Greetings! Check out our January newsletter to learn about the latest product updates, research insights, and educational content — all to help you get more value from your Tenable solutions.

Tenable One

New Tenable One Connector | ORDR

Bridge the gap between IT and OT. Connect Tenable One with ORDR to get a single view of your entire attack surface, showing exactly how a simple IT exposure can reach your critical operational technology. By treating IT and OT as a single, connected environment, you can better protect your uptime and ensure smooth and safe operations.

Learn more >>

Tenable Cloud Security

Tenable named a Customers’ Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Cloud-Native Application Protection Platforms (CNAPPs)

We are excited to share that Tenable is named a Customers’ Choice in the 2025 Gartner® Peer Insights™ Voice of the Customer for Cloud-Native Application Protection Platforms (CNAPPs). In this report, Gartner Peer Insights provides a rigorous analysis of 1,664 reviews and ratings of 10 vendors in the CNAPP market. In the 18-month eligibility window, we received an average of 4.8 out of 5 stars for Tenable Cloud Security based on 71 reviews as of October 2025.

We’re grateful to you, our customers. This kind of feedback tells us we're delivering on what matters most!

Learn from your peers as you choose the best solution for your cloud security program. You can read the report here.

Exclusions | Strategic risk management: Streamline exception handling with a new centralized framework. Define business scenarios to ignore non-actionable findings or adjust their severity using flexible conditions like tags and attributes. All legacy exceptions now migrate here for a single, auditable source of truth.

Reports | Query-to-report automation: Transform any search in Explorer into a scheduled or on-demand report. Leverage a redesigned, full-screen reporting experience featuring live data previews and local timezone support to ensure stakeholders receive actionable data exactly when they need it.

IAM | AWS ABAC and granular visibility: Permission evaluations now support AWS attribute-based access control (ABAC) for highly accurate least-privilege recommendations. Additionally, a new dedicated Access Level section in resource profiles replaces generic summaries with a detailed breakdown of permission categories.

Projects | Scalable API automation: Manage high-volume environments with new GraphQL API support for Projects. Programmatically create, modify, or delete projects and role assignments to align security governance with rapid DevOps workflows.

Data security | Precision classification: Enhance data discovery by using Regex to exclude known or irrelevant values from classification to ensure your data security findings focus on actual sensitive information while filtering out noise.

View full cloud release notes

Tenable Identity Exposure

This month, we are focusing on removing deployment friction for indicators of attack (IoA). To maintain a high-velocity security posture, we have simplified the process of authorizing installation scripts within your existing EDR/AV environments.

Frictionless IoA deployment: We’ve added three new parameters to the IoA installation script to ensure your security stack works in harmony. This enhancement accelerates time-to-protection by pre-authorizing deployment scripts and preventing false-positive blocks from security tools.

Proactive authorization: Use OutputCertificate or GetSignatureToWhitelist to retrieve the Tenable certificate or script hash for immediate allowlisting.

Controlled execution: The TimerInMinutes parameter allows you to delay installation, ensuring your environment has processed allowlist updates before the script runs.

View full identity release notes

By focusing on these specific parameters, your team can avoid the manual overhead of troubleshooting blocked installations and move directly to monitoring for identity-based threats.

Tenable Vulnerability Management

Streamline your Microsoft Patch Tuesday remediation

Master the monthly operational challenge of Microsoft Patch Tuesday with the updated one-stop-shop dashboard. You can now balance critical deployments against user disruption with a comprehensive view of your organization's remediation status to quickly detect vulnerable devices and prioritize the most difficult issues.

This update leverages three key advancements:

• Enhanced VPR analysis: Utilize the newest algorithm to focus on your most critical vulnerabilities. The enhanced analysis reduces your workload and offers greater explainability for risk scoring.
• Granular asset tracking: Leverage new software inventory attributes to distinctly analyze risk across operating systems versus applications and packages.
• Reboot detection: Instantly identify assets with applied patches that are vulnerable due to a pending reboot, so you can close security gaps completely.

Download a new copy of this dashboard to access the new widgets and data visualizations.

Nessus

SSH Session Re-use feature added for credential scans

Nessus now supports an opt-in feature to reuse SSH sessions during a scan when running Nessus version 10.9.0 or greater. Added in response to numerous requests from customers like you, this update will reduce the number of new SSH connections established during remote network scans and the associated increase in network traffic.

Access more information in Tenable Research Release Highlights here.

Tenable Security Center

Action required: Preparing for upcoming VPR feed update

Starting mid-January 2026, the Tenable Security Center feed will expand to support new Vulnerability Priority Rating (VPR) data. To prevent PHP memory exhaustion and ensure your daily updates continue seamlessly, you must take immediate action.

• Versions 6.5.1 – 6.7.2: Patch 202601.1 is now available. Applying this patch will automatically modify the PHP configuration to increase the memory limit.
• Versions prior to 6.5.1: Follow the instructions outlined here to modify the PHP configuration.

Note: Consoles with less than 8 GB RAM may require a hardware resource update.

In case you missed it: Tenable Security Center 6.7 is now available

See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive UX that improves usability, scalability, and efficiency across your workflows.

• Explore – Assets (preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster.
• Triggered agent scanning: Automate Tenable Agent scans based on defined conditions, so you can catch vulnerabilities sooner and respond with confidence.
• Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success.
• Performance and reporting enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team.

Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. The release updates hardware specifications. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now and view the release notes for details.

Tenable Patch Management

Get the magic of simplicity and deep control

On Jan. 22, your patching experience transforms into a single, unified powerhouse. You no longer have to choose between speed and granular control. You now have full access to our most robust engine designed for autonomous patching.

We’ve streamlined your workflow to help you close security gaps faster:

• Set up in minutes, not hours, with the new 6-step onboarding wizard.
• Eliminate guesswork using the intuitive "What, When, & How" strategy builder.
• Act fast with front-and-center emergency controls like Global Pause.

Rest assured, your current strategies remain untouched and will continue to function exactly as designed. Explore the new features.

Tenable OT Security

Now available: Tenable OT Security 4.5

This release delivers improved scalability for enterprise environments, enhanced power grid visibility, and new integrations across the Tenable One portfolio.

• Advanced dynamic tagging: Streamline prioritization and reporting with the ability to create rule-based groups and tags with multiple filters, including asset type, risk score, and criticality.
• Enhanced support for IEC 61850: Improve passive detection of intelligent electronic devices with comprehensive visibility across substation and power generation infrastructures.
• Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access or failed logins, within Tenable Security Center dashboards and reports to bridge the gap between OT and the SOC.
• Expanded compliance mapping: Simplify how you measure and report against critical security frameworks with support for IEC 62443-3-3 and NIST-CSF in the Compliance Dashboard.
• Role-based access controls (RBAC): Tenable Enterprise Manager now enables admins to assign users to specific ICPs using user groups, so users only view the zones they’re authorized to see while inheriting ICP-level roles.

Tenable Training and Product Education

Introducing the Tenable Universal Education SKU

Maximize your team’s expertise without the pressure of immediate decision-making. Tenable Universal Education SKUs streamline your procurement by consolidating all training needs into a single, flexible entitlement. You can secure your budget today and choose your specific product or certification path later as your security priorities evolve.

This flexibility also applies to your existing Enrollment Codes, which you can now use for any applicable course. When you are ready to train, simply visit Tenable University, select your course from the eligible catalog, and apply your code to start learning.

Tenable Webinars

Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars here.

On-demand

• Escape the patching cycle. A guide to autonomous risk-based patching.
• Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight.

Customer office hours

These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here.

Tenable Research

Research Security Operations blog posts

Subscribe to the Research team blog posts here.

• CVE-2025-64155: Exploit code released for critical Fortinet FortiSIEM command injection vulnerability
• Microsoft’s January 2026 Patch Tuesday addresses 113 CVEs (CVE-2026-20805)

Research release highlights

• SSH Session Reuse:  Opt-in to this feature to reduce the number of SSH connections made during remote network scans within Tenable Vulnerability Management and Nessus
• Miracle Linux Local Security Checks: Scan for Miracle Linux vulnerabilities using the newly released plugins.
• SNMPv3 for CyberArk and HashiCorp Vault:  Choose to query the CyberArk or Hashicorp vaults using the SNMPv3 credentials.

Content coverage highlights

• More than 4,700 new published vulnerability plugins.
• More than 60 new audits delivered to customers.

 

Read Tenable documentation.