Challenges with siloed security teams: Tenable's security teams were divided by specialty (cloud, identity, application security, etc.), leading to fragmented data, duplicated alerts, poor communication, and manual reporting that drained productivity and morale while leaving gaps in attack-surface visibility.
Adoption of Continuous Threat Exposure Management (CTEM): Tenable implemented unified exposure management via the Tenable One platform, consolidating alerts, automating reporting, and providing comprehensive visibility into the full attack surface — including thousands of previously unknown assets.
Impact on efficiency and roles: The shift reduced noise, streamlined remediation with automated ticketing, and freed security staff from low-value tasks, allowing them to focus on higher-level security functions. Specialized teams retained their expertise but redirected efforts toward proactive, strategic security initiatives.
Tenable once had separate sub-teams for different aspects of digital security — identity and access management, application security, cloud security, and so on.
But it was hard for these siloed teams to communicate, to share data or even to align their priorities. Duplicated alerts and tickets, overlapping tool feeds, and manual reporting also burned out team members, even as gaps between tool coverage left parts of the attack surface under-protected."I constantly felt like I was buried in fragmented data from countless tools and teams," wrote Tenable Chief Security Officer Robert Huber in a recent blog post. "Much of my day was lost to context-switching, trying to manually piece together a coherent picture from disconnected silos."For more information:
Clearly, a new approach was needed. Tenable decided to implement unified exposure management, which removed duplicated alerts, generated single tickets for each issue, automated reports and, most importantly, provided total attack-surface visibility and filled in dangerous coverage gaps.Here's how Tenable did it, and how you can too.
Life before exposure management
Tenable may be a cybersecurity company, but its own digital defenses weren't that different from those of any other enterprise. Its security division included specialized teams for cloud, identity, and application security, among others, and each team used its own set of tools and internal reporting methods.According to Saeed Elahi, Tenable Head of Cyber Risk and Assurance, this arrangement resulted in "organizational drag" as the different teams had trouble clearly communicating with each other or even getting on the same page regarding business priorities.Those teams suffered from data overload, duplicate alerts, too much noise, not enough visibility, no way to see an attacker's viewpoint, and mind-numbing manual data-aggregation and report tasks.Meanwhile, telemetry and monitoring data from a dozen different tools traveled haphazardly to about 15 different security and non-security teams, resulting in a data-flow diagram that looked, as a Tenable blog post put it, "like a plate of spaghetti."The company identified three big problems with this situation. First, there was just sheer data overload, with, as the Tenable blog post put it, "multiple tools often flagging the same problem on the same asset."Second, and this may be a common oversight, the security team just couldn't see their entire attack surface from a potential attacker's point of view. Each team was focused on its own area of expertise, but none could plot the likely attack paths weaving through different domains."Siloed data didn't [provide] the whole picture," noted the Tenable blog post. "They couldn't see how an attacker could piece together disparate weaknesses or exploit shadow IT assets."Finally, a lack of complete automation left too many mundane duties that still had to be completed by hand, wasting security staffers' valuable time and draining morale."Engineers were consumed by low value tasks," said the blog post. "Daily life was a struggle to balance the need to understand the piles of data streaming in with equally critical security work."
The great untangling
At the behest of CSO Huber, the Tenable security division adopted a continuous threat exposure management (CTEM) framework that gave them total visibility, removed duplicated alerts, automated tedious data collection and correlation, and generated single tickets for each issue."The mandate forced a rethink," said the blog post. "The old processes and technologies needed a thorough overhaul, and that meant the vulnerability management team went from managing about five tools to two- to three-times that number."Not that it all went smoothly. The security team at first tried to do things its own way, attempting to build a custom dashboard that would aggregate all the incoming data and deliver complete visibility. But the project simply took up too much time and money.That's when Elahi and his colleague, Senior Staff Information Security Engineer Arnie Cabral, realized that, as the blog post put it, "a security program shouldn't turn its engineers into full-time software developers."It just so happened that the development teams at Tenable had already created a partial solution. The Tenable One exposure-management platform provided the unified dashboard and data flow that Elahi, Cabral and their own team had tried to achieve.With the information and overview provided by Tenable One, the Tenable team was better able to take proactive measures to block attack paths, prioritize and remediate vulnerabilities, misconfigurations and other weaknesses, and get visibility into the company's entire attack surface.And that attack surface was a lot bigger than the Tenable security teams had thought. Once the exposure-management platform was implemented and complete visibility achieved, they quickly found "thousands upon thousands" of internal assets they weren't previously aware of.Tenable One also greatly reduced the number of alerts. "When three tools flagged the same vulnerability on the same server," the blog post said, "those findings were consolidated into a single alert."Finally, it made life a lot easier for the security staffers, as the platform automatically correlated findings from different monitors, prioritized them according to potential risk, and even created and sent Jira tickets."The old problem of more noise than signal was finally solved," said the blog post. "That flood of alerts was reduced to a trickle. And finally, the security team had a short, clear list of exactly what needed to be fixed and why."With reports that had taken days to compile manually now being automatically generated in a few seconds, the security personnel had more time to focus on threat hunting and other high-value tasks, and their productivity doubled.The boss noticed. In a follow-up blog post, CSO Huber said the adoption of Tenable One and the move to a CTEM framework "also redefined the roles of our security teams.""Specialized teams like cloud security and application security still exist, but their focus has shifted," he wrote. "Instead of chasing down colleagues to fix specific issues, they can now concentrate on their core business functions, like securely deploying infrastructure in new environments."Please visit our exposure management topic page.
Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.
