Tenable buys Indegy to integrate IT and OT security

Cyber security supplier Tenable is to acquire operational technology (OT) and industrial network security specialist Indegy for an undisclosed sum, creating a single risk-based platform to secure both IT and OT systems.

The purchase takes advantage of a growing trend in the industrial or utility sectors, among others, to view their OT systems in verticals as a critical cyber security risk.

This trend has been exemplified in 2019 by attacks on electrical grid systems in the US and other countries, which not only pose a risk to business operations but also equipment, health and safety, and potentially the day-to-day lives of millions.

Tenable cited a recent survey conducted by Siemens and analysts at the Ponemon Institute which showed the majority of respondents viewed cyber threats to OT systems a bigger risk than to IT.

As OT environments increasingly interconnect with IT, CISOs are finding they have to manage more complex, sensitive, and wider attack surfaces than ever before, often without proper visibility or risk assessment.

“CISOs are being asked to secure OT systems alongside IT, but lack the necessary visibility and technology to manage and measure OT cyber risk in the same way as IT risk,” said Amit Yoran, chairman and CEO of Tenable.

“The combination of Tenable and Indegy brings together two pioneers of IT vulnerability management and industrial cyber security to deliver the industry’s first unified, risk-based view of IT and OT security. This is a game changer that will help transform how security and the C-suite make strategic decisions around OT risk.

“This acquisition is a critical milestone in delivering on our cyber exposure strategy to help organisations understand and reduce cyber risk across the entire modern attack surface. Indegy extends our depth of OT expertise and intelligence, and our breadth of OT-specific capabilities from vulnerability management to asset inventory, configuration management and threat detection.”

The combined platform will deliver a number of capabilities to CISOs. These include risk-based measurement, with the ability to score, trend and benchmark IT and OT together for more comprehensive decision-making; a single view of both IT and OT vulnerabilities, from assessment through prioritisation and remediation; deeper intelligence inside OT environments for more accurate and comprehensive management; IT and OT vulnerability assessments; and OT-specific process management.

Initially, the acquisition will bring together Indegy’s industrial security suite with Tenable.sc to manage on-premise vulnerabilities, which is already available. Further integration with Tenable.io for cloud-based vulnerability management and Tenable Lumin will be available by the end of June 2020.