惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
A
About on SuperTechFans
IT之家
IT之家
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
Vercel News
Vercel News
G
Google Developers Blog
J
Java Code Geeks
宝玉的分享
宝玉的分享
T
Tailwind CSS Blog
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
MyScale Blog
MyScale Blog
H
Heimdal Security Blog
PCI Perspectives
PCI Perspectives
Attack and Defense Labs
Attack and Defense Labs
S
Security @ Cisco Blogs
Latest news
Latest news
I
Intezer
L
Lohrmann on Cybersecurity
C
CXSECURITY Database RSS Feed - CXSecurity.com
月光博客
月光博客
T
Threatpost
博客园 - 【当耐特】
S
Schneier on Security
P
Privacy International News Feed
G
GRAHAM CLULEY
T
Tenable Blog
AWS News Blog
AWS News Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
博客园 - Franky
Engineering at Meta
Engineering at Meta
美团技术团队
S
Secure Thoughts
T
Troy Hunt's Blog
Microsoft Security Blog
Microsoft Security Blog
SecWiki News
SecWiki News
V
Visual Studio Blog
人人都是产品经理
人人都是产品经理
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Cisco Talos Blog
Cisco Talos Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Martin Fowler
Martin Fowler
Webroot Blog
Webroot Blog
Google DeepMind News
Google DeepMind News
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Tenable Blog

SharePoint CVEs FAQ: CVE-2026-56164, CVE-2026-32201, CVE-2026-45659 | Tenable® Build agentic AI security at Tenable Swarm, Black Hat 2026 SonicWall CVE-2026-15409 and CVE-2026-15410 zero-day exploited | Tenable® Understanding Anthropic’s new AI agent Claude Tag’s access model in Slack 5 reasons to integrate AppSec data with your exposure management platform July 2026 Patch Tuesday: Largest Patch Tuesday 569 CVEs FedRAMP High, IL5, and zero trust: How federal agencies can secure cloud environments OMB M-26-14: Why federal agencies must fix asset visibility first CISO’s guide to CISA BOD 26-04 and risk-based security metrics for vulnerability management How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it. The Developer Credential Economy: An inside look at the Miasma worm campaign Oracle Critical Security Patch Update June 2026 | Tenable® How Tenable helps federal agencies comply with CISA BOD 26-04 Get critical cyber risk context: Understanding control validation, CTEM & Tenable One CISA BOD 26-04: Frequently asked questions about the new risk-based patching directive Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507) The June 2026 AI Executive Order: What federal agencies need to know and how Tenable can help Tenable joins Anthropic’s Project Glasswing to advance AI-era cyber defense Tenable CTO Vlad Korsunsky Q&A: Countering AI threat multipliers with AI-powered exposure management | Tenable CTO Q&A: C-suite views AI as massive threat, as cyber teams adopt exposure management to counter AI attacks Oracle May 2026 Critical Security Patch Update Addresses 35 CVEs Download pumping: New npm deception technique for supply chain attacks Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect EXPOSURE 2026 prepares cybersecurity professionals for the AI era Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign CVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004) Tenable One deepens third-party integrations with new Open Connector for unified risk visibility Implement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed Key findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182) Bring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assets Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalation Securing data centers in the agentic AI era Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103) Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chain Why the approaching flood of vulnerabilities changes everything — and what to do about it The AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026. Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place. Security for AI: A strategic framework for closing the AI exposure gap Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI Bridging the gap: How to integrate Claude Security into the Tenable One Exposure Management Platform Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability Mastering agentic AI security through exposure management As the NVD scales back CVE enrichment, here’s what Tenable customers need to know Five steps to become Mythos ready Oracle April 2026 Critical Patch Update Addresses 241 CVEs Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201) Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild The developer credential economy: Why exposure data is the new front line in the supply chain war Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 Supply chain attack on Axios npm package: Scope, impact, and remediations What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection Security for AI: A guide to managing the risks of vibe coding and AI in software development Meet Tenable Hexa AI: Agentic AI for exposure management
Unlocking foundational visibility for cyber-physical systems with OT vulnerability management
2026-04-15 · via Tenable Blog

Stop managing risk in silos. VM-Native OT Discovery, now available in Tenable Vulnerability Management and Tenable Security Center provides unified visibility across IT and OT domains. See every asset and manage your total cyber exposure in a unified view.

Key takeaways

  1. The air gap is dead. IT security teams are inheriting responsibility for operational technology (OT), but often lack visibility into these systems.
     
  2. Security teams face significant barriers with OT security. Fear of disrupting fragile devices and the high cost of specialized hardware have created a dangerous "black box" in the attack surface.
     
  3. The perfect “on-ramp” to OT security. A new OT Discovery engine embedded in Tenable Vulnerability Management and Tenable Security Center allows security teams to safely profile OT, IoT, and shadow IT assets using the tools they already own.

For decades, the concept of the "air gap" — a physical isolation between IT networks and critical operational technology (OT) — provided security leaders with a sense of comfort. The assumption was simple. Digital threats stay on the corporate network, while physical operations run safely in isolation.

In today's hyper-connected world, that assumption is often wrong and leaves your OT environment exposed to preventable cyber risk.

From modern data centers and smart hospitals to commercial real estate and universities, the line between the digital and the physical has blurred. IT security teams are increasingly inheriting responsibility for securing cyber-physical systems (CPS) — the HVAC controllers keeping servers cool, the badge readers securing facility entrances, and the power distribution units keeping the lights on.

Yet, for many organizations, these OT assets are a massive blind spot.

The "black box" problem

While vulnerability management programs have matured rapidly for IT assets, covering everything from cloud workloads to laptops, operational environments are often a "black box."

This visibility gap usually stems from two distinct barriers:

  • There is a pervasive (and historically valid) fear that scanning OT/IoT assets with traditional IT security tools could knock fragile devices offline, disrupting critical business operations.
     
  • Traditional OT security tools often require a massive undertaking. The complexity and cost of deploying expensive specialized hardware, managing long-term evaluations, architecting complex mirror ports, and navigating the political minefield of installing new appliances in sensitive production environments make these projects difficult to justify.

The result is a dangerous paradox. Security teams are responsible for the risk of interconnected systems, but don’t have the tools to see or secure them. Attackers, however, face no such barriers, frequently pivoting from compromised IT networks to poorly defended OT assets to maximize impact.

Rethinking converged OT/IT security

To secure the modern attack surface, organizations must stop managing IT and OT risk in silos. Security leaders need a unified view that treats a vulnerability on a programmable logic controller (PLC) with the same rigor and context as a vulnerability on a Windows server.

Achieving this requires a fundamental shift in how we approach asset discovery. Security teams need streamlined methods that provide the necessary depth of OT visibility for compliance and risk reduction, without the friction of deploying hardware across physical sites. They need a way to safely seeshadow OT assets using the infrastructure already in place.
 

Tenable’s research and testing lab for operational technology (OT)

Image: A segment of Tenable’s research and testing lab for operational technology (OT).

Introducing VM-Native OT Discovery

Our latest release fundamentally changes the economics and accessibility of OT security tools. We are excited to announce OT Discovery, a new capability embedded directly inside the Tenable One Exposure Management Platform that provides security teams with foundational visibility into OT and IoT environments. It’s the perfect on-ramp to OT security, so you can uncover hidden OT risks and deep asset-level details. 

Here is how it changes the game for your security program:

  • Safe visibility for cyber-physical systems. OT Discovery uses the same Active Query engine found in our specialized Tenable OT Security solution—now natively integrated into Tenable Vulnerability Management and Tenable One. It performs "smart," protocol-aware handshakes to verify assets before querying them so you can safely profile PLCs, human-machine interfaces (HMIs), IoT devices, and shadow IT assets across your environment.
     
  • Unified OT/IT exposure management. By integrating OT asset data, including vendor, model, and firmware details, directly into your existing dashboards, you can break down silos and view your organization's total risk exposure in a single pane of glass.
     
  • Extend the value of your security investments. No need to rip and replace or install new hardware. This capability enables you to extend the value of your existing vulnerability management toolsets to uncover the OT risk hiding on your network.

Breaking down silos across IT and OT

Adopting a unified approach to OT/IT exposure management builds trust.

Historically, the relationship between IT security and facility operations teams has been strained. IT wants to scan and patch known vulnerabilities. Operations teams require uptime and stability. When IT security teams try to enter the OT space with aggressive scans or unfamiliar hardware, friction is inevitable.

VM-Native OT Discovery changes the conversation. Because Tenable relies on trusted, safe query methods through familiar infrastructure, the security team can approach the ops team with reliable data and real-time exposure intelligence.

Instead of asking, "Can we install a black box on your network?" you can say, "We noticed three unmanaged PLCs communicating on the subnet. Here is exactly what they are. Let’s work together to secure them now rather than waiting 6-12 months to patch during the next maintenance interval."

Get started with OT security today

OT security is no longer just for industrial giants and organizations managing critical national infrastructure. Every manufacturer, warehouse operator, and organizations smart building management systems face operational risk.

Ready to get visibility into your OT blind spots? You don't need a massive budget or a year-long deployment project to get started. Watch this quick demo to see how you can secure your most critical assets with the vulnerability management tools you already use.
 


Are you an existing Tenable customer? Explore the user guide documentation for Scan Templates and Discovery Settings to get started.

Learn more

Anthony Johnson

Anthony Johnson

Senior Product Marketing Manager

Anthony Johnson leads product marketing and GTM strategy for Tenable’s operational technology (OT) security and vulnerability management practice areas. He focuses on the convergence of industrial innovation and cyber resilience, exploring critical themes such as CPS/IoT security, cloud adoption in OT, and the role of AI in protecting critical infrastructure. Drawing on a diverse background across technology, management consulting and public sector verticals, Anthony provides strategic insights to help organizations drive innovation without compromising security.