Surviving the #Vulnami: Is Your Security Program #Mythos Ready?

Surviving the Vulnami: Is Your Security Program Ready for AI-Driven Threats?

In this webinar, Ben Mudie, Field CTO for Australia, Pacific, and Japan, and Kenneth Teo, a Security Engineer for Tenable, discuss the impending "vulnami" of vulnerabilities driven by AI and how Tenable One, empowered by Hexa AI, enables organizations to shift from traditional vulnerability management to continuous threat and exposure management.

[00:00:49] Understanding the "Vulnami" Driven by AI

Ben introduces the concept of a "vulnami," a vulnerability tsunami, explaining how artificial intelligence (AI) is dramatically increasing the number of discovered vulnerabilities and accelerating exploitation timelines.

• AI's Role in Vulnerability Discovery: Large Language Models (LLMs) like Mythos and Opus are discovering vulnerabilities at an unprecedented rate, with a predicted tenfold increase in disclosures.
• Accelerated Exploitation: The time from vulnerability disclosure to exploitation has drastically reduced from 63 days in 2018 to mere hours in 2024, emphasizing the urgent need for faster response.
• Impact on Organizations: Many organizations lack the systems or programs to effectively respond to this surge, particularly in prioritizing which vulnerabilities to fix across increasingly large digital footprints.

[00:06:57] AI Adoption and Risks for Cyber Security

The discussion shifts to the rapid adoption of AI in enterprises and the critical need to utilize AI for cyber security, while also highlighting the inherent risks associated with using AI in security programs.

• Rapid AI Adoption: Over half of companies are now using AI, with a significant portion developing generative AI in-house, necessitating the integration of AI for cyber security.
• Agentic AI Risks: If you are integrating AI into your security program, you must be aware of risks such as prompt injection, data leakage, and model poisoning, and apply frameworks like OWASP AI risk assessment.
• The Blind Spot: Traditional security guidance often falls short in addressing the speed of response required for AI-driven threats and the complexities of frontier models designed to find zero days.

[00:13:00] Tenable One: Comprehensive Exposure Management

Ben introduces Tenable One, a platform designed to provide comprehensive visibility across an organization's entire attack surface, and explains how it helps navigate the challenges posed by the "vulnami."

• Key Areas for Response: Effective response requires a comprehensive inventory of all devices, mapping complex attack paths, and prioritizing vulnerabilities based on accessibility and impact using scores like Asset Exposure Score (AES) and Vulnerability Priority Rating (VPR).
• Moving to Real-Time Assessment: Organizations must transition from traditional, scheduled vulnerability scanning to continuous, near real-time assessment of assets using tools like the Tenable agent, enabling quicker responses to rapidly exploited vulnerabilities.
• Continuous Threat Exposure Management (CTEM): Gartner emphasizes that organizations prioritizing security investments based on CTEM will be three times less likely to suffer a breach, urging a shift from traditional vulnerability management to a more dynamic, broad approach.
• Preventable Cyber Risks: Exposure management focuses on identifying preventable cyber risks that have a high likelihood of exploitation and potential material impact on the business, encompassing misconfigurations, excessive privileges, and vulnerabilities across IT, OT, identity, and web applications.

[00:24:28] Tenable's Journey to Exposure Management with AI

Kenneth elaborates on how Tenable One helps organizations consolidate siloed security solutions into a structured exposure management platform, leveraging AI to gain crucial insights and drive action.

• Consolidating Siloed Data: Tenable One acts as an Exposure Management (EM) platform, integrating data from various sources (SSPM, DAST, SAST, EDR, etc.) into a data lake for inventorization, finding correlation, and contextualization.
• Contextualization and Prioritization: Without context, thousands of findings overwhelm security teams. Tenable One uses machine learning and generative AI to add business context, helping prioritize vulnerabilities and identify critical choke points in attack paths.
• Workflow Automation and Reporting: The platform supports creating workflows for remediation (e.g., top 10 patchable vulnerabilities) and generates reports to track SLAs and communicate security posture to stakeholders, crucial for reducing disclosure-to-closure times.
• AI to Neutralize AI: Tenable employs AI, including machine learning for continuous asset risk assessment and generative AI for correlating siloed data, enriching metadata, and inferring business context to proactively counter AI-driven attacks.

[00:30:10] Introducing Hexa AI for Accelerated Security

Kenneth introduces Hexa AI, Tenable's proprietary LLM within Tenable One, designed to bridge the gap between vast security data and actionable insights, significantly accelerating incident response.

• Operating from a Live Model: Hexa AI operates from a live, connected model of your entire environment, understanding your assets, identities, and AI systems to provide deterministic responses.
• Determining Priority and Business Impact: Hexa AI goes beyond severity scores to help determine business impact, identify priorities, and close critical security gaps. For example, you can upload advisories and ask Hexa AI if your environment is susceptible.
• Automated Workflows and Remediation: Hexa AI can take actions by routing findings to the right owner, creating tickets (e.g., Jira), and, in the future, assisting with patch management – all with human-in-the-loop approval.
• Hexa MCP: For organizations preferring their own AI or specific workflow integrations (e.g., SOAR, Jira), Hexa MCP allows you to bring your own AI and connect with third-party, cross-domain workflows to enhance your security operations.

[00:38:00] Practical Example: Streamlining Response with Hexa MCP

Kenneth demonstrates the practical application of Hexa MCP using a real-world example, showcasing its ability to rapidly assess an organization's susceptibility to a security advisory and prioritize remediation efforts.

• Assessing ASD Advisory: Using an Australian Signal Directorate (ASD) advisory for Active Directory (AD) compromises, Kenneth illustrates how Hexa MCP can automatically analyze an environment against 17 advisories in under 10 minutes.
• Prioritizing with Deterministic Scoring: Hexa AI leverages Tenable's proven deterministic scoring algorithms (AES, VPR) to ground its responses, preventing hallucination and accurately identifying high-impact assets and low-hanging fruits for remediation.
• Automated Ticketing: The entire workflow can automatically create Jira tickets or integrate with SOAR systems, further reducing the disclosure-to-closure time.

[00:43:00] Exposure Management Maturity and Future Outlook

The webinar concludes by outlining an exposure management maturity model, emphasizing the evolving landscape of cyber risk, and providing key calls to action for organizations.

• Maturity Model: Tenable supports organizations at every stage of their security journey, from ad-hoc vulnerability identification to optimized, advanced exposure management across various security domains like identity, AI security, and cloud security.
• Future with EM: The future of cyber security will be characterized by the critical role of AI and automation in closing the disclosure-to-closure gap, increasing regulatory and market pressures, and the convergence of risk domains with demands for real-time business insights.

[00:45:00] Call to Action

To navigate the evolving threat landscape, Ben and Kenneth provide actionable recommendations:

• Ask the Hard Questions: Re-evaluate what you are measuring and what truly matters for your organization's security posture, considering new risks.
• Rethink Risk Metrics: Move beyond traditional CVSS scores to consider how vulnerabilities are exploitable, patchable, and how addressing choke points can maximize security.
• Identify Critical Exposures: Focus on a small set of exposures that pose the most material risk to your business.
• Translate Metrics for the Business: Communicate security metrics in a language that resonates with stakeholders and the board, leveraging tools like CTEM and Lumin exposure view.
• Set a Maturity Goal: Utilize the exposure management maturity model to define and achieve specific security maturity goals for your organization.

Watch the Full Webinar

Discover how Tenable One and Hexa AI can empower your organization to proactively manage cyber exposure and effectively respond to the accelerating pace of AI-driven threats. For further assistance with Hexa AI or transitioning to real-time assessments, please reach out to your Tenable customer success manager.