and effectively, you need to consider a variety of other criteria, such as a vulnerable asset’s type, owner, and function; the access-level and privileges on the asset; and critical attack paths into your environment.

This type of comprehensive, holistic context will let you prioritize correctly, but it can only be achieved with a different approach that goes beyond traditional vulnerability management. That approach is exposure management. 

With exposure management, your vulnerability management team would be able to pinpoint the subset of assets affected by our hypothetical vulnerability that, for example, are externally accessible, possess domain-level privileges and are part of a critical attack path. That way they would know where the greatest risk is and what they need to remediate first. Having this deep insight, context and visibility transforms the risk assessment equation, and allows your vulnerability management team to move decisively, quickly and strategically.

In this blog, we’ll outline why it’s imperative for your vulnerability management teams to shift to an exposure management mindset, and we’ll explain how Tenable can help them do it.

To pinpoint riskiest vulns, vulnerability management needs broader exposure context 

In today's evolving cybersecurity landscape, vulnerability management remains one of the foundational pieces of an organization's proactive defense strategy. However, these teams still have difficulty in addressing the increased level of risks posed by the continuous surge of Common Vulnerabilities and Exposures (CVEs) and other flaws.

Many security teams are frequently overwhelmed by the sheer volume of vulnerabilities with limited resources to manage them effectively. The sophistication and speed of threat actors has escalated, with attackers having more entry points and using new tactics, techniques and procedures to access other critical areas of the business - demonstrating that attacks are no longer linear but multifaceted.

It’s common for security teams to struggle with:

• Vulnerability overload - This long-standing problem keeps getting worse. Security teams are finding it more difficult than ever to sift through the avalanche of CVEs and identify the areas of the business that have the most risk.
   
•  Lack of exposure context for prioritization - Your teams are making decisions while missing layers of context. Threat intelligence and vulnerability severity are a great start, but limiting yourself to them doesn’t give you the full context you need to prioritize properly. 
   
• Slow remediation response - Both proactive and reactive security teams devote massive amounts of time to responding to critical vulnerabilities. Resources are spread thin, making it more important than ever for teams to confidently identify the most high risk exposures when recommending remediation efforts.

Need to shift from a vulnerability to an exposure mindset

Knowing the struggles that you are dealing with today can help illuminate the benefits of exposure management. The missing links between a vulnerability and an exposure are the additional layers of context. Having multidimensional context enables you to understand not just the vulnerabilities themselves but their potential impact within the broader attack surface. This approach provides a more comprehensive view of an organization's security posture by considering factors such as threat intelligence, asset criticality, identities and access, as well as other pieces of context. With this additional information, you spend significantly less time sorting through stacks of similar vulnerabilities and you can be more focused on identifying key issues that pose risk - exposures.

For those who have never heard of exposure management or are just getting started, there are many benefits to this discipline. When it comes to Tenable’s approach, we adopt that same mentality with our exposure management platform. The goal is simple: exposure management empowers organizations to prioritize remediation efforts more effectively. It surfaces information that helps develop strategies to address not only the vulnerabilities themselves but the emergence of exposures that could lead to significant breaches.

The jump from vulnerability to exposure

Bridging the gap from vulnerability management to exposure management requires connecting context across the entire attack surface. Vulnerability management provides context that predicts the likelihood of an attack and displays key drivers, age of vulnerability and threat sources. These attributes are helpful, but we can go much further to improve our prioritization effectiveness. This requires having broader visibility and deeper insights across the attack surface to understand the bigger picture of exposures.

Specifically, security teams need additional context around:

• Asset context - There are many levels to an asset that can help drive prioritization decisions. It’s key to understand the criticality of an asset related to its type, function, owner name and its relationships to other assets. Even knowing if the asset is accessible from the internet or not will shape how its remediation is prioritized.
   
• Identities - Identities serve as the cornerstone for successful attacks, so it’s key to contextualize them for exposure management. Understanding user-privilege levels, entitlements and user information can help prevent attackers from gaining privilege escalation and moving laterally. Focusing prioritization efforts on vulnerable assets with domain and admin-level privileges is a critical best practice in order to reduce the likelihood of a breach.
   
• Threat context - Having various levels of threat context is also important to prioritize exposures. We know that threats change over time, so leveraging dynamic scoring like VPR or Asset Exposure Score (AES) can show indicators of risk. We can also bring in context from attack path modeling to influence remediation decisions based on the attacker’s perspective by understanding the number of critical attack paths or choke points in your environment.

When security analysts have this additional information, they can now truly understand the breadth and depth of the exposure. This is how prioritization is done in this new world of exposure management.

Introducing Exposure Signals

To help make it easier for you to shift to this exposure management mindset, we have developed a new prioritization capability called Exposure Signals. Available in Tenable One, Tenable’s exposure management platform, Exposure Signals allows security teams to have more comprehensive context in a centralized place for a focused view of risk. 

There are two ways to use these new Exposure Signals. The first is to access a comprehensive library of high-risk, prebuilt signals. Easy to refer to, they signal potential risk in your environment and create a great starting point for you to get your exposure management juices flowing. For example, you can easily see and refer to: 

• Domain admin group on internet-exposed hosts with critical vulnerabilities
• Devices exposed to the internet via RDP with an associated identity account with a compromised password
• Cloud assets with critical severity findings and asset exposure score above 700

Exposure Signals allow you to track the number of violations that signal high-risk scenarios in your environment. View this list on a regular basis to see how it changes over time with its unique trendline. Take exploration into your own hands by viewing the impacted asset and its contextual intelligence in our Inventory Module. 

The second way to use Exposure Signals is by creating your own signals using a query builder or natural language processing (NLP) search powered by ExposureAI. That way, you can go as broad or as precise as needed. For example, let’s say there is a new zero day vulnerability that sweeps the industry, similar to Log4Shell. You can easily create a signal to target which assets have the vulnerability, are internet facing and have domain admin-level privileges. We are stringing these components together so that you can understand your true risk and better direct your prioritization efforts.

To learn more about Tenable One and Exposure Signals, check out our interactive demo:

Numerous studies indicate that agricultural production is sensitive to climate variability, and lack of infrastructure in developing countries increases vulnerability to extreme climate events. In Ethiopia, the historical climate record indicates frequent droughts and floods, which can devastate agricultural production and existing infrastructure. Too much precipitation can flood crops, rot or suffocate roots, and wash out roads, creating similar economic conditions to those resulting from drought.