Greetings! Check out our July newsletter to learn about the latest product and research updates, upcoming and on-demand webinars, and educational content — all to help you get more value from your Tenable solutions. 

Click here for a downloadable PDF of this newsletter

Share Your Insights at Black Hat 2025

Attending Black Hat next month? We'd love to hear your thoughts on Tenable products! Join us for a brief, filmed in-booth interview. It's a quick (less than 10 minutes) and impactful way to share your feedback.

You'll have the chance to share your opinions on camera, and rest assured, if you prefer, your feedback can remain completely anonymous if you prefer. As a thank you for your time, we'll also give you an exclusive briefing on our latest product updates.

Ready to make your voice heard? Email ambassador@tenable.com to schedule your session. We'll find a time that works best for you!

Tenable Cloud Security

Reminder: Tenable Cloud Security requires you to log in to view documentation and release notes. To access the documentation or try Tenable Cloud Security, contact your account manager or request a demo.  

Code security for Azure ARM and Bicep frameworks, and APIs. Tenable now natively supports Azure Resource Manager (ARM) and Bicep, expanding on existing coverage for AWS CloudFormation, Kubernetes YAML, and Terraform across all major cloud environments. Azure users can now scan for misconfigurations directly in their infrastructure as code. Notably, Tenable Cloud Security uniquely supports Bicep, which is rapidly gaining adoption due to its simplicity. Tenable tags resources in Bicep files, auto-generates underlying ARM templates, and highlights misconfigurations directly in the Bicep code, so you can work in the Bicep layer without parsing ARM output.

We’ve also introduced ingestion of Tenable IaC findings via API using the “Findings” query in the GraphQL API. This enables programmatic management of finding status. The code API has full UI parity and is consistent with all Tenable API endpoints.

Workload protection now supports Oracle Cloud Infrastructure + streamlined reporting. Expanding our coverage of Oracle Cloud Infrastructure (OCI), Tenable Cloud Security now offers workload protection for OCI environments. You can scan virtual machines, including those using OCI-native and customer-managed key (CMK) encrypted volumes, alongside container images and account-level resources. Additionally, across all supported cloud environments, we have streamlined reporting: you can now generate reports directly from the Vulnerabilities page, simplifying your workflow.

Enhanced IAM security across permissions and access. Tenable Cloud Security’s Microsoft Entra ID integration, recently enhanced with third-party support and MFA monitoring,  can now monitor and filter all app API and delegated permissions. IAM admins get a clearer, tenant-wide view of app-level permissions, making it easier to remove unnecessary access. 

Are you still using the now-retired Microsoft Entra Permissions Management? Tenable is a strong replacement, with advanced CIEM, JIT access, and CNAPP capabilities spanning Entra ID, Azure and more. 

We’ve also improved IAM visibility for AWS and GCP with exportable Permissions Query results and enhanced tracking of custom policy changes. In GCP, access-level evaluation is now deeper with added behavior analysis and resource details.

Introducing custom dashboards that you can easily build in minutes.  You’ve got the power! You can now customize how dashboards look and how you present security data to help users focus on what matters most. Personalize dashboards by adjusting metrics, findings and visualizations. Choose whether to make them public or private. Save time by duplicating built-in or custom dashboards. Plus, all dashboards are now centrally located in the menu for easier access.

“Projects” capability now supports integrations and automations by scope. Tenable is making it easier to manage accounts and access control across multiple accounts and providers. The Projects capability, which logically groups resources in your cloud environment, now lets you configure integrations and automations at the project level. This enables more granular control and flexibility to let specific accounts or resources follow tailored workflows aligned with your organizational structure and security policies.

Tenable Identity Exposure

New Entra ID IoEs to strengthen identity hygiene.
Tenable has added new indicators of exposure (IoEs) to help you identify and remediate hidden risks in Entra ID environments:

• Managed devices not required for MFA registration: Flags tenants that allow multi-factor authentication (MFA) registration from devices your organization doesn’t manage. Without requiring managed devices, attackers with stolen credentials could set up their own MFA methods without your knowledge.
• Admin consent workflow not configured: Detects tenants missing an active admin consent workflow. This absence can cause errors for non-admin users trying to access applications that need consent, leading to user friction or unmonitored workarounds. 
• Password expiration enforced: Identifies domains where password expiration policies, intended to enhance security, might actually weaken it. When you force users to change passwords frequently, they often resort to simpler or repeated passwords, which makes them more vulnerable to breaches.

For more information, review the release notes. 

Tenable Enclave Security 

Tenable Enclave Security 1.5 release. We’re excited to announce the release of Tenable Enclave Security 1.5. This release includes exciting new features:

• Deployment assessment scanning: Quickly assess new and updated deployments before they go live, improving visibility and risk reduction during rapid delivery cycles.
• Expanded software composition analysis (SCA): Broaden insight into your software supply chain with deeper enumeration of third-party libraries and components, including Go, Java, PHP and unpatched vulnerabilities in container images. 
• SecurityCenter 6.6: Now powered by PostgreSQL, the latest version enhances performance, scalability and long-term support for mission-critical environments.
• Policy management: New and improved experience for managing policies for CI/CD pipelines or Kubernetes clusters.

For more information, review the release notes. 

Tenable Vulnerability Management (TVM)

Tenable PCI agent scan template now available. As a result of the PCI DSS 4.x specification release, credentialed scanning is now a requirement for PCI internal scanning. In response, Tenable created the Tenable PCI Agent, which you can use to scan your network via the PCI Internal Nessus Agent scan template in Tenable Vulnerability Management. 

PCI DSS 4.x enables you to use a customized approach objective. Using PCI DSS 4.x, the PCI Internal Nessus Agent provides the most comprehensive view of local vulnerabilities on your systems. 

Please visit the Scan Settings site for more details on configuring the PCI Agent and scans.

Tenable Patch Management

Tenable Patch Management 9.2.967.22 (on-premises). This release features minor quality improvements and bug fixes across the platform. 

Server updates:

• Bug fixes:
  • We fixed an issue where the Business Units by Waves column in cycle tables was empty if no deployment waves existed for the cycle owner.
  • Modified the patch server framework component to depend on the feed server, preventing a race condition during registration.
  • Fixed a bug where patching cycles could lose business unit information after a server restart.
  • Improved the update process for supported platforms within existing workflows and activities during server upgrades.

Client updates:

• Bug fixes:
  • Change to WUAHttpServer to include a content-length header on a full GET request for a file. This resolves the Windows Server 2016 patch download issue.

Tenable OT Security

Tenable OT Security 4.3:  Scalable visibility and control for your modern enterprise. The Tenable OT Security 4.3 release delivers powerful new features to enhance visibility and control across your operational technology (OT) environments and entire attack surface.

Key updates in this release include:

• Scalable OT agents: Extend asset discovery to hard-to-reach areas and embedded systems, closing critical visibility gaps with lightweight, easy-to-deploy agents that leverage your existing IT infrastructure.
• Enhanced Tenable One data integration: Accelerate investigations and improve risk remediation with new Policy Violation Findings and richer Exposure Signals for more comprehensive Attack Path Analysis.
• Streamlined asset management: Benefit from a responsive Vulnerability Findings side-panel for quick investigations, custom asset tags and groups for better organization, and batch data and ruleset updates in Enterprise Manager to ensure consistent administration across distributed sites or locations.

Additional user interface enhancements in v4.3:

• You can now search the asset serial number in the inventory
• Updated Sensor page navigation
• System Log pagination

To learn more about what’s new in the latest version of Tenable OT Security, watch the latest customer update and review the release notes.

Tenable Nessus

Nessus 10.9 is now generally available! Nessus 10.9 introduces several key features to empower your security teams:

• Offline web application scanning in Nessus Expert: If your organization has strict network segmentation or air-gapped environments, Nessus 10.9 now enables comprehensive web application scanning functionality. This ensures your critical web applications, even in isolated networks, receive the same thorough security assessment as those in connected environments to maintain a consistent security baseline across your entire infrastructure. 
• Triggered agent scans in Nessus Manager: Automatically initiate vulnerability scans via Nessus Manager in response to specific events. This means you get immediate insights into your security posture as soon as the system discovers new assets or critical system changes occur. This functionality will be enabled directly through Tenable Security Center in July. 
• Agent version declaration for offline environments in Nessus Manager: Simplify the management of your Nessus Agents in air-gapped or offline deployments. With Nessus 10.9, you can now declare agent versions for Nessus Manager agent profiles, streamlining updates and ensuring your agents are running the desired software versions, even without direct internet connectivity.
• Agent safe mode status reporting in Nessus Manager: Get better visibility into our Nessus Agents’ health and operational status. Nessus 10.9 provides reporting on "Agent Safe Mode" status with insights into agents that may experience issues or operate in a limited capacity. This allows for quicker identification and resolution of agent-related problems for uninterrupted scanning coverage.

Nessus 10.9 is available now. We encourage all Nessus users to upgrade to take advantage of these new features and continue to strengthen your vulnerability assessment capabilities.

For more information, see the Nessus 10.9 release notes and Nessus 10.9 User Guide. You can also view this announcement under Product Announcements in Tenable Connect.   

End of Support for Nessus and Agents on Windows 32-bit operating systems.
Tenable announces End of Support for Nessus and Agents on Windows 32-bit Operating Systems. Please see the bulletin for more details.

Click here to continue reading the rest of the newsletter as a downloadable PDF.