Tenable Tuesday announced the general availability of Tenable One, a unified exposure management platform designed to meet the changing needs of the modern cybersecurity professional by offering a holistic view of both on-premises and cloud-based attack surfaces.The modern cybersecurity attack surface is complex, fast-changing, and involves a panoply of different target systems and users that are all interconnected in a range of ways. Modern cybersecurity measures, on the other hand, are, all too often, architected just as they have been in the past, leading to major challenges in combating threats, according to a white paper Tenable released along with its new product.The idea behind Tenable One is straightforward\u2014it\u2019s a cloud-based system that pulls in data from diverse types of systems that track a company\u2019s digital assets and identify vulnerabilities, allowing cybersecurity professionals to gain a much clearer picture of their own exposure to cyberthreats, using cloud versions of the company\u2019s existing web app scanning, cloud analysis suite, and Active Directory protection.In addition, the system provides options for visualizing security risks, applies predictive analytics to identify potential areas of exposure, and analyzes attack paths through various assets in an organization.Exposure management platform aggregates security dataThe product has three core features. First, its Lumin Exposure View, which aggregates data from the company\u2019s aforementioned security products to provide a single-pane view into an organization\u2019s overall vulnerability score, presented as a \u201ccyber exposure\u201d number. Second, Attack Path Analysis uses analytics to map vulnerabilities in one system or app onto the rest of the system, letting organizations gain insight into what, exactly, is vulnerable if a particular security hole is exploited on their systems. Finally, the company\u2019s External Attack Surface Management program analyzes metadata about all of a company\u2019s internet-connected assets\u2014including performing inventory on devices that a security team might have missed\u2014to offer greater visibility into risk posture.At launch, the company said, Tenable One will only aggregate data from its own security products, but it said that the plan is to add more data ingestion options for other companies\u2019 products. It\u2019s being sold through resellers like IBM, Verizon and CDW, and priced based on the number of assets and apps that a given company wants to manage.Everything from web applications and identity management systems to cloud assets is under threat, but each of those systems generally requires its own, dedicated security framework in order to keep it secure. That makes the cybersecurity professional\u2019s task enormously complicated, according to Tenable, which in its white paper cited three key concerns that must be addressed by security teams.First, Tenable wrote, security programs are generally reactive in nature, when they would be far more effective if they were proactive. The ability of active measures\u2014 which include mapping the interconnections between users and systems, seeking out potential vulnerabilities on a proactive basis, and tweak privilege levels to where they should be\u2014to protect a company\u2019s IT infrastructure is frequently hampered by an overemphasis on the reactive side of the equation. (SOC analysis, incident responders and the like fall into this category.)Second, according to the report, the nature of cybersecurity applications, which tend to be designed to address one particular security issue, limits their effectiveness.\u201cThere are many valid reasons from an organizational structure standpoint for security programs to be siloed,\u201d Tenable said. \u201cBut a security program built upon a hodgepodge of technologies, all of which serve a bespoke function, makes it virtually impossible for security teams to reduce risk.\u201dFinally, all of those technologies generate information, creating a cascade of data that can be unwieldy\u2014or even impossible\u2014to work with. The report\u2019s authors said that, too often, security teams area reduced to \u201cdumping the data into spreadsheets,\u201d which is simply insufficient for the task.Tenable One\u2019s standard version includes the company\u2019s .io cloud analysis suite, web app scanning, cloud security posture monitoring, Active Directory security, and Lumin exposure view. The enterprise version tacks on the attack path analysis feature and external attack surface management features. The standard version will replace Tenable.ep for all customers, who will be automatically enrolled.