Tenable Unveils SaaS Platform
February 01, 2017

Tenable Network Security introduced Tenable.io, a cloud-based vulnerability management platform to secure the full range of assets in the modern elastic IT environment.

According to a recent Gartner report, “organizations with large or growing cloud, virtualization and DevOps deployments must select a [vulnerability assessment] solution with these asset demographics in mind, and must consider a vendor’s current and future commitment to these technologies.” [Gartner source: Market Guide for Vulnerability Assessment by Oliver Rochford and Prateek Bhajanka, published Dec. 5 2016]

The challenge for most organizations is that virtualization, cloud, and the accelerating use of web applications and short-lived assets like containers has changed how and when they need to assess vulnerabilities.

“Networks, assets and threats have all changed dramatically over the last few years, but vulnerability management hasn’t kept up,” said Amit Yoran, CEO, Tenable Network Security. “This innovation gap has left organizations everywhere struggling to answer the most basic question in security: what is my vulnerability and risk exposure? Tenable.io represents a new, more strategic approach to vulnerability management for today’s elastic attack surface, with the capabilities and flexibility organizations need to understand and improve their cybersecurity risk posture.”

Tenable.io delivers the broadest coverage of any vulnerability management solution for unparalleled visibility into the security status of modern IT infrastructure. Unique auditing and assessment capabilities help customers identify and remediate vulnerabilities across more technologies, including containers, web applications and cloud instances. It is also the first major vulnerability management solution licensed by assets instead of IP addresses.

Tenable.io capabilities include:

- Advanced asset tracking: Tenable.io tracks changes to assets and their vulnerabilities with unsurpassed accuracy — no matter how they roam or how long they last. Using an advanced asset fingerprinting algorithm, Tenable.io pinpoints the true identity of each resource — even dynamic assets like laptops, virtual machines and cloud instances. As a result, customers better understand the true state of their environment.

- Elastic asset licensing: Tenable is the first major vulnerability management provider to offer asset-based elastic licensing. With asset-based licensing, just a single license unit is consumed per asset, even if the asset has multiple IP addresses. This elastic model permits scanning even when license counts are temporarily exceeded and automatically recovers licenses for rarely scanned assets or one-time bursts.

- Openness and integration: The Tenable.io application programming interface (API) and software development kit (SDK) simplify the export and import of vulnerability, asset, threat and other data. Customers can quickly integrate Tenable.io with other technologies to better understand their level of vulnerability exposure and risk, and to gain a deeper level of visibility and insight. Through the Tenable Technology Integration Partner (TIP) program, partners such as BMC Software, CyberArk, ForeScout, IBM Security and Phantom are also integrating their solutions with Tenable.io, which comes with pre-built integrations for popular patch management, credential management, mobile device management and even other vulnerability management solutions.

- 360-degree visibility: Traditional scanning tools have not kept up with new assets like cloud, mobile and virtual workloads in elastic IT environments. Drawing on Nessus® technology, Tenable.io employs active and agent scanning as well as passive traffic listening to deliver the broadest coverage of assets and vulnerabilities and eliminate persistent blind spots.

Tenable also announced plans to extend Tenable.io capabilities in early 2017 with two new products. These application security offerings address the increased exposure from DevOps-led container adoption and the explosion of web applications:

- Tenable.io Container Security: Based on the company’s acquisition last October of San Francisco-based FlawCheck, Tenable.io Container Security (available April 2017) continuously monitors container images for vulnerabilities, malware, and enterprise policy compliance. By bringing security into the container build process up-front, organizations can gain visibility into the hidden risks in containers and remediate them before they reach production, without slowing innovation cycles.

- Tenable.io Web Application Scanning: Safely scan web applications to identify and manage application vulnerabilities in a single integrated platform, alongside other network vulnerabilities and container flaws.

In coming quarters, Tenable.io will continue introducing capabilities that advance vulnerability management toward the strategic and integrated model of threat and vulnerability management (TVM), building on the platform’s unique asset coverage, openness, comprehensive vulnerability data, and licensing model.

Share this

Industry News

July 15, 2020

Platform9 announced key additional building blocks in delivering the next generation SaaS managed Kubernetes experience.

July 15, 2020

Progress announced the release of Corticon.js, the new serverless rules engine created to quickly and easily build, test and deploy rules to critical JavaScript applications.

July 15, 2020

Portshift announced the company's new K8SHIELD Framework and the introduction of context aware security policy enablement.

July 14, 2020

Perfecto by Perforce announced the launch of Android emulators and iOS simulators in its cloud testing platform.

July 14, 2020

SmartBear released new DevOps features in SwaggerHub, the company's API design and documentation platform.

July 14, 2020

Traceable, a new end-to-end application security monitoring platform, launched from stealth today with $20M in series A funding from Unusual Ventures and BIG Labs.

July 13, 2020

Docker announced a collaboration with Amazon Web Services (AWS) to simplify the lives of developers by allowing them to focus on application development, streamlining the process of deploying and managing containers in AWS from their local development environment.

July 13, 2020

Perforce Software announced the release of a combined JRebel and XRebel plugin for the Eclipse IDE.

July 13, 2020

Spectro Cloud announced that its first product—Spectro Cloud—is now generally available.

July 09, 2020

ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.

July 09, 2020

RunSafe Security announced a partnership with JFrog that will enable RunSafe to supercharge binary protections via a simple plugin that JFrog users can deploy within their Artifactory repositories and instantly protect binaries and containers.

July 09, 2020

LeanIX closed $80 million in Series D funding led by new investor Goldman Sachs Growth.

July 08, 2020

Afi.ai introduced Afi Data Platform, a cloud-based replication and resiliency service that helps to monitor, predict downtime and recover K8s applications.

July 08, 2020

D2iQ announced the release of Conductor, a new interactive learning platform that enables enterprises to access hands-on cloud native courses and training.

July 08, 2020

SUSE entered into a definitive agreement to acquire Rancher Labs.