Trend Micro announced new AI-powered threat detection capabilities designed specifically for enterprises embracing AI at scale. This effort brings together Trend’s security expertise with NVIDIA accelerated computing and NVIDIA AI Enterprise software, leveraging AWS infrastructure to support scalable, enterprise-ready deployment. The solution is built to help organizations secure AI-driven workloads and business processes without compromising performance or flexibility. As enterprises scale their AI ambitions from GenAI to agentic AI, new attack surfaces emerge, including threats … More →
The post Trend Micro helps organizations secure AI-driven workloads appeared first on Help Net Security.
Censys is launching a new solution specifically designed to enable threat hunting teams to track adversary infrastructure. The Censys’ Threat Hunting solution is part of Censys’ recently released Internet Intelligence platform, which provides security teams across the enterprise with the Internet visibility that they need to protect themselves from today’s adversaries. While Censys has been a long time favorite for threat hunting teams, the new Threat Hunting solution is a purpose-built module that empowers security … More →
The post Censys enables security teams to be more proactive in their threat hunting appeared first on Help Net Security.
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CIO Patricia Grant looks at how the CIO/CSO relationship is key to a successful exposure management program. You can read the entire Exposure Management Academy series here.
When I first joined Tenable, one of the first things I did was sit down with our CSO, Robert Huber, to align on how we were going to work together.
In 2024, I was even featured in a WSJ article titled CIOs and CISOs Are ‘Better Together because that’s what it comes down to. We can’t operate in silos. If you’re serious about securing your organization, your IT and security teams have to be tightly linked philosophically and operationally. Exposure management is a great example of where that partnership plays out every day.
Risk is shared — and so is the responsibilityLet me start with a simple truth: securing the enterprise is a shared responsibility between IT and security. While the CSO defines the strategy and risk posture, IT plays a critical role in execution — from patching systems and deploying controls to maintaining uptime and interpreting security signals.
That’s why tight alignment between our teams isn’t optional — it’s essential. We have regular interlocks to ensure we’re making decisions with the same context and urgency. Annual planning isn’t enough anymore. The threat landscape shifts by the quarter — sometimes by the month — so our collaboration has to be constant, responsive and agile.
Ultimately, you can’t do exposure management the right way without a strong relationship between the CIO and the CSO. We’re both accountable and responsible for protecting our employees, customers, partners and the company. And we both bring something essential to the table.
A single pane of glass beats swivel-chair securityExposure management is a great tool to keep us on track.
It gives us a unified view across all our assets, including cloud, on-prem and hybrid. I’m not a fan of “swivel-chair security.” I don’t want my team jumping between tools trying to figure out what to fix first. Exposure management moves us toward a single pane of glass.
We can see what matters, what’s critical, what needs to be patched now and what can wait.
That kind of visibility is essential when your infrastructure spans everything from data centers and headquarters to home offices and digital nomads working from just about anywhere.
Endpoints are the new front lineUnlike data centers or cloud infrastructure, endpoints move with your workforce — and that makes them harder to secure. At Tenable, we’ve taken a firm stance: when a zero-day emerges, patch your device within 24 hours or it’ll be automatically locked.
But security doesn’t stop at the office door. No matter where employees are, they’re part of the defense. That’s why we focus on education — not to slow people down, but to empower them to keep the business safe.
Exposure management uncovers what you don’t knowWe’ve also learned that managing systems is only part of the battle. You’ve got to worry about identities, access and misconfigurations.
And it’s not just about what you know. Exposure management helps you uncover what you don’t know. Things like systems you forgot were running or ports you didn’t realize were open are now visible.
The “Oh, no, I didn’t know that port was live” moment happens more often than you’d think. Exposure management finds and closes that down.
Prioritizing the right problems is a strategic advantageRisk prioritization is always a looming challenge. The goal isn’t to fix everything. It’s to fix what matters most. Chasing thousands of vulnerabilities without context wastes time and energy. Exposure management helps us shift the conversation from volume to impact.
That’s what exposure management solves. Instead of bragging that “we closed 3,000 vulnerabilities,” we can say, “we addressed the 50 that posed real risk.”
That’s a fundamental mindset shift for IT teams. And, yes, it comes down to change management.
Change management isn’t optional anymoreChange management is underrated, especially in cybersecurity. I’ve always said going live on day one with technology is easy. It’s day two and beyond that’s hard. And in this hybrid, distracted world, traditional methods just don’t cut it.
People aren’t reading emails. And they’re half-listening in meetings. So we need new approaches. We go for quick hits, with clear messaging, along with different formats to cater to different learning styles. Cybersecurity is everyone’s job, and reaching everyone means rethinking how we communicate.
Speaking the board’s language means translating riskWe need to elevate the conversation. I regularly participate in board-level discussions about cybersecurity, and the key is translating cyber risk into business language. It’s not just about technical debt or patch status anymore. It’s about quantifying risk the same way the CFO quantifies financial exposure.
Boards don’t want tech jargon. They want to know: Are we covered? Where are we vulnerable? What’s the worst-case scenario? An exposure management solution helps translate technical complexity into strategic insight.
Helping our customers protect what they can’t seeAt Tenable, we take that same philosophy to our customers. Exposure management isn’t just about visibility. It’s about enabling action. I see our job as helping customers answer those questions. Threat exposure management gives our customers clarity into what they need to know.
That means knowing the threats that matter, the systems that are exposed and the actions that will make a difference. You can’t protect what you are not aware of as a risk. And in a world where the attack surface is constantly expanding and evolving — whether it’s AI, autonomous vehicles or just more remote workers — you need to see everything. You need a single pane of glass.
TakeawaysUltimately, you can’t do exposure management the right way without a strong relationship between the CIO and the CSO. We’re both accountable and responsible for protecting our employees, customers, partners and the company. And we both bring something essential to the table.
So, my advice to fellow CIOs: Stay close to your CSO. Build trust. Share responsibility.
And make sure your teams are operating from the same playbook. Because in cybersecurity, the stakes are too high to go it alone.
Have a question about exposure management you’d like us to tackle?We’re all ears. Share your question and maybe we’ll feature it in a future post.
MktoForms2.loadForm("//info.tenable.com", "934-XQB-568", 14070);Abnormal AI introduces autonomous AI agents that improve how organizations train employees and report on risk while also evolving its email security capabilities. In a year defined by the explosive use of malicious AI for cybercrime, Abnormal is doubling down on its mission to protect people. With its AI-native platform, Abnormal’s newest innovations bring intelligent automation to security awareness training, executive reporting, and advanced email threat detection. “The most dangerous attacks don’t target firewalls—they target … More →
The post Abnormal AI improves security awareness training with AI agents appeared first on Help Net Security.
Peridio, a platform for building and maintaining advanced embedded products, has launched Avocado OS, an open-source embedded Linux distribution made to simplify the way developers build complex embedded systems. Avocado OS focuses on delivering a smooth developer experience while offering security, reliability, and consistent performance. A new answer to an old problem Teams building with traditional Embedded Linux often face a tough choice. They must pick between developer-friendly systems that move fast, or production systems … More →
The post Avocado OS: Open-source Linux platform for embedded systems appeared first on Help Net Security.