Network security company Tenable Inc. today announced that it is enhancing ExposureAI, its generative artificial intelligence service within the company’s exposure management platform, with new features for summarizing relevant attack paths and providing specific mitigation guidance.

The company said that the new features will greatly improve the capability of security teams when it comes to assessing risks as more complicated threat tactics are used in the field. Modern day security professionals are constantly bombarded by ever more complex tactics, techniques and procedures, which force them to constantly stay on their toes and up their game, which also means they must improve their tools.

The new Tenable Attack Path Analysis tool, part of the Tenable One platform, uses generative AI-based capabilities to understand how attackers are attempting to access an organization’s systems and help security teams prepare and build their preventative measures.

Tenable said that includes explainability and summary functionality so that security practitioners can view a textual description of the attack path rather than a technical readout. This provides a comprehensive overview of the entire attack path in a format that is much more easily digested and allows them to more rapidly understand how the attacker can breach the system within the live environment. Combined with access to the reports and the live data, security professionals can then use that to get their jobs done more effectively.

The platform combines the power of generative AI-powered search and conversational capabilities built on Google Cloud, including Gemini models from Google LLC’s Vertex AI.

“When cyber teams examine the risk to their infrastructure and data, often the biggest challenge is deciphering the immediate course of action,” said Glen Pendley, chief technology officer of Tenable. “ExposureAI, with Google Cloud, takes the guesswork out of the process and saves invaluable time in recommending the exact path to remediation.”

The mitigation guidance feature helps automatically determine which patches or versions need updating, or which user or group has unauthorized access. This information is put into the summary and can be related quickly in answers to questions so that it can be easily fixed by security and information technology teams without the need to sift through reports and data.

Even after receiving expert advice, security professionals can access Tenable’s AI assistant, which can be asked specific questions about the summarized attack path. The chatbot can reply with answers about the summary and each node of the attack path interactively to questions such as: “Which vulnerability was used to gain access?” or “Which user group was used to laterally move between assets?”

Tenable says that these new capabilities will provide a clear visibility and succinct analysis of the attack path, combined with mitigation guidance for even complex attack patterns, which will help alleviate the burden on security teams.

“Generative AI is a game changer for cyber defenders; helping them to better protect their organizations against increasingly sophisticated and relentless threats,” said Eric Doerr, vice president of security engineering at Google Cloud. “Integrating our security-specific gen AI models into partner solutions, such as in Tenable’s Exposure Management platform, will further empower defenders to address pressing security challenges and mitigate disruptive cyber risks.”

Image: geralt/Pixabay