Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable’s Acquisition Of Cymptom: An “Attack Path-Informed” Approach to Cybersecurity

Tenable’s Acquisition Of Cymptom: An “Attack Path-Informed” Approach to Cybersecurity

Tenable’s recent acquisitions all had the same overarching goal: helping our customers gain better security insights across their cyberattack surface.

At our investor day in December 2021, Tenable CEO Amit Yoran and I outlined the vision of where we see Tenable and the vulnerability management market heading over the next few years. We focused on three main areas:

  1. the need to extend vulnerability management (VM) everywhere;
  2. the need to shift security left; and
  3. the need to transform into a cyber data analytics platform.

To extend VM everywhere, we’ve aligned IT and critical infrastructure security through the acquisition of Indegy in 2019, predicting the capabilities and controls would converge. We took a giant leap forward when we acquired Alsid to help our customers understand the Active Directory flaws attackers will leverage to elevate privileges and laterally move once they’ve gained a foothold. Indeed, in a zero trust world, identity and access may still remain our most critical “vulnerability”

Late last year, we acquired Accurics to enable our customers to “shift left” to better understand security issues in Infrastructure as Code before they are deployed and to improve visibility of the running cloud. The importance of this visibility was demonstrated when Log4Shell was disclosed in December, causing cybersecurity teams everywhere to try and quickly understand how vulnerable they were to this black swan issue. In a world where cloud native applications change at the speed of code, security must move closer to the developers.

The three acquisitions we’ve made in the last three years, and the product enhancements we subsequently released, all had the same overarching goal of helping our customers gain better security insights across their cyberattack surface. The next step is to understand how vulnerabilities can create attack pathways leading to breach to help security teams effectively prioritize those issues that matter most and guide them on preemptively addressing those flaws before they are leveraged. We see attack path analysis to be for preventive cybersecurity what event correlation and analytics have become for the SIEM and XDR.

Enabling our customers to preemptively disrupt attack paths with the cyber data and analytics we provide leads us to the acquisition of Cymptom, which closed today. Founded in 2019, Cymptom has been focused on visually mapping out attack paths and prioritizing choke points that can be mitigated or remediated to reduce risk according to the MITRE ATT&CK framework.

Connecting the attack steps across everything with an IP address or running code in a unified platform is the only way security teams will be able to preemptively and effectively defend against the modern style of breaches we see today. Attackers don’t differentiate between web application mishaps, forgotten software patches, Active Directory accidents or misconfigured clouds, so why should defenders?

As we integrate Cymptom’s technology, research and expertise, Tenable’s solutions will become “attack path informed” to give our customers the insights they need to proactively reduce the probability of a breach with the least amount of effort. Our customers will be able to interact with our threat, vulnerability and exposure data in ways they’ve never been able to before. For the first time able to see the assets they protect from the viewpoint of a potential attacker, and the probable steps they’d take once an initial entrypoint has been found.

We're incredibly thrilled to have Cymptom join Tenable and I can't wait to work with our teams to integrate their innovative approaches to help our customers to see the steps attackers could take and prioritize preemptive action to turn attacks into attempts.

Learn more:

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

FREE FOR 30 DAYS


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

FREE FOR 30 DAYS Enjoy full access to detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of your software development lifecycle.

Buy Tenable.cs

Contact a Sales Representative to learn more about Cloud Security and how you can secure every step from code to cloud.