Credential Caching: BeyondTrust and SenhaSegura

Summary

Tenable is announcing the release of updated functionality in regards to credential fetching in our Privileged Access Management (PAM) Integrations. We have updated our integrations with BeyondTrust and SenhaSegura to cache passwords that users set up in their scan configuration. This will reduce the amount of time and network traffic needed to gather credentials during a scan. This functionality was present in other PAMs and is now being introduced to BeyondTrust and SenhaSegura. 

Scope

When using BeyondTrust a domain-linked credential capability has been added to SSH credential usage. This allows for domain-linked accounts to be used for multiple target hosts. Caching was previously present in domain-linked accounts.

The credential caching in SenhaSegura is done on the first credential that may be stored with a username and password or passkey. Every subsequent use of the same credential pair is retrieved from cache to improve integration runtime.

Impact

There is no impact to existing scans. In Nessus and Tenable VM, a new domain field will be present in credentials using BeyondTrust for SSH scans. Security Center will get the same field TBD.  If users encounter issues, please open a ticket with Technical Support.

Release Date

October 29th, 2024 - TVM, Nessus; TBD for Security Center.