Maher Jadallah, the Senior Director of Middle East and North Africa at Tenable, says that harnessing the power of AI enables security teams to work faster, search faster, analyse faster and ultimately make decisions faster

Tell us about the cybersecurity trends for 2024.
The United Arab Emirates is focused on becoming a global hub for business and innovation which is driving digital transformation in the region. This has led to rapid adoption of cloud technologies. A recent report from McKinsey & Company suggests that cloud services could deliver as much as $183 billion in value by 2030, generated from creating and scaling new products. In tandem, the convergence of IT, OT and the Internet of Things (IoT) is powering today’s modern infrastructure.

Against this backdrop, the cyber threat to organisations has significantly increased with the head of cybersecurity for the UAE government warning that the public sector alone faces nearly 50,000 cyberattack efforts every day. To mitigate the risks, it is essential to gain full visibility into both IT and OT environments and determine where vulnerabilities exist. Tenable’s solutions empower organisations to anticipate attacks and reduce cyber risk wherever it resides.

What is the theme of your participation at GISEC 2024?
The infrastructure that underpins organisations today has experienced dramatic transformation with automation driving progress. The convergence of IT, Operational Technology (OT) and the Internet of Things (IoT) is powering today’s modern infrastructure. Attackers see many ways and multiple paths through technology environments to do damage to organizations. Organizations aren’t helpless. To secure the modern attack surface security teams need a unified approach to security that transcends silos.

Understanding attacker behaviour helps inform security programs and prioritize security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents. At GISEC, Tenable will be showing security professionals how they can focus on what matters most, harnessing the power of prioritization and deep context across all infrastructure components, to identify toxic combinations (a mix of access privileges that create unintended levels of risk) that pose the greatest threat.

The team will explain how to gain full visibility into both IT and OT environments — of IT and OT assets, IoT, Building Management Systems, and everything in between, the interdependencies that exist for critical functionality, and determine where weaknesses and vulnerabilities exist. This intelligence accelerates remediation efforts that can reduce business risk. As part of GISEC, on 23 April from the Critical Infrastructure stage, Marty Edwards, Tenable Deputy CTO – OT/IoT, will participate in a CISO panel discussion titled “Capitalizing on AI & ML to Address Cyber-Security Challenges in the Energy Sector”. Edwards will also present a talk titled, “Successfully Integrating OT Information into Your CISOs Security Program”’.

Which products and solutions will you be showcasing at GISEC 2024?
At GISEC, Tenable will showcase its exposure management solutions that illuminate the attack paths that exist within organizations’ infrastructure, across IT and operational technology (OT) environments, before threat actors can exploit them. Demonstrations will be available from booth C98 in Hall 5 of:

1. Tenable One Exposure Management Platform — combines risk-based vulnerability management, web application security, cloud security and identity security.
2. Tenable Cloud Security — a multi-cloud solution that simplifies cloud complexity and, through precise contextual analysis, enables teams to efficiently identify and address accurately prioritized security gaps.
3. Tenable OT Security — an industrial security solution that identifies assets in the OT environment, communicates risk, prioritizes action and enables IT and OT security teams to work better together.
4. Tenable Identity Exposure — a fast, agentless Active Directory (AD) and Azure AD security solution that allows organizations to see everything in their complex AD environment, predict what matters to reduce risk and eliminate attack paths before attackers exploit them.

Is there a skills gap in the cybersecurity industry? What needs to be done to bridge that gap?
While the technology skills gap has been a recurring challenge for many years, recent reports suggest that this is particularly true in the cybersecurity sector. Organizations often share that resources are constrained by a lack of ‘good people’ to hire. Generative AI can and is being used by cybersecurity professionals. There is a learning curve and we’re on the cusp of understanding what AI is capable of.

With generative AI — such as Google Virtex AI, OpenAI GPT-4, LangChain and many others — it is possible to search for patterns, to return new intelligent information in minutes in simple language even non-technical people can understand, that helps decide what actions to take to reduce cyber risk. It is being harnessed by defenders to power preventive security solutions that cut through complexity to provide the concise guidance defenders need to stay ahead of attackers and prevent successful attacks. Harnessing the power of AI enables security teams to work faster, search faster, analyse faster and ultimately make decisions faster. For security, these insights will continue to become more accessible and capable of turning anyone into expert defenders.