Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Trust and Assurance Keeping your data secure is our top priority.

Security is core to our corporate ethos. Our products are designed to protect the confidentiality, integrity and availability of all customer data.

Get the Data Sheet
Trust and Assurance

Trust Tenable with Your Data Security and Privacy

Our products protect your privacy and give you control over your data. Built on a safe, secure and compliant cloud, thousands of customers trust Tenable with their vulnerability data.

Data Security

Tenable is committed to protecting the confidentiality, integrity and availability of all customer data. Tenable.io data is encrypted in transit and stored using modern ciphers and methods recommended by security industry and standards organizations. Multiple network controls, access controls and container isolation ensure that security is built into every aspect of our products to protect your data.

Data Security

Encryption

Tenable.io data is encrypted in transit and storage using TLS Encryption ciphers and AES-256. Encryption is applied to various application infrastructure layers with highly restricted access to securely stored encryption keys.

Access Controls

Tenable uses many mechanisms to help customers control data access, including account lockout after 5 failed login attempts, SAML and two-factor authentication. Access can also be controlled via API keys.

Network Controls

The Tenable cloud platform is built on isolated, private networks and uses multiple network controls such as container isolation, inbound/internal traffic restrictions, monitoring of traffic rates, sources and types at multiple network points.

Regular Security Assessments

Tenable performs frequent vulnerability, docker container and web applications scans in addition to leveraging the Tenable Research team and third parties to conduct periodic security assessments.

Data Privacy

One of our top priorities is ensuring only customers can access their data and preventing any noncustomers or bad actors from accessing, disclosing or violating the privacy and protection of data stored in the Tenable cloud platform. PII data is anonymized via a one way salted hash using SHA-256. Further, using multiple data access controls and data localization our products are built to protect your data and help you meet privacy obligations.

Data Privacy

Data Anonymization

The Tenable cloud does not collect scan or PII data. Any potentially identifying customer data is anonymized before ingestion via a one-way salted hash using SHA-256.

Data Access

Tenable uses a number of data access controls including account lockout, two-factor authentication and SAML. Access to anonymized data is restricted to the Tenable Research team only, and is controlled through a central directory system.

Data Localization

Collection and processing of customer scan data occurs within a customers geographic region. Results are anonymized and only then are aggregated with similar data in our analytics platform.

Certifications and Assurance

With multiple certifications including ISO 27001, NIAP and Privacy Shield Framework, Tenable products help you navigate your compliance and ensure powerful security assurance in the cloud. Tenable is also a member of the CSA STAR program.

Certifications and Assurance

Cloud Security Alliance (CSA) STAR

Tenable is a member of the CSA STAR program. CSA STAR is the industry's most powerful program for security assurance in the cloud. To view the security controls for Tenable.io, visit the CSA website.

Privacy Shield Framework

Tenable is Privacy Shield Framework certified and complies with all data protection requirements when transferring personal data from the European Union and Switzerland to the United States.

ISO 27001

Tenable’s ISO/IEC 27001:2013 certification covers the ISMS supporting Tenable’s legal areas, human resources, information technology, software development, executive leadership, and customer support functions. Details are publicly available in the Schellman Certificate Directory.

National Information Assurance Program

Tenable has NIAP certifications for Tenable.sc, Nessus Manager, Log Correlation Engine (LCE), Nessus Network Monitor and Nessus Agent products.

Service Availability

Tenable has the industry’s first uptime guarantee of 99.95% to ensure your service is always on. Tenable implements and enforces measures to ensure that Tenable services are highly available, guarded against attacks or simple faults and outages and always useable for our customers.

Service Availability

Guaranteed Uptime

Tenable has an uptime guarantee of 99.95% through a robust SLA, with service credits offered if the SLA is not met.

High Availability

Tenables uses the AWS platform and other leading technologies to ensure high availability for customers. Using fault tolerant and redundant components, Tenable ensures customers get the best possible service with minimal downtime.

Secure Software Development

Tenable has a dedicated team to drive the Secure Software Development Lifecycle (SSDLC). Leveraging automated security testing they identify potential vulnerabilities within source code, dependencies, and underlying infrastructure to ensure we ship secure, high quality products at pace.

Secure Software Development

Governance

Tenable’s SSDLC team ensures adherence to security controls in our processes and uses automated Security Testing to identify potential vulnerabilities. All tests must meet a strict scoring criteria before products are released to our customers.

Static Application Security Testing (SAST)

Tenable analyzes the application source code for bugs, tech-debt and vulnerabilities to ensure security and quality of our products.

Dependency and Third-Party Library Scanning

Tenable analyzes project dependencies to determine vulnerabilities and licensing issues.

Dynamic Application Security Testing (DAST)

Tenable regularly runs automated web application scans against our products to discover bugs, exploits and vulnerabilities early in the development process.

Container Security

Vulnerability assessments are performed on all container images to detect any vulnerable software running on a given container. Strict scoring requirements prevent the shipment of vulnerable containers until all issues have been resolved.

Code Standards and Role-Based Access Control

Tenable's baseline source code control standards align to Certification requirements and industry best practices. Standards include: peer code reviews, role-based access control, least privilege, code and repository ownership, segregation of duties, and more.

​ ​

Vulnerability Management

As a leading provider of vulnerability management solutions, Tenable leverages its platforms to perform internal scans and analyze vulnerabilities on laptops, infrastructure and cloud environments.

Secure Software Development

Featured products

See Tenable
In Action

"We do in-depth research on everything. Tenable came out as the clear choice.” Matt Ramberg, Vice President of Information Security, Sanmina
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a Demo

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.

Request a Demo

Tenable.ad

Continuously detect and respond to Active Directory attacks. No agents. No privileges. On-prem and in the cloud.