What's New in Tenable OT Security 3.16: Elevating Building Management System Security and User Experience
Tenable OT Security 3.16 introduces advanced security for building automation systems, a streamlined interface and simplified upgrade process, empowering users to be at the forefront of securing their IT, OT, BMS and IoT assets with confidence.
In today's enterprise organizations, building management systems (BMS) are transforming the way facilities are managed. At Tenable, we understand the critical importance of securing these complex systems, which is why we are thrilled to announce the launch of Tenable OT Security 3.16. This release represents a paradigm shift in securing smart facility operations and combating emerging threats. With expanded BMS security capabilities, you gain unprecedented visibility to proactively manage and secure these often overlooked attack vectors. The new Active Queries configuration interface empowers you with more control over IT and OT queries for safer and more comprehensive visibility. With enhanced vulnerability plugin outputs, you can confidently tackle vulnerabilities and protect your critical assets. Moreover, our commitment to streamlined upgrades ensures you're always at the forefront of OT security.
What’s inside Tenable OT Security 3.16
BMS security for smart buildings
Tenable OT Security 3.16 offers significantly increased support for building automation and control networks (BACnet) and simple network management protocols (SNMP) v1, v2 and v2c, as well as added support for Schneider Electric AS-P (SmartX) controllers. These capabilities offer unparalleled visibility into a broad spectrum of devices across your smart facility, including devices such as heating, ventilation and air conditioning (HVAC) systems, security cameras, lighting controls, access controls and more. With Tenable OT Security 3.16, you can identify, categorize and secure devices effortlessly, ensuring the safety and security of corporate and industrial buildings.
Granular control of active queries for IT and OT devices
Tenable OT Security’s hybrid asset discovery approach passively monitors the network to identify both IT and OT devices. Once assets have been classified, OT devices are queried using a patented technology that communicates with the devices in their native protocols. This unique approach to querying is designed to avoid having active queries disrupt operations. For querying IT devices, Tenable OT Security incorporates Tenable Nessus. With this hybrid approach, Tenable OT Security retrieves extensive asset detail without impacting your systems’ productivity. However, users need the ability to fine tune and manage the various IT and OT queries that support this technique. Tenable OT Security 3.16 gives users a new level of control when querying IT and OT devices. The new Active Queries configuration interface addresses that need. Let’s take a look:
Source: Tenable, August 2023
In Tenable OT Security 3.16, OT queries, Nessus scans and credentialed scans can be found under Active Queries directly on the navigation bar. All of your queries are in one place and easy to find. Next we’ll cover how managing and configuring queries has improved.
Source: Tenable, August 2023
Introducing the "Queries Management Table," where you can easily enable/disable queries, create new queries and edit existing ones, all in one location, empowering you with more granularity than ever before.
Source: Tenable, August 2023
Now, you can tailor your queries to fit your exact needs. For example, you can specify query types, target specific asset groups and set restrictions for “off-limit” devices. Additionally, you can create custom schedules so queries can initiate during off-peak hours, streamlining your workflow and minimizing the impact to network bandwidth.
Enhanced vulnerability descriptions and plugin outputs
Tenable OT Security has always provided you with the best plugin coverage. Now, we’re able to give you plugin output details directly in the affected asset screen, giving you access to a depth of information that can help you quickly identify device vendor, family, model and firmware version.
Source: Tenable, August 2023
In the example above, you can see the vulnerability plugin description and details for one of the recently disclosed vulnerabilities in Rockwell Automation’s Allen Bradley ControlLogix Communication Modules (CVE-2023-3595).
Source: Tenable, August 2023
As mentioned earlier, on the “affected assets” screen we can see the specific plugin outputs, including vendor, family, model and firmware version. Tenable OT Security 3.16 gives you the ability to view the plugin output text for specific checks, giving you deeper visibility into the nature and severity of identified vulnerabilities, equipping you with the knowledge to make informed decisions and take targeted actions. Stay ahead of vulnerabilities, streamline remediation efforts, and safeguard your OT environment from possible exploits.
Streamlined upgrades
Complex upgrade paths and version compatibility challenges are all too familiar in on-premises software. In Tenable OT Security 3.16, we’re making the upgrade process easier than ever.
Source: Tenable, August 2023
Today’s threat landscape requires security professionals to ensure the latest version of their security software is running. Starting with 3.16, Tenable OT Security will provide a fast-track to upgrading. As the image above shows, users of Tenable OT Security 3.11 onward will now be able to perform a direct upgrade to the current release — making upgrading easier than it’s ever been.
Additional capabilities and enhancements in Tenable OT Security 3.16 include:
- Centralized sensor updates
- Additional vendor and protocol support
- The ability to collect limitless details from networked devices supporting SNMP in a customizable way
To get all the details on what’s new and improved, please see our latest release notes.
Schedule your free consultation and demo
With Tenable OT Security 3.16, organizations can embrace the future of building automation security with peace of mind and unrivaled protection. Upgrade to the latest version of Tenable OT Security today and unlock the power of these enhanced features.
Want to see what Tenable OT Security can do for your organization? Schedule a free consultation to check out a demo and discuss how we can help you improve your security program and results.
For more information about Tenable OT Security, visit www.tenable.com/products/tenable-ot or view the video below:
Learn more
- Attend the Customer Update Webinar
- Read the Release Notes
- View the Press Release
- Join us for In the Lab with Tenable OT Security
Related Articles
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates
October 25, 2024Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.
CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud
October 23, 2024Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates
October 25, 2024Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.
How To Protect Your Cloud Environments and Prevent Data Breaches
October 24, 2024As organizations create and store more data in the cloud, security teams must ensure the data is protected from cyberthreats. Learn more about what causes data breaches and about the best practices you can adopt to secure data stored in the cloud.
- IT/OT
- Exposure Management
- OT Security