How to discover and continuously assess your entire attack surface

Integrate insights and findings into a Cyber Security Roadmap that will ensure your organisation has a long-term plan for optimised IT investments.

Given the recent cyber security threats such as “Wannacry”, “Printnightmare”, and “Log4J” that have caused significant harm to businesses and IT teams, it’s crucial that we constantly monitor and assess our systems for vulnerabilities. The National Vulnerability Database (NVD), maintained by the U.S. government, contains a comprehensive collection of standards-based vulnerability management information. The latest report showed over 176,000 vulnerabilities, with 8,051 reported in the first quarter of 2022.

Some vulnerabilities enable external attackers to gain unauthorised access to your systems, like what happened with Log4J. Other vulnerabilities and their associated risks may not be as apparent, and some do not allow direct access from external sources, but they can be used to escalate privileges within the system as part of a larger attack.


Given the ongoing, ever-evolving nature of threats, how do we respond?

In a related blog we cited the ISC 2022 cyber security Workforce Study which reported a stark increase in the shortage of cyber security professionals recently. Your already stretched IT Team needs to find a way to deal with this quickly evolving threat landscape – especially the constant changes in how employees work and interact with data, and the rapid speed of change around applications and supporting business requirements that are supposed to be keeping up with this deluge of vulnerabilities.

This very complex challenge has a fairly simple remedy and is being delivered to Australian mid-market organisations in a strategic alliance between Tenable and Tecala.

For those interested in the detail, here’s how it works

So, what’s the solution? How can meaningfulness be enhanced while at the same time all essential work is completed? The first step is to be aware that the disparity exists in the first place.

In a positive sign, increasing numbers of employers are conducting regular staff sentiment surveys to better understand the mindset of employees. Such surveys (usually anonymous) can give valuable insights into issues such as the prevalence of meaningful work.

This, in turn, can encourage management teams to develop initiatives that create a more meaningful work environment. Unfortunately, however, this is not always an easy thing to achieve.

According to a recent report from PwC it is “rarely second nature for leaders to focus on making jobs fulfilling.”

The report says that doing so requires “deep empathy on the part of managers and the ability to translate the company’s overall purpose into specific actions and behaviours, so that employees can see how their work contributes to that purpose”.

This can often be easier said than done, but that shouldn’t deter managers from trying. It’s even more important at a time when finding and retaining good staff is particularly challenging.


Tenable’s ‘Vulnerability management Platform’

The Tenable ‘Vulnerability Management Platform’ enables organisations to gain visibility across the modern attack surface, and to focus efforts on preventing likely attacks and accurately communicate cyber risk to support optimal business performance.

When a new vulnerability is found, one of the most immediate and important tasks is to identify if/what systems are impacted, and therefore what effort is required to remediate and secure your environment. Given the critical nature of most vulnerabilities, these tasks must be done typically within 24hrs.

Tecala’s Managed Cyber Security Service is operated through our Australia-located and fully-owned SOC – with a team of Cyber Experts always on hand to track your organisation’s activities to determine risk, and then report and prioritise remediation across your business.

The service combines the broadest vulnerability coverage spanning IT assets, cloud resources, containers, servers, platforms, and network appliances. It builds on the speed and breadth of vulnerability coverage from Tenable Research and adds comprehensive analytics to prioritise actions and communicate cyber risk.

This allows our clients to:

Gain comprehensive visibility across the modern attack surface
Anticipate threats and prioritise efforts to prevent attacks
Communicate cyber risk to make better decisions

Our cyber security roadmap ensures the ongoing efficacy of your IT investments.

Tecala then feeds this information and insight into your cyber security roadmap to tailor a security journey to your organisation’s needs over the next couple of years. The review is aligned to a threat mitigation framework – either the Essential Eight or the CIS Controls.

While you can buy and implement vulnerability scanning (or in fact any security solution) yourself, without the industry understanding and experience of Tecala it’s unlikely you’ll be able to realise the full potential of that investment.

We jointly determine the level of maturity that your organisation is targeting and create a security strategic roadmap to take you from where you are now to where you want to be. If you want to go even further, the roadmap can be extended with medium-to-long term actions matched to the level of investment you are comfortable making.

This approach allows us to rapidly deploy and customise solutions to the specific requirements you may have, while ensuring that all guiding security frameworks and their particular needs are considered during the deployment and lifecycle of the solution.



Tecala delivers on-demand penetration testing and deep visibility into your threat landscape – with Threat Intelligence’s EvolvePT

Utilising this automated and AI-empowered platform, we understand and continually validate your environment against critical compromises, known attacks and vulnerabilities.



The top 5 challenges to securing your organisation from cyber attack

As the cyber security challenge escalates, we explain how our Managed Cyber Security Services deliver expertise on demand to stay ahead of the threat actors