A Chat with Bernard Montel, EMEA Technical Director and Security Strategist at Exposure Management company: Tenable

Bernard Montel

Tenable is the Exposure Management company. More than 40,000 organisations around the world rely on us to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

Our goal is to arm every organisation, no matter how large or small, with the visibility and insight needed to answer four critical questions at all times: Where are we exposed? Where should we prioritise based on risk? Are we reducing our exposure over time? How do we compare to our peers?
Tenable® - The Cyber Exposure Management Company

What do you think makes this company unique?

Preventing cyber attacks requires full visibility into all assets and exposures, extensive context into potential security threats, and clear metrics to objectively measure cyber risk.

As of today, no other company is able to provide the breadth of coverage, context and actionable reporting that Tenable can.

More than two decades ago, we pioneered the IT vulnerability management market as the creator of Nessus®, which is now the world’s most widely deployed IT vulnerability assessment solution. Nessus is built from the ground-up with a deep understanding of how security practitioners work. Every feature in Nessus is designed to make vulnerability assessment simple, easy and intuitive. The result: less time and effort to assess, prioritise and remediate issues. We continuously optimise Nessus based on community feedback to make it the most accurate and comprehensive vulnerability assessment solution in the market.

Underpinning everything we do is our research. We’ve built one of the industry’s largest dedicated data science research teams. They collect over 150 different aspects of data on each of the hundreds of thousands of vulnerabilities that Tenable tracks. This data can range from threat intelligence, to vulnerability data, to information from exploit kits and frameworks, to data gleaned from the US’ National Institute of Science and Technology’s National Vulnerability Database (NIST NVD). Other information can come from tracking discussions on vulnerabilities in social media and blog posts, security vendor advisories, technical reports and malware scans.


How has the company evolved over the last couple of years?

For more than 20 years, Tenable has been the preeminent vulnerability management vendor. We feel Exposure Management is the natural evolution of who we are and the problems we solve.

The way we think about the attack surface today has dramatically shifted since 1998 when Nessus was first brought to market. Practitioners are challenged to think broader for protecting the organisation, the same way threat actors are within a world of limitless vulnerabilities and exploitation. Organisations that can anticipate cyber attacks and communicate those risks for decision support will be the ones best positioned to defend against emerging threats.

Tenable’s approach to exposure management combines visibility across all facets of the attack surface with business context so our customers can accurately understand their cyber risk and prioritise mitigation.

What can we hope to see from Tenable in the future?

This month we announced Tenable One – our new platform that combines the broadest vulnerability coverage spanning IT assets, cloud resources, containers, web apps and identity systems. It builds on the speed and breadth of vulnerability coverage from Tenable Research, and adds comprehensive analytics to prioritise actions and communicate cyber risk.

Tenable One allows organisations to translate technical asset, vulnerability and threat data into clear business insights and actionable intelligence. This enables Security Executives to focus efforts to prevent likely attacks and accurately communicate cyber risk to support optimal business performance.

Looking to the future, given that the attack surface is continually expanding and changing, we’re evolving too. We’re listening to our customers and developing solutions that help them understand and address their business risk.