Censys is launching a new solution specifically designed to enable threat hunting teams to track adversary infrastructure. The Censys’ Threat Hunting solution is part of Censys’ recently released Internet Intelligence platform, which provides security teams across the enterprise with the Internet visibility that they need to protect themselves from today’s adversaries. While Censys has been a long time favorite for threat hunting teams, the new Threat Hunting solution is a purpose-built module that empowers security … More →
The post Censys enables security teams to be more proactive in their threat hunting appeared first on Help Net Security.
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable CIO Patricia Grant looks at how the CIO/CSO relationship is key to a successful exposure management program. You can read the entire Exposure Management Academy series here.
When I first joined Tenable, one of the first things I did was sit down with our CSO, Robert Huber, to align on how we were going to work together.
In 2024, I was even featured in a WSJ article titled CIOs and CISOs Are ‘Better Together because that’s what it comes down to. We can’t operate in silos. If you’re serious about securing your organization, your IT and security teams have to be tightly linked philosophically and operationally. Exposure management is a great example of where that partnership plays out every day.
Risk is shared — and so is the responsibilityLet me start with a simple truth: securing the enterprise is a shared responsibility between IT and security. While the CSO defines the strategy and risk posture, IT plays a critical role in execution — from patching systems and deploying controls to maintaining uptime and interpreting security signals.
That’s why tight alignment between our teams isn’t optional — it’s essential. We have regular interlocks to ensure we’re making decisions with the same context and urgency. Annual planning isn’t enough anymore. The threat landscape shifts by the quarter — sometimes by the month — so our collaboration has to be constant, responsive and agile.
Ultimately, you can’t do exposure management the right way without a strong relationship between the CIO and the CSO. We’re both accountable and responsible for protecting our employees, customers, partners and the company. And we both bring something essential to the table.
A single pane of glass beats swivel-chair securityExposure management is a great tool to keep us on track.
It gives us a unified view across all our assets, including cloud, on-prem and hybrid. I’m not a fan of “swivel-chair security.” I don’t want my team jumping between tools trying to figure out what to fix first. Exposure management moves us toward a single pane of glass.
We can see what matters, what’s critical, what needs to be patched now and what can wait.
That kind of visibility is essential when your infrastructure spans everything from data centers and headquarters to home offices and digital nomads working from just about anywhere.
Endpoints are the new front lineUnlike data centers or cloud infrastructure, endpoints move with your workforce — and that makes them harder to secure. At Tenable, we’ve taken a firm stance: when a zero-day emerges, patch your device within 24 hours or it’ll be automatically locked.
But security doesn’t stop at the office door. No matter where employees are, they’re part of the defense. That’s why we focus on education — not to slow people down, but to empower them to keep the business safe.
Exposure management uncovers what you don’t knowWe’ve also learned that managing systems is only part of the battle. You’ve got to worry about identities, access and misconfigurations.
And it’s not just about what you know. Exposure management helps you uncover what you don’t know. Things like systems you forgot were running or ports you didn’t realize were open are now visible.
The “Oh, no, I didn’t know that port was live” moment happens more often than you’d think. Exposure management finds and closes that down.
Prioritizing the right problems is a strategic advantageRisk prioritization is always a looming challenge. The goal isn’t to fix everything. It’s to fix what matters most. Chasing thousands of vulnerabilities without context wastes time and energy. Exposure management helps us shift the conversation from volume to impact.
That’s what exposure management solves. Instead of bragging that “we closed 3,000 vulnerabilities,” we can say, “we addressed the 50 that posed real risk.”
That’s a fundamental mindset shift for IT teams. And, yes, it comes down to change management.
Change management isn’t optional anymoreChange management is underrated, especially in cybersecurity. I’ve always said going live on day one with technology is easy. It’s day two and beyond that’s hard. And in this hybrid, distracted world, traditional methods just don’t cut it.
People aren’t reading emails. And they’re half-listening in meetings. So we need new approaches. We go for quick hits, with clear messaging, along with different formats to cater to different learning styles. Cybersecurity is everyone’s job, and reaching everyone means rethinking how we communicate.
Speaking the board’s language means translating riskWe need to elevate the conversation. I regularly participate in board-level discussions about cybersecurity, and the key is translating cyber risk into business language. It’s not just about technical debt or patch status anymore. It’s about quantifying risk the same way the CFO quantifies financial exposure.
Boards don’t want tech jargon. They want to know: Are we covered? Where are we vulnerable? What’s the worst-case scenario? An exposure management solution helps translate technical complexity into strategic insight.
Helping our customers protect what they can’t seeAt Tenable, we take that same philosophy to our customers. Exposure management isn’t just about visibility. It’s about enabling action. I see our job as helping customers answer those questions. Threat exposure management gives our customers clarity into what they need to know.
That means knowing the threats that matter, the systems that are exposed and the actions that will make a difference. You can’t protect what you are not aware of as a risk. And in a world where the attack surface is constantly expanding and evolving — whether it’s AI, autonomous vehicles or just more remote workers — you need to see everything. You need a single pane of glass.
TakeawaysUltimately, you can’t do exposure management the right way without a strong relationship between the CIO and the CSO. We’re both accountable and responsible for protecting our employees, customers, partners and the company. And we both bring something essential to the table.
So, my advice to fellow CIOs: Stay close to your CSO. Build trust. Share responsibility.
And make sure your teams are operating from the same playbook. Because in cybersecurity, the stakes are too high to go it alone.
Have a question about exposure management you’d like us to tackle?We’re all ears. Share your question and maybe we’ll feature it in a future post.
MktoForms2.loadForm("//info.tenable.com", "934-XQB-568", 14070);Abnormal AI introduces autonomous AI agents that improve how organizations train employees and report on risk while also evolving its email security capabilities. In a year defined by the explosive use of malicious AI for cybercrime, Abnormal is doubling down on its mission to protect people. With its AI-native platform, Abnormal’s newest innovations bring intelligent automation to security awareness training, executive reporting, and advanced email threat detection. “The most dangerous attacks don’t target firewalls—they target … More →
The post Abnormal AI improves security awareness training with AI agents appeared first on Help Net Security.
Peridio, a platform for building and maintaining advanced embedded products, has launched Avocado OS, an open-source embedded Linux distribution made to simplify the way developers build complex embedded systems. Avocado OS focuses on delivering a smooth developer experience while offering security, reliability, and consistent performance. A new answer to an old problem Teams building with traditional Embedded Linux often face a tough choice. They must pick between developer-friendly systems that move fast, or production systems … More →
The post Avocado OS: Open-source Linux platform for embedded systems appeared first on Help Net Security.
Flashpoint announced new capabilities to its flagship platform, Flashpoint Ignite. These innovations are designed to deliver insights that align with customers’ threat intelligence needs, enabling organizations to make informed decisions and protect their most critical assets. “Too often, high-value threat data and insights go underutilized, buried in complex interfaces, siloed tools, or delayed until it’s too late. In a fast-moving threat landscape, complexity kills context and delays action, making it harder for teams to respond … More →
The post Flashpoint Ignite enhancements improve threat intelligence appeared first on Help Net Security.
Anetac announced the global rollout of Human Link Pro. This new capability unifies the management of human and non-human identity vulnerabilities within the Anetac Identity Vulnerability Management Platform. Already in use by organizations in financial services, retail, healthcare and critical infrastructure, this enhancement addresses the critical need for a single, integrated solution to discover, monitor and respond to vulnerabilities across all identity types–whether employee, non-permanent staff (contractor, partner or supplier) or non-human identities like workloads … More →
The post Anetac Human Link Pro secures both human and non-human identities appeared first on Help Net Security.
Microsoft is quietly preparing the next update to its flagship operating system, Windows 11 25H2, with new evidence pointing toward a September–October 2025 release. Unlike the much-anticipated Windows 11 24H2-the major update arriving in 2024-the 25H2 release is shaping up to be a more modest affair, focusing on incremental improvements and under-the-hood changes rather than headline-grabbing […]
The post Windows 11 25H2 Expected to Launch with Minor Changes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
RSA announced cybersecurity innovations that defend organizations against the next wave of AI powered identity attacks, including IT Help Desk bypasses, malware, social engineering, and other threats. These advancements are especially critical for organizations implementing passwordless strategies and further solidify RSA’s position as the only provider of true, enterprise-ready passwordless identity solutions. Among the highlights is the new RSA Help Desk Live Verify (patent pending), a feature that prevents social engineering and technical support scams. … More →
The post RSA defends organizations against AI-powered identity attacks appeared first on Help Net Security.