Tenable launches OT discovery tool for exposure management

Tenable has launched an OT asset discovery engine for its exposure management and vulnerability management products, aiming to bring cyber-physical systems into a single view of cyber exposure.

The new feature, VM-Native OT Discovery, is available to customers of Tenable One, Tenable Vulnerability Management and Tenable Security Centre. It is designed to identify operational technology, internet-connected devices and shadow IT assets without separate hardware, additional agents or add-on software.

The launch reflects a broader shift in cyber security as IT teams take greater responsibility for systems outside conventional enterprise networks. These can include factory-floor equipment, building management systems, office devices such as printers and badge readers, and data centre infrastructure.

Security teams have often struggled to gain visibility into these environments because existing approaches can require specialist sensors, new software deployments and operational trade-offs around disruption. By integrating OT discovery into its existing products, Tenable is aiming to lower the barrier for organisations seeking a starting point to identify cyber-physical assets and associated risks.

Tenable cited early access deployments across hospitality, financial services, education, food and beverage, and government. In those initial roll-outs, customers found previously unknown OT and IoT assets, with most uncovering between 100 and more than 1,000 unique devices, including some with critical vulnerabilities.

Growing exposure

The move comes as organisations face a broader attack surface where corporate IT networks and operational systems intersect. Tenable pointed to industry research showing that more than half of Chief Information Security Officers now oversee OT security, while a significant share of OT compromises originate in IT environments.

That convergence has raised the profile of cyber-physical security in sectors not traditionally seen as industrial. Hotels, campuses, office estates and public sector bodies now operate growing numbers of connected devices and control systems, creating security blind spots when they are not inventoried and monitored.

The discovery engine is intended to help organisations meet compliance and audit demands tied to cyber-physical systems. According to Tenable, the feature identifies device attributes including vendor, model, firmware, backplane details and running state.

Product positioning

The launch also reflects an effort to extend exposure management beyond traditional IT assets and cloud infrastructure. Tenable said the OT discovery function feeds data into the Tenable One platform, allowing security teams to view exposure across AI, IT, cloud, identity and OT environments in one place.

For customers with more advanced needs, Tenable continues to offer its separate Tenable OT Security product, focused on continuous monitoring and threat detection in cyber-physical environments. The new discovery engine is positioned as an entry-level option for organisations that want immediate visibility before adopting more specialised OT security tools.

Analyst concern about cyber-physical security has grown as attacks on connected operational systems increase and regulation tightens around critical services and infrastructure. Tenable referenced Gartner research saying that cohesive exposure management and visibility across cyber and cyber-physical environments are becoming an operational requirement.

Tenable, which says it serves more than 40,000 customers worldwide, has been expanding its platform around the idea that organisations need a unified view of weaknesses across different technology domains. OT has often remained a gap in that model because many businesses treat operational systems separately from mainstream cyber security operations.

Eric Doerr, Chief Product Officer, Tenable, said the goal was to bring those systems into scope without adding complexity. "Cyber-physical risk can't remain a blind spot in exposure management. We're giving organisations an immediate, low-friction way to bring OT into scope, so they can gain visibility, meet compliance requirements and start reducing risk from day one, without adding new infrastructure," he said.

He added that larger or more complex environments may still require a dedicated OT security deployment. "For existing customers with more complex use cases, we offer Tenable OT Security, a comprehensive OT solution that delivers visibility, security and control for proactive risk reduction across today's rapidly converging OT/IT environment," Doerr said.