Microsoft collaborates with Tenable to support federal cybersecurity efforts
On May 12, 2021, the White House issued Presidential Executive Order (EO) 14028 to establish cybersecurity as a national priority.1 As part of this effort, the White House has called for greater public and private sector collaboration to address the evolving threats facing federal agencies.
In the spirit of the EO and as part of our commitment to enhancing cybersecurity across the United States, we today announce that Tenable has expanded its collaboration with the Microsoft Intelligent Security Association (MISA). Tenable is a pioneer in the risk management market and creator of Nessus, one of the most widely deployed vulnerability assessment solutions in the cybersecurity industry. Together, Microsoft and Tenable will help enhance the United States government’s ability to quickly identify, investigate, prioritize, and remediate threats—and help collectively raise the country’s security posture.
Federal agencies will benefit from the two companies’ tighter collaboration, enhanced information sharing, and integrations. Specifically, Tenable and Microsoft are working together with the intent to integrate Tenable.io with Microsoft Defender for Cloud and Microsoft Sentinel solutions to support vulnerability assessments for hybrid cloud workloads that use FedRAMP moderate.
“The White House’s Cybersecurity Executive Order focuses heavily on Zero Trust initiatives,” said Glen Pendley, Chief Technology Officer, Tenable. “Zero Trust requires a foundation of strong cyber hygiene, with accurate visibility into all of the organization’s assets—IT, cloud, operational technology (OT), internet of things (IoT)—and continuous monitoring of user profiles and privileges. Furthermore, both Microsoft and Tenable are alliance partners in the Joint Cyber Defense Collaborative (JCDC) established by the Cybersecurity and Infrastructure Security Agency (CISA) to strengthen national cyber defense. Our collaboration with Microsoft supports the EO and CISA, both with respect to JCDC and Shields Up, helping federal agencies advance their Zero Trust objectives and improve resilience.”
Working together to advance agencies’ Cyber EO journey
The new capabilities forged by the Microsoft and Tenable collaboration will help agencies better orchestrate and unify the approach to security and vulnerability management and accelerate modernization in alignment with Cyber EO milestones, notably Sections 2, 3, 6, and 7.
To remove barriers to threat information as outlined in Section 2, Tenable will join as one of many independent software vendors and managed security service providers that have integrated their solutions with Microsoft’s to better defend against a world of increasing threats.
To support Section 3, Microsoft and Tenable are already collaborating with the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) to develop practical, interoperable approaches to designing and building Zero Trust architectures and help shape the NIST cybersecurity practice guide.2
Experts from Microsoft and Tenable will also lend best practice recommendations to CISA to standardize the federal government’s playbook for responding to vulnerabilities and incidents as outlined in Section 6.
Lastly, to improve the detection of cybersecurity vulnerabilities and incidents on government networks according to Section 7, the companies intend to mutually integrate Tenable.io with Microsoft Defender for Cloud for hybrid and multicloud agent deployment and to deliver a consolidated security recommendations view. Further, mutual integration between Tenable.io with Microsoft Sentinel, Microsoft’s cloud-native security information and event manager (SIEM) solution, is intended to help Tenable automatically feed into existing vulnerability management as agencies spin up new workloads in the cloud. This capability will be engineered to aggregate logs so top-level agencies can visualize security risks across Tenable.io and Microsoft Defender for Cloud in one place to improve threat hunting with and across agencies. Tenable will work with Microsoft to secure organizations’ on-premises, hybrid, and cloud-native Microsoft Azure Active Directory implementations in the federal space.
Microsoft’s collaboration with Tenable will strengthen agencies’ ability to identify and respond to risk at scale and extends beyond government.
To learn more about how Microsoft is bringing together public and private sector leaders to increase cyber resilience, visit our Cyber EO resource center.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1 The Cybersecurity Executive Order: What’s Next for Federal Agencies?, Jason Payne. June 17, 2021.
2 Implementing a Zero Trust Architecture, National Cybersecurity Center of Excellence.
READ MORE HERE