Improvement: Handling Component Installs for Vulnerability Assessment
Background On Friday, February 6, 2026, Tenable Research published a plugin update that changed the way component installs are assessed for vulnerabilities. Those changes are outlined in a previous release highlight: Component Installs Require Paranoid Checks, This update essentially reverts this change, while adding new functionality to allow users to choose whether or not they want component installs assessed for vulnerabilities. Component installs are no longer influenced by scan paranoia settings. What are “Component Installs”? Software components, such as applications or language modules/libraries, are installed and managed by a primary "parent" package or application. The crucial point is that these components often cannot be updated individually. Instead, their vulnerability assessment and upgrade are entirely dependent on an update of the parent package. For instance, the SQLite database component is installed as part of the Trend Micro Deep Security Agent and is updated only when the Agent itself is updated. Nessus uses several factors to determine if a detected product is a component, or a standalone installation, including: Was the product installed by a package manager? These products are not considered components, as they are managed by the package manager and not a “parent” application Is the component a “language library”, i.e. a library or module used by the interpreter of a programming language like Python or Node.js? These enumerated libraries are marked as components by default. Does the product reside in a directory that is recognized for installations that are not component-based? Changes By default, component installs are once again assessed for vulnerabilities, as was the case prior to the release of the aforementioned update. If users wish to turn this setting off, so that component installs will not be assessed by generic vulnerability detection plugins, they can do so via the newly created scan preference. The end result of this change should be that fewer “false positives”, i.e. reported vulnerabilities for components that are “owned” by another application, are shown in scan results. Components with vulnerabilities that cannot be addressed independently of the “parent” application will not show in scan results. However, some customers have expressed a desire to see these vulnerabilities in their scan results anyway, to ensure full awareness of the risk profile of every application in their environment. This is still possible through the updated scan configuration settings. To modify this setting in your scan policy, go to Settings > Assessment > Accuracy > Override Normal Accuracy > Assess component installs for potential vulnerabilities. This setting is ON (checkbox is ticked) by default, so users must enable the Override Normal Accuracy checkbox (which is OFF / unchecked by default) if they wish to disable the setting and ensure that component installs are not assessed by generic vulnerability detection plugins in this scan. Please note that this update makes no other changes to the existing paranoia logic, outside of what is described above. For now, “Managed”, “Managed by OS” and “Backported” installs are still controlled by the Show/Avoid potential false alarms radio button. How can I tell if the detected install is a component or not? In addition to the above, we have also updated the relevant detection plugins so they will show if the component flag is set or not. At present, this includes detection plugins for OpenSSL, Curl, LibCurl, Apache HTTPD, Apache Tomcat, SQLite, Python Packages, Node.js modules and, soon to follow, Ruby and Nuget libraries. Using plugin ID 174788, SQLite Detection (Windows), here is a before and after example of the expected plugin output. Before: After: Expected Impact With the new default setting in place, users should anticipate an increase in vulnerability findings for the products in scope, returning to a level similar to what was observed before the first update. If users do not wish to surface these additional potential vulnerabilities, they should disable the "Assess component installs for potential vulnerabilities” setting. If the new scan preference is disabled, the volume of findings will remain consistent with current levels, when scanning with normal accuracy (paranoia) settings. Affected Plugins 12288, global_settings.nasl (updated to support the new scan policy preference) Any plugin that operates downstream of those in the list below: SQLite: 174788 - sqlite_nix_installed.nasl 171077 - sqlite_win_installed.nasl OpenSSL: 168007 - openssl_nix_installed.nasl 168149 - openssl_win_installed.nasl Curl: 182774 - curl_nix_installed.nasl 171860 - curl_win_installed.nasl LibCurl: 182848 - libcurl_nix_installed.nasl Apache HTTPD: 141394 - apache_http_server_nix_installed.nasl 141262 - apache_httpd_win_installed.nasl Apache Tomcat: 130175 - apache_tomcat_nix_installed.nasl 130590 - tomcat_win_installed.nasl Python Packages: 164122 - python_packages_installed_nix.nasl 139241 - python_win_installed.nasl Node.js Modules: 178772 - nodejs_modules_linux_installed.nasl 179440 - nodejs_modules_mac_installed.nasl 200172 - nodejs_modules_win_installed.nasl Targeted Release Date Tenable Nessus and Vulnerability Management: Monday, March 9, 2026 (ETA 22:30 Eastern Standard Time) Tenable Security Center: Monday, March 16, 2026
Tenable product update: Standardizing Tenable risk scoring
At Tenable, we are committed to providing the most accurate, defensible, and actionable view of organizational risk. To achieve this, we must continually refine the intelligence that powers your prioritization. On July 1, 2026, we are implementing a series of foundational updates to our risk scoring engines. As part of this update, you may see changes to your risk scores, depending on the Tenable product(s) you own. These changes simplify your workflow by standardizing scoring on a single, high-fidelity model for vulnerability and asset risk. The new standard for VPR For the past several months, many of you have utilized VPR (Beta) to gain deeper insights into exploitability. We are excited to announce that on July 1, this model will be promoted to the primary Vulnerability Priority Rating (VPR) across the Tenable platform. By standardizing on this advanced model, we are retiring legacy VPR scoring to ensure every customer benefits from our most sophisticated threat intelligence. The new version of VPR incorporates more threat intelligence and vulnerability metadata so that you can focus on the 1.6% of vulnerabilities that actually matter. Better context through enhanced asset classification Alongside the VPR update, we are enhancing our asset classification engine. This update improves how we identify the function and importance of assets across your entire attack surface, including Cloud, OT, and third-party devices. As a result, customers with access to Asset Criticality Ratings (ACR) will see these scores more accurately reflect real-world business risk. What this means for you These are backend enhancements designed to provide immediate value with zero manual configuration. On July 1, your dashboards, reports, and APIs will automatically reflect these updated metrics. Because both VPR and ACR serve as inputs to Cyber Exposure Score (CES) and Asset Exposure Score (AES), customers using these scores may see changes that reflect a more accurate understanding of exposure. Customer FAQ What happens to the VPR (Beta) score in the Tenable UI? The Beta label will be removed. The high-fidelity model you’ve been previewing will become the standard VPR. The legacy version of VPR will be retired to ensure a single, unified source or truth. Do I need to rewrite my custom API scripts using VPR? No. For customers using APIs, updated values will be mapped into legacy VPR fields on the back end to ensure compatibility and a smooth transition for your scripts and third-party tools. How does this affect my SLAs? Because many organizations use VPR as their operational prioritization layer, your SLA statistics and remediation tracking will now reflect the more precise scoring model. This helps ensure your team is meeting response goals for the vulnerabilities that pose the highest actual risk. How does Enhanced Asset Classification affect my scores? The system now automatically identifies the function and criticality of assets across Cloud, OT, and third-party sources. This improved context leads to more accurate Asset Criticality Rating (ACR) adjustments. For customers with access to ACR, this ensures your most critical business assets are effectively prioritized. For a detailed guide on our enhanced VPR, check out this FAQ. Want to see the why behind our scoring? View our scoring explained.Action Required: Preparation for January 2026 Tenable Security Center Feed Update
We are writing to announce an important upcoming change to the Tenable Security Center feed data. Starting in mid-January 2026, the size of Tenable Security Center feeds will increase due to the addition of new Vulnerability Priority Rating (VPR) data; this data will be available in Tenable Security Center 6.8, anticipated for release later in Q1 2026. This update ensures you continue to receive comprehensive vulnerability data, but it requires immediate action to ensure your environment is prepared. What you need to do To prevent the feed size from causing PHP memory exhaustion in your environment, please follow the resolution path for your specific version: Versions 6.5.1 – 6.7.2: Patch 202601.1 is now available. Applying this patch will automatically modify the PHP configuration to increase the memory limit. Versions Prior to 6.5.1: Follow the instructions outlined in this Knowledge Base article to modify the PHP configuration. Note: Tenable Security Center consoles with less than 8 GB RAM may need to have their hardware resources updated. Review Tenable Security Center hardware recommendations Why this matters Taking action now allows you to adopt a proactive approach to this feed expansion, ensuring your nightly updates continue seamlessly. Prevent SC Feed Update Failures: Without this fix, SC Feed updates may fail and log an "Allowed memory size... exhausted" error or terminate abnormally with error status '255'. Protect Disk Space: Failing feed updates can leave behind orphaned files in /opt/sc/data/feed.XXXXX folders, which may build up and cause disk space issues over time. Access our related documentation to learn more: Tenable Security Center Patch 202601.1 (2026-01-06) Knowledge Base: Tenable Security Center Feed Update Failing with "terminated abnormally with error status '255'" Due to PHP Memory Exhaustion
Tenable Post-Quantum Cryptography Inventory Support
Summary The advent of quantum computing presents a significant threat to current cryptographic algorithms. Organizations worldwide are beginning the critical transition to post-quantum cryptography (PQC) resistant algorithms to ensure long-term data security. Government mandates, such as the U.S. National Security Memorandum 10 (NSM-10), outlines deadlines for PQC migration and specific actions agencies must take to migrate vulnerable systems. Our PQC support is designed to help customers inventory use of TLS and SSH quantum-resistant and vulnerable algorithms within their infrastructure using remote Nessus-based scans. Cipher Inventory and Reporting Post-Quantum Cipher Plugins Two remote-based scan informational reporting plugins for TLS and SSH protocols inform customers of their transition posture according to NIST Post-Quantum Encryption Standards. Services Using Post Quantum Cryptography: Reports on services equipped with at least one post-quantum cipher. It will specify which post-quantum ciphers were discovered, reporting by port and protocol. Services Not Using Post Quantum Cryptography: Reports on services that support no post-quantum ciphers. These plugins will be enabled by default and included in existing scans. Cryptographic Inventory Plugin Reporting To enable a JSON-based inventory of each target by service and cipher, enable through either a preference on your Advanced Network Scan or by running the Cryptographic Inventory scan template. These preferences will initially be supported in Nessus and Tenable Vulnerability Management. They are planned to be added to Tenable Security Center at a later date. Warning: Enabling this preference through the Advanced Network Scan is expected to increase the overall size of the plugin output per target and resulting Nessus database size. If you do not need to produce this inventory at all or on your regular scan cadence, it’s recommended to instead run the Cryptographic Inventory scan template to decrease the potential impact to your normal scan results. Options to Enable Inventory Reporting Advanced Scan Preference Post Quantum Cryptography Scan Template Cryptographic Inventory Plugin Details The plugin enabled with the preference or scan template is an information plugin called Target Cipher Inventory. Within the output of this plugin, you will find a JSON structure containing the TLS and SSH inventories for the scanned target. You can export this inventory based on plugin output using the Tenable API if needed. For TLS, the structure contains: Attribute Definition Encaps Protocol encapsulation employed such as TLSv1, TLSv2, TLSv3 Port Port used for TLS communication Curve Group Encryption method Ciphersuite Algorithm used to secure the TLS connection For SSH, the structure contains: Attribute Definition Proto Protocol of SSH Port Port used for SSH communication Name Algorithm used to secure the protocol Type Use of the named algorithm such as “message auth” Release Date Tenable Vulnerability Management and Tenable Nessus: December 8, 2025 Tenable Security Center: - December 8, 2025 for the informational plugins - Cryptographic Inventory scan template release to be determinedImprovement to Printer OS Fingerprinting
Updated: April 3, 2026 Summary Scanned printers will now have an OS artefact surfaced in their scan host metadata if the target has been identified as a printer when the “Scan Network Printers” policy option is disabled. This change will not cause any additional asset licenses to be consumed within Tenable VM or Tenable Security Center. Background Printers are notoriously unstable scan targets. Oftentimes, they can behave erratically when scanned, so some users prefer to avoid scanning them altogether. At present, there is a switch in the scan policies to prevent further scanning of a host when it's identified as a printer. To enable this setting, go to Settings -> Host Discovery -> Fragile devices - Scan Network Printers (Currently, this is a checkbox setting, default value “off”). With that said, how can the scanner know the target is a printer if it cannot be scanned? In reality, the scanner still performs very basic fingerprinting (usually via SNMP) in order to gather enough information to make an educated guess at the device type. When the scan target is thought to be a printer, it essentially gets marked as “Host/dead" in the scan KB. When this happens, the scanner will not perform any further active scanning. Changes With this update, the fingerprint used to identify the printer as such, will now be stored in the scan Knowledge Base (KB) so it can be processed by os_fingerprint2.nasl ("Post-scan OS Identification", plugin ID 83349) and surfaced as metadata in the scan result. The relevant policy setting located at Settings -> Host Discovery -> Fragile devices -> Scan Network Printers. With this update, the printer's OS information will now be surfaced if it is available, regardless of the selected value for this setting. Impact Users can now see the OS information for their printer devices that would have otherwise gone unreported if the scan is not configured to “Scan Network Printers”. As plugin ID 83349 generates no plugin output, only an “operating-system” tag will be added to the scan result (and stored in an exported .nessus file). This information will be visible only the in “Host/Asset Details” section of the Tenable product UI, i.e: Tenable Nessus: Scans -> [Folder] -> [Individual Scan Result] - > Host Details -> OS (sidebar) Tenable Vulnerability Management: Explore -> Assets -> [Asset] -> Details -> Operating System Scans -> Vulnerability Management Scans -> [Individual Scan Result] -> Scan Details -> Asset Details -> Operating System Tenable Security Center: Analysis -> IP Summary -> [IP address] -> System Information -> OS Scans -> Scan Results -> [Individual Scan Result] -> IP Summary -> [IP address] -> System Information -> OS Note, we expect this information to surface mainly in individual scan results. It would only be present in cumulative asset details if a licensed asset already exists for the target in question. This update will not cause additional assets to be created or consume any additional licenses. Affected Plugins 83349 - os_fingerprint2.nasl 11933 - dont_scan_printers.nasl 22481 - dont_scan_settings.nasl Targeted Release Date Wednesday, March 4, 2026
Webinar: Customer Product Update Webinars - July 2025
Check out the latest monthly Customer Update Webinars below and save your spot! Recordings will be posted after the live webinar has concluded. Tenable WAS, July 8, 2025, 11 am ET: Join us for a deep dive into recently released WAS features and capabilities. Tenable Nessus, July 8, 2025, 1 pm ET: Testing for specific CVEs with Nessus. Tenable OT Security, July 9, 2025, 11 am ET: Learn how Tenable OT Security 4.3 unlocks unprecedented visibility and control across your OT/IT environment. Tenable Vulnerability Management, July 9, 2025, 1 pm ET: Credentialed scans versus uncredentialed scans and how to use managed credentials. Tenable One, July 10, 2025, 11 am ET: Learn how Tenable One can now ingest important security context from non-Tenable security tools to help better identify, prioritize and reduce cyber risk. Tenable Security Center, July 10, 2025, 1 pm ET: OS breakdown: reporting exposures by operating system.March 2026 Tenable Product Newsletter
Check out our March newsletter to learn about the latest product and research updates, upcoming and on-demand webinars, and educational content — all to help you get more value from your Tenable solutions. EXPOSURE 2026 Save 50% on the security conference of the year Don’t miss EXPOSURE 2026, the first-ever conference dedicated exclusively to proactive, unified exposure management. Join us in Boston, Mass., from May 19-21, 2026, to get: Hands-on instruction with Exposure Management Strategy or Tenable One Technical Training Practical resources and real-world insights from Tenable leaders and industry experts Register before March 31 to save 50% off admission and training with early-bird pricing. Tenable customer update webinar 11 a.m. EST/3 p.m. BST, April 9, 2026 Join our upcoming webinar for an informative, fast-paced overview of recent product updates and best practices. Hosted by a team of Tenable product experts, this session will explore how to better secure your expanding attack surface and consolidate critical security data. Register now. Tenable One Coming soon: Data portability for Tenable Attack Path Analysis (APA) We’re introducing Full Export for Tenable APA, allowing you to move beyond single-page views and transform high-level visualizations into actionable offline intelligence. Key capabilities: Comprehensive data: Export full datasets for Top Attack Paths and Top Attack Techniques into CSV or JSON formats. Risk context: Exports include critical metrics like Source NES (Node Exposure Score) and Target ACR (Asset Criticality Rating). High capacity: Easily trigger exports for up to 100K+ results via a new global UI button. API parity: Programmatically pull path data into your SIEM, SOAR, or custom tools using the Tenable Public API. Tenable Cloud Security This month’s updates focus on operational scale, synchronizing security standards, and automating remediation across complex multi-cloud environments. Highlight: Synchronized policy management With linked queries, you can now connect saved explorer searches directly to custom policies and reports. Eliminate manual version control: When you update a source query, every linked policy and report automatically syncs, so your security standards are identical across your entire organization. Operational control: Pause automated workflows for maintenance without losing your configurations using the new enable/disable toggle for automation rules. High-impact capabilities Actionable CI/CD pipelines: Maintain developer velocity by excluding unresolvable vulnerabilities from container image scans. This prevents noise from breaking builds when no patch is currently available. Confirmed reachability: Bridge the gap between theoretical risk and actual exposure with Network Endpoints now displayed in your Inventory to surface the actual, validated entry points for your resources. Dynamic IaC protection: Tenable now scans Terraform dynamic configurations to give you visibility into scaled infrastructure and complex definitions before deployment. Expanded compliance: Immediate support for CIS AWS 6.0.0 and the NIS2 Directive keeps your cloud accounts aligned with the latest global regulatory benchmarks. Strategic update: Domain transition Note: Critical for continued service. The Console URL has officially transitioned to app.tenable.com. Please update your bookmarks and firewall allow lists to include *.app.tenable.com immediately to prevent service interruption. View Full March Release Notes Tenable Vulnerability Management Introducing VM-Native OT Discovery Safely identify and profile connected PLCs, HMIs, and IoT devices using the vulnerability management toolset you already own. No specialized hardware or complex deployments required. Turn your existing IT security tools into a safe OT discovery engine today and get visibility into your IT/OT security gap. Watch the guided demo to see this new capability in action. For more information, explore the user guide documentation for Scan Templates and Discovery Settings. Clean up your scan data: New OS and app inventory dashboard Our new Operating System and Application Inventory with Data Troubleshooting dashboard gives you an instant, high-level view of your asset counts across every OS and application. By using built-in troubleshooting queries, you can identify and fix scan fidelity issues and prioritize risk based on the most accurate data possible. View the dashboard details. Nessus Maximize your vulnerability assessment strategy with our recently introduced interactive Tenable Nessus demos. Skip the manuals and get immediate, hands-on experience securing your attack surface. Explore the Nessus Professional Onboarding demo to launch your first comprehensive scans in minutes. Dive into the Nessus Expert Onboarding demo to master advanced assessment features and eliminate security blind spots, whether on-prem or in the cloud. Tenable Security Center Uncover the OT blind spots across your network If you’re not already a Tenable OT Security user, your IT environment is likely full of shadow OT, like HVAC controllers and IoT devices, that standard scans can’t see. We recently added native OT discovery capabilities directly inside Tenable Security Center, so you can safely map these assets using the tools you already own. Get deep identity data for PLCs and HMIs without risking a disruption or deploying new network sensors. See it in action in this guided demo, and find out how to configure your first scan here. Reminder: Upgrade to Tenable Security Center 6.8 Focus on the vulnerabilities that truly matter with AI-powered VPR insights and clear mitigation guidance. This release streamlines your operations with unified asset repositories for IPv4, IPv6, and Agents, and improves efficiency with new background query processing and scan optimization tools. Explore the release notes for more information before you upgrade. Tenable Patch Management Improved patching precision and reliability Update (v10.0.971.26) includes critical fixes around strategy corruption and inaccurate compliance reporting. By upgrading, you keep your workflows intact, your data precise, and your environment benefits from the modernized performance and security of Java 25. View the release notes or access TPM documentation. Tenable OT Security Update required: Tenable OT Security 4.5 Service Pack (version 4.5.61) We advise all customers currently running version 4.5 apply this upgrade immediately to ensure optimal system stability and performance when processing high volumes of network conversations. This update also addresses specific communication gaps with Rockwell Stratix devices and Nessus scans. Review the release notes for the full list of fixes and improvements. Introducing Tenable OT Security 4.6 (Early Access) Our upcoming release introduces a variety of new features, performance enhancements, and streamlined workflows for large-scale industrial environments. Massive subnet scaling: Now supports up to 5,000 subnets per ICP, significantly increasing visibility for massive enterprise deployments. Centralized network management: A new Monitored Networks page includes bulk-add capabilities and the ability to stage inactive networks before monitoring. Precision scanning: New Nessus workflows let you define specific credential usage per scan for safe discovery of sensitive assets. Streamlined platform navigation: Updated workflow for SSO/SAML users helps you pivot back to the Tenable One platform instantly with the return button. Remote agent updates and query restrictions: Update OT agents directly from the ICP. and remove local site visits or manual CLI intervention. New infrastructure for OT agents also enables you to restrict specific protocol queries. Enhanced diagnostics: Exported asset logs now include deeper metadata to speed up Support and Engineering troubleshooting. IoT connector overhaul: Major stability and performance fixes for Milestone, AvigilonES, and Exacq Edge integrations for IoT asset discovery. This update focuses heavily on large-scale infrastructure, refined scan controls, and better integration with the Tenable One ecosystem. Check out the release notes and user guide for details. Tenable Web App Scanning Stop chasing dead keys: New secrets validation for WAS Don’t waste time manually verifying every leaked credential. Our new Secrets Validation automatically tests detected tokens, like GitHub or AI service API keys, to see if they are live and exploitable. By distinguishing between a harmless string and a critical vulnerability, you can prioritize your remediation efforts based on real-world risk, rather than noise. View the documentation or read the full breakdown on Tenable Connect. Tenable Training and Product Education Evolve from reactive patching to proactive risk oversight The Exposure Management Business Theory course, now available at no cost in Tenable University, guides you in self-paced modules toward building a sustainable exposure management program through the five pillars of the exposure lifecycle: scoping, discovery, prioritization, validation, and mobilization. Get strategic insight to align Tenable’s capabilities with your business goals, drive meaningful change, and make informed decisions. Get hands-on expertise with current industrial security capabilities The newly-updated Tenable OT Security Specialist instructor-led training course, now aligned with Tenable OT Security version 4.4, ensures you can effectively protect your critical infrastructure using the latest product features and workflows. You will learn to: Maximize visibility: Learn to leverage these enhancements to see and secure every asset in your OT environment. Reduce risk: Practice real-world scenarios to identify vulnerabilities and threats faster. Get expert guidance: Interact directly with instructors to master complex configurations and best practices. Visit tenable.com/education to learn more about our Tenable University education offerings, see global instructor-led training (ILT) schedules, and buy virtual ILT or on-demand courses. Tenable webinars Tune in for product updates, demos, how-to advice, and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. Customer office hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. The cloud and AI velocity trap: Why governance is falling behind innovation Dynamic objects in Active Directory: The stealthy threat New malicious npm package "ambar-src" targets developers with open-source malware Research release highlights Improvement: Handling component installs for vulnerability assessment: Adds the ability to remove findings for component-based vulnerabilities from scan results New Dell OS10 compliance plugin and audit files: Customers can now measure compliance against Dell OS10 devices with new plugin ID Dell OS10 Compliance Checks (275781) on Tenable Vulnerability Management and Nessus. Content coverage highlights More than 2,700 new published vulnerability plugins. Nearly 50 new audits delivered to customers. Read Tenable documentation.Now available: VM-Native OT Discovery
VM-Native OT Discovery introduces a powerful new asset discovery engine directly inside Tenable Vulnerability Management and Tenable Security Center. This allows you to identify and profile OT assets—including PLCs, HMIs, and IoT devices—using the VM tools you already own. Use a new "OT Recon" scan template to perform safe, protocol-aware active queries. No additional hardware or sensors are needed. Get started in minutes. Discovered assets count toward your existing license at a 1:1 ratio. Watch this 2-minute guided demo to see VM-Native Discovery in action. For more information, please refer to the user guides for Tenable Vulnerability Management (Discovery Settings, Scan Templates) and Tenable Security Center (Scan Policy Options). For continuous monitoring and access to a wide range of other advanced OT/CPS security capabilities, consider upgrading to Tenable OT Security to maximize the value of your Tenable One deployment.Introducing Tenable Security Center 6.8
Our latest release, Tenable Security Center 6.8, introduces several new features and enhancements to streamline your security operations: Focus on real risk: Stop chasing 60% of Common Vulnerabilities and Exposures (CVE) as High or Critical. Start focusing on the 3% of CVEs that truly matter. Enhanced VPR logic and new AI-powered insights explain why an exposure is significant and provide clear mitigation guidance based on regional and industry-specific threat actor behavior. Streamlined infrastructure: We’ve unified IPv4, IPv6, and Agent repositories into a single, flexible Asset Repository type to reduce administrative overhead and give you more freedom in how you bucket and analyze your data. You can now target any data, including agent, network scan, and passive data, into any repository. Asset grouping and customization: The Explore Assets page includes new "Group By" options for Microsoft ID, Network, System Type, and Asset Criticality Rating (ACR). Other enhancements to the Explore Assets page include the ability to edit ACR scores (available in Tenable Security Center Plus) directly in the Explore interface. You can also export findings and installed software for specific assets to a comma-separated values (CSV) file. Background queries: Start a query and keep working. Tenable Security Center now processes long-running asset searches in the background. Scan optimization: Prevent performance issues with new per-host timeouts that keep your scan schedules on track to prevent a single host from increasing overall scan time. Enhanced security: Use at-rest encryption for External PostgreSQL databases and expanded PAM integration for Delinea and BeyondTrust. Before you upgrade: Tenable Security Center 6.8 supports upgrades from version 6.4.0 and later. Please review the latest updates to Tenable Security Center hardware specifications in the release notes for optimal performance.
December 2025 Tenable Product Newsletter
Greetings! Check out our December newsletter to learn about the latest product and research updates, upcoming and on-demand webinars and educational content — all to help you get more value from your Tenable solutions. Tenable One What's new in Tenable One: November 2025 release This month's release delivers broader visibility, deeper insights, and more tailored data analysis to help you manage and reduce risk. Release highlights: New Tenable One Connector: Connect Tenable One with your Claroty platform to manage OT risks alongside the rest of your attack surface to reveal how IT exposures can directly impact industrial control systems and critical infrastructure. Protect uptime and safety by viewing IT and OT as a single, connected environment. Edit widgets: Edit and update widgets on dashboards you own. Customize all configuration parameters, including widget type, categories, values, data labels, stacking, and filters, to tailor insights to your specific needs. RBAC new roles: Unlock more precise access control with a new custom exposure management role for more granular access to the different modules in Tenable One, including tag enforcement, along with a dedicated read-only role for improved oversight. See all platform enhancements >> Tenable Is a Leader in the First-Ever Gartner®️ Magic Quadrant™️ for Exposure Assessment Platforms We’re proud to share that Tenable has been named a Leader in the first-ever 2025 Gartner Magic Quadrant for Exposure Assessment Platforms, ranking highest for both Ability to Execute and Completeness of Vision. Tenable was also positioned as a Leader in both the IDC MarketScape: Worldwide Exposure Management 2025 Vendor Assessment and The Forrester Wave™️: Unified Vulnerability Management, Q3 2025. This recognition wouldn’t be possible without you — our customers. Your insights, feedback, and collaboration have been instrumental in shaping Tenable One, helping organizations around the world reduce exposure risk across their entire attack surface. Get the report > Tenable Cloud Security Console | Unified cross-cloud view: Explorer is the new unified page. Get a complete cross-cloud view of all resources and findings. Query across objects, export results, and use Graph view to visualize risk paths. Network | Validate real-world exposure: Network Scanner now validates actual external exposure to identify truly reachable cloud resources and exposed endpoints. Use real-world data to cut false positives and sharpen prioritization. IAM | Full entitlement insight: Inventory now displays all roles and identity-based policies across AWS, Azure, GCP, Entra ID, and Google Workspace, including unused ones. Proactively reduce entitlement risk by creating custom least-privilege policies for any supported role. Vulnerability management | Public AMI scanning: Expanded AWS coverage now supports scanning public AMIs (cloud-managed AMIs), including vendor and AWS-published images in your posture assessments for a comprehensive security view. View all updates>> Tenable Vulnerability Management Mobilize your VM data Unify teams and streamline remediation workflows with the initial release of mobilization services, beginning with ticketing integrations in Tenable Vulnerability Management. Automatically or manually create bi-directional tickets in Jira Cloud via Exposure Response Initiatives. This capability accelerates response times by synchronizing your security findings with tickets in Jira Cloud. See mobilization in action: Watch this walkthrough to see how to set up and use the new ticketing integration. Review the documentation and Quick Reference Guide for detailed steps. Note: ServiceNow ITSM ticketing mobilization is coming soon. Tenable Security Center What’s new in Tenable Security Center 6.7 See your environment more clearly and act faster on what matters most. This release delivers a modern, intuitive experience that improves usability, scalability, and efficiency across your operations. Here’s what’s new: Explore – Assets (preview): Get a modern view of your assets with advanced filtering and improved navigation that helps you identify risks faster. Triggered agent scanning: Automate Tenable Agent scans based on conditions you define, so you can catch vulnerabilities sooner and respond confidently. Credential verification scan policy: Quickly validate Windows and Unix credential pairs with a built-in template that confirms authentication success. Performance and reporting enhancements: Experience faster scan ingestion, faster reporting, and improved backend performance that keeps pace with your team. Before you upgrade: Tenable Security Center 6.7 supports upgrades from version 6.3.0 and later. Hardware specifications are updated for this release. Systems below the new recommendations will still upgrade successfully, but performance may vary. Upgrade now and read the release notes to take advantage of these improvements and keep your environment running at peak performance. Patches for Tenable Security Center Address recent vulnerabilities by applying two security patches: 202509.2.1 (resolves Critical SimpleSAML CVEs) and 202509.1 (resolves High PostgreSQL CVEs). You need manual installation for both. The Software Updates feature is not compatible with these patches. Key requirements: Compatibility: Patch 202509.2.1 applies to SC 6.4 through 6.6. Patch 202509.1 applies to SC 6.5.1 and 6.6.0. Prerequisite: If you are on SC 6.5.0, you must first upgrade to 6.5.1. Upgrade note: Patch 202509.2.1 may impact future SC upgrades. See this KB article for more information. Refer to the release notes and advisories (TNS-2025-20 and TNS-2025-18) for more information and download patches here. Tenable OT Security Introducing Tenable OT Security 4.5 (Early Access) The upcoming release of Tenable OT Security 4.5 – now available in Early Access – focuses on scalability for enterprise environments, enhanced power grid visibility, and improved integrations across the Tenable One portfolio. Advanced dynamic tagging: Streamline prioritization and reporting at scale with the ability to create rule-based groups and tags using multiple filters, including asset type, risk score, and criticality. Enhanced grid visibility (IEC 61850): Added support for IEC 61850 to improve passive detection of intelligent electronic devices (IEDs) with safer, deeper visibility for substation and power generation environments. RBAC for enterprise manager: New role-based access controls (RBAC) enable administrators to assign users to specific ICPs using user groups, so users only view the zones they are authorized to see while inheriting ICP-level roles. Unified SOC visibility: You can now directly view policy violations that Tenable OT Security detects, such as unauthorized access or failed logins, within Tenable Security Center dashboards and reports to bridge the gap between OT and the SOC. Expanded compliance mapping: The Compliance Dashboard now includes direct mapping for IEC 62443-3-3 and NIST-CSF to simplify how you measure and report against these critical security frameworks. In case you missed it: What’s new in Tenable OT Security 4.4 Unified exposure management: Sync your OT asset tags directly to Tenable One and Tenable Security Center to enrich enterprise IT security workflows with OT context. Deep visibility for specialized environments: Gain granular details on sensitive devices by importing PLC project files (starting with Rockwell Automation) without active queries. Reduced alert fatigue: A redesigned Policy Violations dashboard unifies disparate alerts into actionable insights to help you focus on your most critical exposures. Expanded protocols: Added support for Foxboro DCS and VXLAN environments. Streamlined workflows and sensor configuration: A new workflow helps you easily find and merge duplicate assets for a more accurate inventory, while a simplified sensor configuration reduces deployment complexity. Review the release notes to see what’s new and how to upgrade. Tenable Identity Exposure Attack path optimization: Complex attack path queries now time out after three minutes and automatically revert to the shortest, most viable path. Get critical findings faster when dealing with large-scale domain environments. (v3.109) Syslog direct linking: Syslog alerts now contain a new time-based URL. Use this link to jump instantly to the exact incident details within Tenable Identity Exposure to accelerate your investigation and response workflow. (v3.108) Kerberos IoE clarity: The Dangerous Kerberos Delegation Indicator of Exposure (IoE) now features dedicated paragraphs for each vulnerability reason to simplify understanding and make remediation steps clearer and more concise. (v3.108) View all updates>> Tenable Web App Scanning Optimized scanning for production environments Eliminate conflicts with peak traffic hours using enhanced scan windows. You can now define granular scan (green) or pause (red) windows for individual scans, independent of global settings. Whether spanning multiple days or scheduling multiple windows per day, your assessments automatically progress during approved hours without manual restarts. For more details, review the documentation for pause and resume scans and basic scan settings. Tenable Enclave Security Tenable Enclave Security and Container Security 1.7 now generally available This release brings Security Center 6.7 into the Enclave Security platform and introduces exposure response for container security. See our announcement above for more information on the benefits of Security Center 6.7. With exposure response in container security, customers can better track and prioritize remediation efforts by: Creating initiatives to identify critical exposures, assign ownership and apply SLAs Managing initiatives through customizable dashboards Using advanced query capabilities to drill into specific findings, assets or vulnerability combinations. For more information review the Tenable Enclave Security 1.7 release notes. Tenable Cloud Security FedRAMP Tenable Cloud Security now available through GSA OneGov Federal agencies can now purchase Tenable Cloud Security FedRAMP through the GSA OneGov program at a 65% discount through March 2027. This partnership makes it easier and more cost effective for federal agencies to identify and reduce cloud risk by gaining visibility into misconfigurations, vulnerabilities and excessive permission across cloud environments, supporting federal cloud first policies and zero trust initiatives. Interested agencies should request more information on our Tenable and GSA webpage or email publicsector-gsa@tenable.com. For more information: Attend our webinar on January 15, 2026: Cloud security for federal agencies: Threats, best practices and the GSA OneGov advantage Read our blog: Tenable partners with GSA OneGov to help federal government boost its cloud security Tenable Training and Product Education Enhance your attack surface management skills Benefit from a superior learning experience with the updated Introduction to Tenable Attack Surface Management course. We've introduced a modernized interface and smoother navigation for immediate improvement. Access this no-cost course, along with many other on-demand options, anytime at Tenable University. Start learning today to gain essential skills and better manage your organization's external attack surface. Tenable Webinars Tune in for product updates, demos, how-to advice and Q&A. See all upcoming live and on-demand webinars at https://www.tenable.com/webinars. On-demand Escape the patching cycle. A guide to autonomous risk-based patching. Securing the future of AI in your enterprise. Policy frameworks that balance opportunity and oversight. Customer Office Hours These are recurring ask-me-anything sessions for Tenable Security Center, Tenable Vulnerability Management, Tenable Cloud Security, Tenable Identity Exposure and Tenable OT Security. Time-zone-appropriate sessions are available for the Americas, Europe (including the Middle East and Africa and Asia Pacific (APJ). Learn more and register here. Tenable Research Research Security Operations blog posts Subscribe to the Research team blog posts here. Agentic AI security: Keep your cyber hygiene failures from becoming a global breach A practical defense against AI-led attacks CVE-2025-55182: Frequently asked questions about React2Shell: React server components remote code execution vulnerability FAQ About Sha1-Hulud 2.0: The "second coming" of the npm supply-chain campaign CVE-2025-64446: Fortinet FortiWeb zero-day path traversal vulnerability exploited in the wild Microsoft Patch Tuesday 2025 Year in Review Microsoft addresses 56 CVEs, including two publicly disclosed vulnerabilities and one zero-day that was exploited in the wild to close out the final Patch Tuesday of 2025 Research release highlights Introducing new plugins to assess security posture for the transition toward Post-Quantum Cryptography (PQC)! Tenable Research PQC support helps customers inventory use of TLS and SSH quantum-resistant and vulnerable algorithms within their infrastructure using remote Nessus-based scans. For more information, see the Release Highlight. Content coverage highlights More than 5,000 new vulnerability plugins published, including new detections for the recent F5 BIG-IP Breach. More than 50 new audits delivered to customers. Read Tenable documentation.
