Tenable Cloud Security

Reminder: Tenable Cloud Security requires you to log in to view documentation. If you want access to documentation or to try Tenable Cloud Security, contact your account manager or request a demo.

Simplify cloud management with Projects

Managing multiple cloud accounts is complex, especially as environments grow and change. Tenable Cloud Security makes it easier with Projects, allowing you to logically group accounts based on your organization’s structure—such as business units or environments like production and development. Projects streamline visibility, permissions, and access control, ensuring users only interact with the resources they need. This improves efficiency, enhances security, and simplifies reporting and API queries. To learn more about Projects, see the documentation.

Gain control over access with advanced custom policies

Tracking and managing cloud access across multiple providers is critical but challenging. Tenable Cloud Security now offers enhanced monitoring for permissions changes, giving you visibility into how identities gain access across AWS, Azure and Google Cloud. Detect when group memberships, Azure managed identities or cross-account roles introduce new privileges—so you can respond proactively. See the documentation for more information about custom policies.

Generate and share IaC findings reports for faster remediation

Tenable Cloud Security now lets you generate Infrastructure as Code (IaC) Findings reports to compile open, closed or ignored issues from your code repositories. Easily share reports in a CSV file format via email or Slack, or generate one-time exports for internal reviews. Additionally, manually share individual findings via email, webhooks, or ticketing integrations to ensure the right stakeholders receive timely, actionable security insights. To learn more, see the documentation.

Deliver targeted reports to resource owners

Findings are most effective when shared with those responsible for the affected resources. Now, when generating a Findings report, you can send individualized reports directly to resource owners based on cloud provider tags. Tenable searches across users/groups in all your integrated identity providers, and displays entities that match the tag pattern. Read the documentation to learn more.

Enhance data protection with improved visibility and expanded coverage

Sensitive data is everywhere—including in spreadsheets and managed databases. Tenable Cloud Security now offers a redesigned Data Profile view for clearer insights into where data is stored, its sensitivity, and recent modifications to it. With new XLSX scanning, you can classify data in Excel files, while expanded support for AWS RDS clusters running MySQL or PostgreSQL ensures better visibility into critical cloud storage locations.

Enhance permissions queries with access-level filtering

Understanding who has access to what just got easier. Tenable Cloud Security now allows you to filter permission queries by Access Level—identifying whether access is internal, cross-account, external, or public. This powerful enhancement helps you quickly discover excessive or risky permissions, improving security oversight across your cloud environment. The filter is also integrated into the IAM permission mapping (access graph) for even more seamless analysis.

Customize usage learning periods for least privilege enforcement

Configuring least privilege access shouldn’t be one-size-fits-all. Tenable Cloud Security now lets you define custom learning periods to determine when permissions are considered unused or excessive. Set different learning periods for service identities and users, tailored to your environment’s specifications. This flexibility ensures your least privilege enforcement aligns with real-world usage patterns, improving both security and usability. Read the documentation for more details.

Simplify compliance with reports, custom views and custom standards

Compliance tracking is now easier than ever. The new Compliance Accounts Summary report provides a breakdown of posture improvements over 7-, 30- and 90-day increments, while an updated Compliance page highlights top findings at a glance. You can also enable or disable built-in policies with one click and create custom standards to align with internal policies—helping you stay audit-ready with minimal effort. Our custom standards functionality now supports internal hierarchy of sections, and you can also create a custom standard by duplicating and tweaking an existing one.

Improve AWS network evaluation with VPC Block Public Access support

The new VPC Block Public Access (BPA) Mode in AWS helps prevent unintended exposure of resources to the internet. Tenable Cloud Security now factors in BPA settings to provide a more accurate network security assessment. A new VPC Block Public Access Mode field is displayed in the Inventory profile page for VPCs and subnets, ensuring you have a clear picture of your cloud network posture.

Expand workload protection with unlimited export capabilities

Tenable Cloud Security has removed the 10,000-result export limit for Virtual Machines and Container Images pages, enabling comprehensive analysis and reporting for large-scale cloud environments. Now, you can access and analyze your entire dataset without this restriction.

<View next comments for more Product Updates>

Tenable Vulnerability Management

Enhanced vulnerability export API: more insights and control

The Vulnerabilities Export API now supports Vulnerability Intelligence filters and new time-based fields, giving you more insight into your risk landscape. You can filter vulnerabilities by CVE category, exploit maturity, VPR threat intensity, weaponization, time taken to fix, resurfaced date and CVE ID, helping you prioritize threats more effectively. Additionally, the Finding ID field has been added to uniquely identify each vulnerability for improved tracking and correlation. For more details, see the API changelog.

Tenable Security Center

Patch for Security Center 6.4 and 6.5 upgrades

If you upgraded from Security Center 6.3 to 6.4 or 6.5 after applying the December Security Patch (202412.1-6.3.x), a new patch (202503.1-6.4.x-6.5.x) is now available to address a specific upgrade issue. This patch is only necessary for affected customers who upgraded between late December 2024 and early March 2025. If you’re still on Security Center 6.3, you can simply reapply the December patch instead. For details, see the release notes. To download the patch, visit the download page.

Tenable Web App Scanning

Stay ahead of risk with automated web app discovery

Keeping track of your web applications can be a challenge: new APIs get deployed without notice, new sites are launched, and acquisitions bring unexpected risks. Now, with the ASM-powered Web App Discovery feature, you can automatically detect and import web applications discovered by Tenable Attack Surface Management (ASM). This integration keeps your inventory up to date AND prevents duplicate scanning. Learn more with web app discovery details or check out the ASM integration guide.

Tenable Nessus

Nessus self-service onboarding resources

• Are you a new Nessus Professional customer? Check out the Nessus Professional Onboarding Portal and accompanying Nessus Professional Onboarding Product Tour to get set up for success.
• Are you a new Nessus Expert customer? Check out the Nessus Expert Onboarding Portal and accompanying Nessus Expert Onboarding Product Tour to get set up for success.

Reminder: new credential validation scan template

To simplify the process of diagnosing issues with scan credentials, the Tenable Research team released a lightweight scan template to verify that host credential pairs for Windows and Unix successfully authenticate to scan targets. Use this scan template to quickly diagnose credential pair issues in your network. The complete list of plugins enabled by the scan template is available here.

<View next comments for more Product Updates>

Tenable Identity Exposure

Expand cloud identity visibility with Tenable One

Tenable One customers using Tenable Cloud Security now see identity data from AWS, Google Cloud Identity, Ping Identity, OneLogin and Okta directly within Identity 360—enriching security teams' ability to assess identity risk across cloud and hybrid environments. What’s included:

• Identity & Account Relationships - Available for AWS, Google Cloud Identity, Ping Identity, OneLogin and Okta.
• Groups & Roles - Retrieved for AWS, Google Cloud Identity and Okta.
• Visibility Requirement - IDP accounts must have an associated email address for this data to be included.

This expanded data provides a clearer picture of cloud identity relationships, helping organizations detect privilege escalation risks and misconfigurations that could be exploited. Check out the release notes for more details.

Detect and remediate risky Exchange misconfigurations in Active Directory

The new Exchange Dangerous Misconfigurations Indicator of Exposure (IoE) identifies security gaps in Exchange resources and their underlying Active Directory schema objects. Left unaddressed, these misconfigurations could be exploited for privilege escalation and unauthorized access to critical email infrastructure. Detecting and addressing these misconfigurations early strengthens defenses against targeted attacks. Check out the release notes for more details.

Uncover risks in Hybrid Entra ID replication

The new Hybrid Entra ID Information Indicator of Exposure (IoE) provides visibility into Microsoft Entra ID data replicated to on-premises Active Directory. This insight helps organizations uncover security gaps, detect policy misalignments and enhance hybrid identity security. Check out the release notes for more details.

Tenable OT Security

Now available: future-proof security and control for complex environments

Tenable OT Security 4.1 builds on a continued investment in OT security, delivering powerful new capabilities for on-premises and hybrid deployments.

• Streamlined Security Operations: Unify visibility across silos, optimize workflows and accelerate investigations with one-click access to your OT data directly from the Tenable One application launcher.
• Simplified NERC-CIP Compliance: Track NERC-CIP and other regulatory requirements in the Compliance Dashboard with clear insights and reporting tools.
• Advanced Support for Electrical Substations: Automate audits and detect threats in real time with advanced support for IEC 61850 standard alignment.
• Expanded Network Topology Visibility: Resolve overlapping IPs and accurately track OT and IoT assets across complex, distributed networks.
• Tenable AI Aware for OT/IoT: Detect and mitigate AI-related risks to cyber-physical systems with actionable threat intelligence.
• Enhanced Features & Workflow Improvements: Benefit from improved Tenable Nessus scan controls and centralized updates for Tenable hardware.

Upgrade to the latest version to unlock the full potential of your security program. Check out the release notes or watch the latest customer update for more details.

Vulnerability and device coverage updates

Recent coverage updates published by Tenable Research include end-of-life plugins for Rockwell devices and plugins for multiple CVEs with critical CvSS ratings for devices from Wiesemann & Theis, Elspec, Sprecher Automation and Schneider Electric. Find a detailed breakdown of the latest plugins and supported devices here.

<View next comment for Webinar and Research Updates>

CUSTOMER UPDATE WEBINARS

Tune in for product updates, demos, how-to advice and live Q&A to help you maximize the value of your investment in Tenable solutions.

LIVE | April 2025

• Tenable WAS, April 1, 2025, 11 am ET: Explore the recent Tenable Attack Surface Management integration with Tenable WAS
• Tenable Nessus, April 1, 2025, 1 pm ET: Identify potential attack paths using port scanning and service discovery
• Tenable Vulnerability Management, April 2, 2025, 1 pm ET: Create scans using the Tenable API and PyTenable
• Tenable One, April 3, 2025, 11 am ET: Learn how new Tenable One updates streamline navigation and improve access to important exposure context
• Tenable Security Center, April 3, 2025, 1 pm ET: Discover asset-based reporting using the Iterator in Tenable Security Center

ON-DEMAND | March 2025

• Tenable Identity Exposure: Use Tenable Identity Exposure to identify critical identity risks across hybrid infrastructure and remediate them at scale
• Tenable Nessus: Use Live Results to improve Nessus scan efficiency
• Tenable OT Security: Explore new features in Tenable OT Security 4.1
• Tenable Vulnerability Management: Discover alternative approaches to prioritization using Vulnerability Intelligence
• Tenable One: Understand why and how you can leverage Tenable Cloud Security to optimize your Tenable One deployment
• Tenable Security Center: Manage credentials using the Tenable API

CUSTOMER OFFICE HOURS

These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Times-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa, and Asia Pacific (APAC). Learn more and register here.

ICYMI: OTHER WEBINARS OF INTEREST

• April 23, 2025: Cloud Security Without Identity Isn’t Cloud Security at All (2 of 4)
• On-demand: How does an industry leader like Tenable protect its own cloud environments?
• On-demand: Security Beyond Silos with Tenable + Vulcan Cyber: Unified Exposure Management
• On-demand: 3 reasons why it's time to embrace identity as part of exposure management

FOR MORE WEBINARS

Please visit tenable.com/webinars for the most up-to-date schedule.

Tenable Research

Security Response Team

DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware: Tenable Research examines DeepSeek R1 and its capabilities for developing keylogger malware and ransomware. Our conclusion: DeepSeek R1 provides a useful starting point for developing malware, but requires additional prompting and debugging.

Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993): Microsoft addresses 56 CVEs, including seven zero-day flaws, six of which are being exploited in the wild.

CVE-2025-22224, CVE-2025-22225, CVE-2025-22226: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion Exploited: Broadcom published an advisory for three flaws in several VMware products that were exploited in the wild as zero days. Organizations are advised to apply the available patches.

Tenable Research reports and blogs

How To Reduce DNS Infrastructure Risk To Secure Your Cloud Attack Surface: Mismanaging your DNS infrastructure could expose you to destructive cyberattacks–especially as your cloud attack surface expands. Learn about DNS vulnerabilities, the impact of DNS takeover attacks and best practices for DNS security.

Vulnerability detections

Between February 17th and March 14th, there were over 10,000 new plugins published, with 1,810 having a CVSSv3 severity rating of critical.