At GISEC 2025, Walid Natour, Manager – Engineering Sales, Tenable, shares with Sanjay Mohapatra how Tenable is helping enterprises in the Middle East manage complex cyber risks through unified visibility and exposure management.
Great to have you with us at GISEC 2025. How has your experience been so far?
It’s always great to be at GISEC. It’s a flagship event in the region that brings together vendors, customers, and security professionals under one roof. It allows us to engage with customers, understand their challenges—both technical and business—and help them explore how they can improve their security posture and reduce business risks.
Cloud adoption in the Middle East is growing rapidly, especially with hybrid and multi-cloud environments becoming the norm. What are the major security challenges enterprises face in this context?
You’re absolutely right—the region is seeing rapid adoption of cloud, and not just with one provider. Organizations are using multiple platforms like AWS, Microsoft Azure, and Google Cloud Platform. While this is great for flexibility, it creates complex environments where visibility becomes a major issue.
Without knowing what assets you have across these environments, you can’t secure them. One of the biggest risks is misconfiguration—especially with identities and permissions. Cloud perimeters aren’t like traditional networks; they’re closely tied to identities. We often see over-permissioned accounts and poorly configured privileges that attackers can exploit.
At Tenable, we address this by providing unified visibility across all these assets and identities. We simplify cloud security by integrating identity management, visibility, and risk remediation into a single platform to help organizations secure their environments effectively.
“We help organizations understand not just the presence of risk but the path of an attack—from a public-facing asset all the way to a sensitive internal system.” – Walid Natour, Manager – Engineering Sales at Tenable
We’re also seeing growing convergence between IT and OT environments. How is Tenable approaching the security challenges that come with IT-OT integration?
That’s a key area of focus for us. OT systems were traditionally designed for operational efficiency, not cybersecurity. But now, we’re seeing these systems becoming interconnected with IT infrastructure, which creates new vulnerabilities.
For example, if an attacker gains access through an OT system, they could move laterally into the IT network—or the other way around. That’s why visibility into the OT environment is critical: to know what assets you have, what risks they pose, and how they interact with IT.
Tenable’s OT security solution integrates with our IT security tools, offering a unified view. This gives CISOs and security teams a complete understanding of how an attack might spread, where it could go next, and what the potential business impact could be. We provide one dashboard, one reporting engine, and one strategy—because attackers don’t differentiate between IT and OT, and neither should your security program.
Traditionally, OT security has been associated with sectors like oil and gas. Are you seeing demand for OT solutions across other verticals in the region?
Absolutely. OT is no longer confined to just energy or manufacturing. It’s everywhere. High-rise buildings in Dubai have elevator control systems—that’s OT. Hospitals, medical equipment factories, logistics centers—all of them rely on operational technologies.
What’s changed is that these systems are no longer isolated. They’re being integrated with other networks, which increases their exposure. That’s why securing OT has become a priority for organizations across all sectors. And at Tenable, we’re seeing increased interest from clients who want holistic visibility across both OT and IT.
Tell us more about Tenable’s overall approach to managing cyber exposure. What’s the platform strategy, and how is it helping businesses?
Today’s attack surfaces are vast and fragmented. You have on-prem systems, cloud workloads, OT devices, containers, web applications, and identities. Managing each of these areas in silos with different tools just creates complexity and blind spots.
Tenable’s approach is centered on exposure management—bringing all these domains together under one platform. Our platform gives organizations unified visibility across their entire digital ecosystem. It’s powered by AI and analytics to understand how different vulnerabilities and assets are connected.
For example, if you have a public-facing storage bucket with excessive permissions, our platform maps how that could be exploited—what systems it connects to, what identities are involved, and how an attack could unfold. This helps prioritize the risks that matter most and accelerates remediation.
You mentioned AI-powered exposure management. How does that work in practice?
It’s about understanding the attack paths—how an attacker could move from an initial entry point to a critical asset. AI helps us analyze relationships across systems, identities, and permissions.
Let’s say you have an exposed web app that connects to a cloud environment with a misconfigured identity. Our platform maps that journey and shows you how a small vulnerability could lead to a serious breach. This context is critical because it helps you act faster and more effectively.
Exposure management isn’t just about detecting vulnerabilities—it’s about understanding their impact on your business and prioritizing them accordingly.
Many cybersecurity vendors are now positioning themselves as “platform companies.” How is Tenable’s platform different?
Great question. Platformization isn’t just a trend—it’s a necessity. Most organizations today use separate tools for OT, IT, identity, cloud, and so on. But those tools don’t talk to each other. The result is fragmented data, increased complexity, and limited visibility.
Tenable’s platform brings everything together—assets, identities, vulnerabilities—into a single pane of glass. It helps CISOs, security teams, and even boards understand the organization’s true risk posture.
t’s not about collecting more data—it’s about connecting the dots. When you can see how a misconfigured identity links to an unpatched server or an exposed OT device, you can prioritize remediation based on real business risk.
As we wrap up, what’s your key message to enterprises in the MEA region looking to strengthen their cybersecurity in 2025?
My message is simple: focus on visibility, context, and unification. Whether you’re dealing with cloud, IT, or OT environments, you need a unified view of your attack surface. Don’t manage risk in silos—bring it all together and make decisions based on a complete picture.
At Tenable, we’re here to support that journey. Our platform helps organizations identify the vulnerabilities that matter most, understand the paths an attacker could take, and reduce cyber risk effectively. It’s about more than compliance—it’s about protecting what matters most to your business.
