Microsoft and Tenable on Thursday announced a partnership to integrate their technologies as part of an effort to meet the zero-trust goals of the Biden administration’s executive order on cybersecurity.
The two companies plan to integrate Tenable.io with Microsoft Defender for Cloud and Microsoft Sentinel solutions to support vulnerability assessments for hybrid cloud workloads that use FedRAMP.
“The White House’s Cybersecurity Executive Order focuses heavily on zero-trust initiatives,” said Glen Pendley, chief technology officer at Tenable. “Zero trust requires a foundation of strong cyber hygiene, with accurate visibility into all of the organization’s assets — IT, cloud, operational technology, internet of things — and continuous monitoring of user profiles and privileges.”
Pendley added that both Microsoft and Tenable are alliance partners in the Joint Cyber Defense Collaborative (JCDC) established by the Cybersecurity and Infrastructure Security Agency (CISA) to strengthen national cyber defense. This new collaboration between the two companies supports the EO and CISA, both with respect to JCDC and Shields Up, with an eye towards helping federal agencies advance their zero-trust objectives.
Frank Dickson, who covers security and trust for IDC, said while zero-trust is a wonderful goal in that instead of assuming everything behind the corporate firewall is safe, the zero-trust model implements least privileged access, assumes breach, and verifies each request as though it originates from an open network.
“The problem arises in the reality of implementing zero trust in our hybrid, multi-cloud environment with users and data seemingly everywhere,” said Dickson. “Integration and automation may be the actual foundation of zero trust. The initiative of Microsoft and Tenable may be illustrative of the most important tenant by making zero trust actionable through integration.”
Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, said the EO issued by President Joe Biden last year outlined numerous steps that would assist organizations working with the federal government to lower their cyber risk.
The EO included the introduction of software bills of material (SBOMs) and implementing zero-trust security models.
While these initiatives are important, Morgan said realistically, such significant changes take time.
“Several attacks against critical national infrastructure targets in 2021 demonstrated that focusing on basic security cyber hygiene principles can often go a long way,” Morgan said. “These practices include ensuring two-factor authentication is enabled wherever possible, minimizing the attack surface of remote services, taking a risk-based approach to vulnerability management, and regularly patching high-risk vulnerabilities. These simple steps can significantly improve cyber resilience and minimize the likelihood and impact of malicious activity.”