Tenable Product & Research Newsletter - March 2025 This...

Tenable Cloud Security

Reminder: Tenable Cloud Security requires you to log in to view documentation. If you want access to documentation or to try Tenable Cloud Security, contact your account manager or request a demo.

Simplify cloud management with Projects

Managing multiple cloud accounts is complex, especially as environments grow and change. Tenable Cloud Security makes it easier with Projects, allowing you to logically group accounts based on your organization’s structure—such as business units or environments like production and development. Projects streamline visibility, permissions, and access control, ensuring users only interact with the resources they need. This improves efficiency, enhances security, and simplifies reporting and API queries. To learn more about Projects, see the documentation.

Gain control over access with advanced custom policies

Tracking and managing cloud access across multiple providers is critical but challenging. Tenable Cloud Security now offers enhanced monitoring for permissions changes, giving you visibility into how identities gain access across AWS, Azure and Google Cloud. Detect when group memberships, Azure managed identities or cross-account roles introduce new privileges—so you can respond proactively. See the documentation for more information about custom policies.

Generate and share IaC findings reports for faster remediation

Tenable Cloud Security now lets you generate Infrastructure as Code (IaC) Findings reports to compile open, closed or ignored issues from your code repositories. Easily share reports in a CSV file format via email or Slack, or generate one-time exports for internal reviews. Additionally, manually share individual findings via email, webhooks, or ticketing integrations to ensure the right stakeholders receive timely, actionable security insights. To learn more, see the documentation.

Deliver targeted reports to resource owners

Findings are most effective when shared with those responsible for the affected resources. Now, when generating a Findings report, you can send individualized reports directly to resource owners based on cloud provider tags. Tenable searches across users/groups in all your integrated identity providers, and displays entities that match the tag pattern. Read the documentation to learn more.

Enhance data protection with improved visibility and expanded coverage

Sensitive data is everywhere—including in spreadsheets and managed databases. Tenable Cloud Security now offers a redesigned Data Profile view for clearer insights into where data is stored, its sensitivity, and recent modifications to it. With new XLSX scanning, you can classify data in Excel files, while expanded support for AWS RDS clusters running MySQL or PostgreSQL ensures better visibility into critical cloud storage locations.

Enhance permissions queries with access-level filtering

Understanding who has access to what just got easier. Tenable Cloud Security now allows you to filter permission queries by Access Level—identifying whether access is internal, cross-account, external, or public. This powerful enhancement helps you quickly discover excessive or risky permissions, improving security oversight across your cloud environment. The filter is also integrated into the IAM permission mapping (access graph) for even more seamless analysis.

Customize usage learning periods for least privilege enforcement

Configuring least privilege access shouldn’t be one-size-fits-all. Tenable Cloud Security now lets you define custom learning periods to determine when permissions are considered unused or excessive. Set different learning periods for service identities and users, tailored to your environment’s specifications. This flexibility ensures your least privilege enforcement aligns with real-world usage patterns, improving both security and usability. Read the documentation for more details.

Simplify compliance with reports, custom views and custom standards

Compliance tracking is now easier than ever. The new Compliance Accounts Summary report provides a breakdown of posture improvements over 7-, 30- and 90-day increments, while an updated Compliance page highlights top findings at a glance. You can also enable or disable built-in policies with one click and create custom standards to align with internal policies—helping you stay audit-ready with minimal effort. Our custom standards functionality now supports internal hierarchy of sections, and you can also create a custom standard by duplicating and tweaking an existing one.

Improve AWS network evaluation with VPC Block Public Access support

The new VPC Block Public Access (BPA) Mode in AWS helps prevent unintended exposure of resources to the internet. Tenable Cloud Security now factors in BPA settings to provide a more accurate network security assessment. A new VPC Block Public Access Mode field is displayed in the Inventory profile page for VPCs and subnets, ensuring you have a clear picture of your cloud network posture.

Expand workload protection with unlimited export capabilities

Tenable Cloud Security has removed the 10,000-result export limit for Virtual Machines and Container Images pages, enabling comprehensive analysis and reporting for large-scale cloud environments. Now, you can access and analyze your entire dataset without this restriction.

<View next comments for more Product Updates>