Latest news with #TenableNessus
Channel Post MEA
5 days ago
- Business
- Channel Post MEA
Sophos Includes Tenable's IASM In Its Managed Risk Capabilities
Sophos has announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors. 'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.' The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers. Features of IASM for Sophos Managed Risk include: Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services. The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console.
Web Release
08-07-2025
- Business
- Web Release
Sophos Managed Risk Expands Capabilities with Internal Attack Surface Management (IASM) to Identify and Guide Organizations to Mitigate Internal Vulnerabilities
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced the expansion of its Sophos Managed Risk capabilities with the introduction of Internal Attack Surface Management (IASM) with technology powered by Tenable. Many organizations face critical blind spots in their cyber defenses. In fact, the Sophos State of Ransomware 2025 report found 40% of organizations impacted by ransomware in the last year reported falling victim due to an exposure they were unaware of. Sophos Managed Risk, now with both internal and external attack surface management, addresses this challenge, providing comprehensive visibility into internal and external weaknesses that could be exploited by threat actors. 'With Sophos Managed Risk, organizations gain an attacker's-eye view to identify and prioritize remediation of risks before adversaries can exploit them. The solution offers a unified view of both internal and external exposures, prioritized by risk and paired with clear remediation guidance,' said Rob Harrison, Senior Vice President, Product Management at Sophos. 'This enables organizations to focus their efforts where it matters most, on the most critical vulnerabilities, resolving them rapidly.' The latest release of Sophos Managed Risk introduces unauthenticated internal scanning, which assesses a system from the perspective of an external attacker without user credentials or privileged access. This enables organizations to identify and mitigate high-risk vulnerabilities, such as open ports, exposed services and misconfigurations that are accessible and potentially exploitable by attackers. Features of IASM for Sophos Managed Risk include: Comprehensive vulnerability management: Regular automated scanning to identify weaknesses affecting assets within the network. Regular automated scanning to identify weaknesses affecting assets within the network. AI-powered prioritization: Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Intelligently determines which vulnerabilities pose the highest risk and need immediate attention, guiding organizations to prioritize their patching and remediation efforts. Industry-leading technology: Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. Sophos leverages Tenable Nessus scanners to detect vulnerabilities inside the network and determine their severity. The Sophos advantage: Unlike vendors that separate External Attack Surface Management (EASM) and IASM into distinct products, Sophos provides an integrated managed service powered by leading Tenable technology and backed by one of the world's leading MDR services. The new IASM capabilities are accessible through Sophos Managed Risk, an extended service with Sophos MDR. The Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. IASM for Sophos Managed Risk is available today for all new and existing Sophos Managed risk customers, with no changes to licenses or pricing. Customers can immediately benefit from the extended coverage by deploying Tenable Nessus scanners and scheduling automated scans in their Sophos Central console. Learn more about the new Internal Attack Surface Management capabilities and Sophos Managed Risk, visit
Techday NZ
24-04-2025
- Business
- Techday NZ
Perforce launches upgraded Puppet to cut cyber risk downtime
Perforce Software has released an updated version of its Puppet Enterprise Advanced platform, targeting faster vulnerability remediation and improved collaboration between infrastructure and security teams. The platform update arrives amid growing concerns over rapidly evolving cyber threats, attributed in part to the increased use of artificial intelligence in attack methodologies. Recent figures from Statista indicate that vulnerabilities in software systems now persist for an average of 229 days before remediation, heightening the risk to organisations and their customers. This delay has been exacerbated by challenges such as rapid infrastructural scaling, inefficient operations, and a global shortage of skilled cyber professionals. Perforce states that the new features in Puppet Enterprise Advanced will help businesses address security risks more swiftly by embedding remediation processes directly within infrastructure automation workflows. This approach is intended to break down silos between operations and security, allowing for a more integrated understanding of organisations' overall security posture while reducing manual cross-team handoff delays. "Vulnerabilities continue to increase, with around 40,000 known vulnerabilities in 2024. Because of this explosion in vulnerabilities, the mean time to remediate continues to increase, leaving companies extremely vulnerable to attacks. Enterprises must combat this by integrating security with infrastructure automation to shorten the vulnerability remediation cycle," said Tzvika Shahaf, Vice President of Product Management at Perforce. "Our new release empowers organizations to unlock a collaborative DevSecOps environment by shrinking the opportunity window for attackers. In future Puppet releases, the pace will quicken further with human-in-the-loop, AI-driven automation." The updated platform features several enhancements designed to streamline responses to identified security threats. Integration with security scanners, with Tenable Nessus included by default, enables automated identification and remediation of vulnerabilities. The platform's open API framework and extensible architecture allow additional scanners to be incorporated, increasing flexibility for organisations with diverse environments. Users of Puppet Enterprise Advanced can now manage patching workflows from within the tool's graphical user interface. Additional support for maintenance and blackout scheduling is included, aimed at minimising disruption to normal business operations. Enhanced dynamic patching group capabilities are designed to improve efficiency in managing hybrid infrastructures commonly found in enterprise settings. The platform enforces continuous alignment of system configurations with established security policies through its desired state enforcement feature. Any deviation from policy triggers an automatic remediation process and generates necessary documentation for audit purposes, a capability expected to assist organisations in maintaining regulatory compliance. Another enhancement is the pre-built, reusable policy as code (PaC) modules, which ensure systems automatically remain in line with industry-standard security baselines. These modules can be updated as best practices evolve, reducing the manual effort required from in-house teams. Self-service workflows and increased cross-functional visibility are intended to improve collaboration between traditionally siloed operations and security teams. These features are designed to help decrease the mean time to remediate vulnerabilities, decrease operational risk, and improve cost efficiency for organisations seeking to manage increasingly complex technology estates. Perforce reports that its approach allows platform teams to better support security teams, thereby boosting resiliency and reducing the mean time to remediate vulnerabilities. According to the company, these capabilities enable risk reduction, process efficiency gains, and savings on operational costs through automation and improved collaboration.
