CSPM Continuous Cloud Security

Realize consistent policy enforcement everywhere

With Tenable cloud security, you have a single framework to enforce policies from code-to-cloud and across multi-cloud environments. Leverage nearly 1,500 policies and apply standards such as CIS and other benchmarks, or define your own custom policies. Scan for misconfigurations in runtimes and in infrastructure as code (IaC), as well as for vulnerabilities (CVEs) in workloads from the same menu. Tenable cloud security makes it easy to detect high-risk configurations that lead to breaches such as unrestricted ports, public access to instances, expired certificates, over credentials and unencrypted data.

Detect drift and stop risky deployments

Continuously track configuration drift between cloud runtimes and IaC code repositories. Drill into the specific code changes made, and initiate pull requests to remediate or update IaC source code with the updated policy. Reduce toil and rework by ensuring all dev and production environments remain in sync and inline with company policies. Enable DevOps engineers to test code as part of local development cycles and integrate tests as part of automated CI/CD pipelines using a Visual Studio-based CLI. Out-of-the-box support for the most popular DevOps tooling including Terraform, CloudFormation, Azure Resource Manager, Kubernetes, Kustomize and Helm.

Gain a 360° view of cloud assets and exposure

Context is king. That’s why Tenable provides you with a 360° view of assets across your clouds and within repositories. Whether you’re a cloud security architect looking to understand misconfigurations, a vulnerability manager trying to assess the scope of the latest zero day CVE, or a security analyst investigating incidents associated with a resource, Tenable provides actionable intelligence in role-based views to make you more efficient and effective. Drill into asset inventory, configuration, vulnerabilities, misconfigurations, drift and related remediations.

Speed prioritization and remediation

Greatly improve your productivity with accurate risk-based scoring that assesses both asset criticality and threat severity to reduce noise by a factor of 23:1 and prioritize remediation based on true risk exposure to your business.

Automated workflows make it easy for you to align DevOps and security teams and share important context, remediation steps and code needed to correct out-of-policy configurations and vulnerabilities faster. Build custom policies and policy groups to self-heal detected issues, replacing violations in the IaC with compliant values specified in the policy.

Streamline governance, audit and compliance reporting

Easily enforce and report compliance with pre-packaged governance profiles for more than 20 security and compliance benchmarks, including CIS, SOC2, GDPR, PCI DSS, HIPAA, NYDFS and others. Instantly visualize compliance status as a percentage of total benchmark controls and drill into specific policies to see status. Filter based on cloud provider, project, repository, benchmark, severity, status and resource type. Export summary or detailed reports to .csv to support audits and other actions.