How Sanmina Uses Tenable.sc to Prioritize Vulnerabilities and Improve Its Security Posture

Team Tenable

Sanmina’s information security team needed an effective way for hundreds of IT colleagues worldwide to access vulnerability data — while also keeping senior management informed. Here’s how the organization is using Tenable.sc and the Vulnerability Priority Rating.

Sanmina designs, manufactures and repairs complex and innovative optical, electronic and mechanical products for original equipment manufacturers (OEMs) across a range of industries, including communications networks, computing and storage, medical, defense and aerospace, industrial and semiconductor, automotive and clean technology sectors.

The organization has approximately 45,000 employees worldwide. Matt Ramberg, Sanmina’s VP of Information Security, and his three-member team are responsible for securing an expanding mix of assets across some 70 locations worldwide. 

“My top challenge [is] managing a global footprint of nearly 50,000 assets with a small team, all centrally located in the U.S.,” said Ramberg  in an interview with Tenable during the Edge 2019 user conference in May.

While traditional IT assets make up the bulk of Sanmina’s portfolio, Ramberg said the organization is moving toward Industry 4.0 and his team is preparing to accommodate operational technology (OT) such as industrial control systems (ICS), supervisory control and data acquisition (SCADA) software and heating, ventilation and air conditioning (HVAC) systems.

Sanmina uses Tenable.sc (formerly SecurityCenter) with the Vulnerability Priority Rating (VPR) to regularly scan those 50,000 assets and provide vulnerability prioritization data to the company’s field IT teams, which are responsible for remediation. 

“We used to, actually, with our previous tool, generate reports manually and send them to each IT department,” said Ramberg, noting that hundreds of people were receiving the reports. 

“With Tenable.sc we've been able to separate the data into distinct facilities across the organization,” said Ramberg. “It allows each individual team to log in and see their vulnerabilities that need to be remediated. It allows them to prioritize. Tenable will prioritize that data accordingly so they can prioritize and remediate the critical systems, the key systems that need to be tackled first and then react to the other items as necessary.”

VPR, a capability introduced this year in Tenable.sc and Tenable.io, is the output of Tenable’s new Predictive Prioritization offering. Introduced in February 2019, Predictive Prioritization combines Tenable-collected vulnerability data with third-party vulnerability and threat intelligence and analyzes them together using an advanced data science algorithm developed by Tenable Research. The data analysis is used to develop a VPR for each vulnerability. 

“In our previous set up, we didn't have the ability to prioritize vulnerabilities, so these facilities and these IT personnel were just inundated with sheer volumes of data,” said Ramberg. “Now, we can direct them on prioritization — using features such as ‘is the vulnerability exploitable or not?’ — which Tenable provides.” Ramberg noted the IT teams also use Tenable.sc for specific examples of what needs to be done to patch each vulnerability. 

The tool helped the organization achieve a more complete view of its attack surface than was previously possible. “You don't know what you don't know, and Tenable.sc exposed that to us so we knew what to tackle and what we needed to focus on,” said Ramberg. “It's allowed us to identify critical issues that we didn’t know existed until the Tenable scan occurred. We were able to focus our efforts and go tackle those issues before they became widespread throughout the organization.”

How Tenable.sc helps with reporting to the C-suite, the board and customers

Ramberg said he also turns to Tenable.sc when he’s asked to provide metrics to to Sanmina’s CIO and to the board. 

“Prior to Tenable.sc, everything was ad hoc,” said Ramberg. “I didn't have a concise platform to tell me our vulnerabilities and how we're doing within our specific divisions throughout the organization. With Tenable.sc, I now have that data at my fingertips in a single dashboard. Senior management's now able to see the impact of our Cyber Exposure [practice].” 

Meeting the cybersecurity expectations of its customers was a key driver for Sanmina. The organization is often asked to complete cybersecurity questionnaires for existing or prospective clients, noted Ramberg. “When we mention that we use Tenable as our solution for vulnerability management, everybody knows Tenable. It's a very highly respected company. And the questions generally go smoothly…once they know that's in place.”

Asked if he had any advice for peers who may be considering a similar deployment, Ramberg said: “Tenable is a leader in this field. We do a lot of research before we purchase any solutions [and] Tenable came out as the clear choice. It provides actionable results from vulnerability scans and allows the individual facilities to prioritize and remediate as they deem fit based on the vulnerabilities that are discovered in their particular facilities.”

Watch now

Tenable interviews Mark Ramberg, VP of Information Security with Sanmina, at our Edge 2019 user conference:

Learn More:

  • Visit our Predictive Prioritization webpage here.
  • Learn more about Tenable.sc here.

Read more >

Published on Oct 3, 2019

People also viewed

Senior Financial Analyst - Corporate Development

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Finance Finance
Your Role:Become a core member of Tenable’s internal corporate development team and assist with business, financial and valuation modeling for mergers, acquisitions and other strategic investments and initiatives.  Assist with evaluating elements ...

Cloud Security Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Technology Internships
Your Role: The Cloud Security Intern will help Tenable secure their use of cloud systems across the company.  The intern will develop, implement and monitor security solutions for the cloud that assess risk, keeps Tenable data safe and bake in sec...

Salesforce Administrator

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Business Platforms Business Platforms
Your Role:Tenable Network Security is looking for a Salesforce.com Administrator to join our internal business platforms team. The qualified candidate will engage in the administration of Tenable’s  Salesforce.com instance, play a key role in the ...

Technical Support Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Technical Support Internships
Your Role: The Technical Support Intern provides consistent, world-class security, network, and product support for specific Tenable products. In serving as the primary liaison between the company and customer, the Technical Support Intern resolve...

Research Intern - Plugin Automation

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Research Internships
Your Role: Tenable Research is looking for a Software Engineer Intern for the Plugin Automation team.  The position will involve developing frameworks for automated content creation, and processes for validating and publishing the content that is ...

Sales Development Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Lead Generation Sales
Your Role:Tenable is looking for an experienced SDR Manager that will report to the Senior Director of Worldwide Sales Development and is responsible for ensuring the success of the Americas Tenable Sales Development team’s goals, as well as contr...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.