Tenable Product & Research Newsletter - March 2025 This...

Tenable Identity Exposure

Expand cloud identity visibility with Tenable One

Tenable One customers using Tenable Cloud Security now see identity data from AWS, Google Cloud Identity, Ping Identity, OneLogin and Okta directly within Identity 360—enriching security teams' ability to assess identity risk across cloud and hybrid environments. What’s included:

• Identity & Account Relationships - Available for AWS, Google Cloud Identity, Ping Identity, OneLogin and Okta.
• Groups & Roles - Retrieved for AWS, Google Cloud Identity and Okta.
• Visibility Requirement - IDP accounts must have an associated email address for this data to be included.

This expanded data provides a clearer picture of cloud identity relationships, helping organizations detect privilege escalation risks and misconfigurations that could be exploited. Check out the release notes for more details.

Detect and remediate risky Exchange misconfigurations in Active Directory

The new Exchange Dangerous Misconfigurations Indicator of Exposure (IoE) identifies security gaps in Exchange resources and their underlying Active Directory schema objects. Left unaddressed, these misconfigurations could be exploited for privilege escalation and unauthorized access to critical email infrastructure. Detecting and addressing these misconfigurations early strengthens defenses against targeted attacks. Check out the release notes for more details.

Uncover risks in Hybrid Entra ID replication

The new Hybrid Entra ID Information Indicator of Exposure (IoE) provides visibility into Microsoft Entra ID data replicated to on-premises Active Directory. This insight helps organizations uncover security gaps, detect policy misalignments and enhance hybrid identity security. Check out the release notes for more details.

Tenable OT Security

Now available: future-proof security and control for complex environments

Tenable OT Security 4.1 builds on a continued investment in OT security, delivering powerful new capabilities for on-premises and hybrid deployments.

• Streamlined Security Operations: Unify visibility across silos, optimize workflows and accelerate investigations with one-click access to your OT data directly from the Tenable One application launcher.
• Simplified NERC-CIP Compliance: Track NERC-CIP and other regulatory requirements in the Compliance Dashboard with clear insights and reporting tools.
• Advanced Support for Electrical Substations: Automate audits and detect threats in real time with advanced support for IEC 61850 standard alignment.
• Expanded Network Topology Visibility: Resolve overlapping IPs and accurately track OT and IoT assets across complex, distributed networks.
• Tenable AI Aware for OT/IoT: Detect and mitigate AI-related risks to cyber-physical systems with actionable threat intelligence.
• Enhanced Features & Workflow Improvements: Benefit from improved Tenable Nessus scan controls and centralized updates for Tenable hardware.

Upgrade to the latest version to unlock the full potential of your security program. Check out the release notes or watch the latest customer update for more details.

Vulnerability and device coverage updates

Recent coverage updates published by Tenable Research include end-of-life plugins for Rockwell devices and plugins for multiple CVEs with critical CvSS ratings for devices from Wiesemann & Theis, Elspec, Sprecher Automation and Schneider Electric. Find a detailed breakdown of the latest plugins and supported devices here.

<View next comment for Webinar and Research Updates>