Penetration Testing as a Service (PTaaS) leader Synack has partnered with Tenable, the exposure management company, to offer our customers the best of both worlds: ongoing vulnerability discovery and insight for full visibility integrated with deep and detailed expertise of human-led security researchers. Together, the solution helps isolate and fix exploitable vulnerabilities faster.
Tenable Vulnerability Management, part of Tenable One, leverages Nessus Sensors, a mix of active scanners, agents, passive network monitoring, cloud connectors and CMDB integrations to maximize scan coverage across an organization’s infrastructure and reduce vulnerability blind spots. Tenable helps security teams gain full visibility while identifying potential weaknesses from code flaws, outdated software, misconfigurations and more. Continuous, always-on asset discovery and assessment helps reveal impactful vulnerabilities across a highly dynamic environment.
While visibility is necessary, scan results can be voluminous, making it difficult to quickly isolate, triage, analyze and remediate the most pressing security concerns. Not all exposures identified by vulnerability scans are necessarily exploitable in a particular environment – bad actors may be thwarted by firewalls and other security protection. Furthermore, prolonged activity, such as advanced persistent threats, may be difficult to locate amongst individual scan results. Due to limited resources it can be difficult for IT and security teams to devote the necessary time and expertise to sift through noise, triage and remediate the most pressing and exploitable vulnerabilities in their environment. Even with Tenable, the leader in vulnerability management, human security testing expertise and analysis time is still required. Legacy security testing, such as annual penetration testing, has traditionally been static and too silo’ed from vulnerability management to be effective at quickly addressing the evolving threat landscape.
To address this challenge, Tenable Vulnerability Management data can now be ingested daily into Synack’s PTaaS platform, where scanning results can be continuously prioritized, triaged and made available for in-depth human-led security testing by the Synack Red Team (SRT). The SRT acts as an extension to customer IT and security teams, assisting in quick triage, isolation and remediation of the most urgent security gaps. The SRT leverages context from scanning results and other sources, combined with human testing techniques, to confirm which vulnerabilities are actually exploitable in the customer’s environment, provide detailed exploit analysis, recommendations for remediation and verification of successful patching. The combined solution relieves burden from overloaded security teams by reducing noise, isolating the most exploitable threats and providing detailed recommendations and re-testing to close the most critical security gaps faster.
The new integration is available at no additional charge to Synack PTaaS Platform customers who have valid Tenable One Vulnerability Management subscriptions. For further information on enabling the integration in your Synack Platform, please read the integration guide, and contact [email protected] with any questions or feedback.
About Synack
Synack’s Penetration Testing as a Service platform manages customers’ attack surfaces by discovering new assets, pentesting for critical vulnerabilities and gaining visibility into the root causes of security risks. We are committed to making the world more secure by harnessing a talented, vetted community of security researchers to deliver continuous penetration testing and vulnerability management, with actionable results. Synack’s PTaaS platform has uncovered more than 83,000 exploitable vulnerabilities to date, protecting a growing list of Global 2000 customers and U.S. agencies in a FedRAMP Moderate Authorized environment. For more information, please visit www.synack.com.
