Connect with us

Hi, what are you looking for?



Siemens and Tenable Partner to Protect Industrial Networks

Siemens and Tenable Partner to Provide Asset Discovery and Vulnerability Management For Industial Networks

Siemens and Tenable Partner to Provide Asset Discovery and Vulnerability Management For Industial Networks

Worsening geopolitical tensions and increasing awareness of the potential harm caused by cyber attacks against the operational technology (OT) networks of critical industries has made industrial control systems (ICS) a focus of cybersecurity attention. But protecting ICS remains problematic as it emerges from its pre-internet security-unaware origins into the modern internet-connected world: it now has to add remaining secure to remaining operational.

“Organizations running operational technology face a foundational security challenge — the need to understand the entirety of their cyber exposure in the context of a modern attack surface that is constantly evolving,” explains Amit Yoran, CEO of Tenable. “We’ve seen the rise of cloud, mobile and IoT and now the convergence of IT with OT, which have made critical systems vulnerable to increasingly aggressive adversaries and attacks.”

OT, however, remains behind IT in its security defenses. A study by Ponemon in February 2017 highlighted the dire state of security awareness (in this case, specifically the oil and gas industry) in OT. It found that 46% of cyber attacks were thought to go undetected; that 61% of respondents believe their organization’s industrial control systems protection and security is not adequate; and that less than half of the respondents believe they have the internal expertise needed to manage cyber threats in the OT environment.

Improved visibility into existing vulnerabilities within the OT environment will improve OT security staff’s ability to defend against cyber attacks. “Cyberattacks against the O&G and utilities sector are on the rise and growing more sophisticated and aggressive by the day,” comments Leo Simonovich, VP and global head of industrial cyber and digital security at Siemens Energy. “Passive monitoring of all assets in these systems is critical to detecting and addressing vulnerabilities before they can be exploited and lead to disruption of essential public services like electricity, gas, and water.” 

Tenable and Siemens have now partnered to provide this passive visibility. Siemens is a major provider of ICS. Tenable owns one of the world’s most-used vulnerable scanning engines — Nessus. Announced today is the new Industrial Security provided as a security service by Siemens, and based on Tenable’s Nessus. 

It provides, says Tenable, “safe, reliable asset discovery and vulnerability detection purpose-built for ICS and supervisory control and data acquisition (SCADA) systems.” Key to this solution is the passive nature of Nessus which is used to detect vulnerabilities without affecting operational functionality. “Joining forces with Siemens is a natural next step,” says Yoran. “Together we provide a way for organizations to monitor and address their attack surface in totality, so they can see where they are vulnerable and protect those systems — and the people who depend on them — from threats.”

Advertisement. Scroll to continue reading.

Siemens AG is a major provider of ICS equipment. It generated €79.6 billion in 2016, and employs more than 350,000 people around the world.

Tenable raised $50 million in 2012, and followed this with a massive $250 million Series B funding round in November 2015. Its customers include more 50% of the Fortune 500, the ten largest U.S. technology companies, and 8 of the 10 largest U.S. financial companies.

Related: DHS, FBI Warn of Ongoing APT Attack Against Critical Infrastructure 

Related: U.S. Oil and Gas Industry Lagging in Security

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.