We're a Major Player in the 2025 IDC MarketScape for CNAPP. Here's Why That Matters for Your Cloud Security.
"With a strong focus on CNAPP through Tenable Cloud Security and exposure management with Tenable One, Tenable provides visibility and control over hybrid attack surfaces, including on-premises, cloud, and hybrid environments,” according to the report....
Identity is the New Perimeter: Why Your IdP Isn’t Enough
In a cloud-first world, identity is one of the most critical layers of security. While organizations are making progress using IdPs, major identity protection gaps remain....
Tackling Shadow AI in Cloud Workloads
As enterprise adoption of cloud AI systems balloons, protecting them has become a priority for cybersecurity teams. Shadow AI – the rampant, unsanctioned use of AI apps and services – has emerged as a particularly critical threat. Here we outline two best practices that can help you combat shadow AI...
OCI, Oh My: Remote Code Execution on Oracle Cloud Shell and Code Editor Integrated Services
Tenable Research discovered a Remote Code Execution (RCE) vulnerability (now remediated) in Oracle Cloud Infrastructure (OCI) Code Editor. We demonstrated how an attacker could silently 1-click hijack a victim’s Cloud Shell environment and potentially pivot across OCI services. The vulnerability als...
五步加强云安全:加快云中的响应速度
In this sixth installment of Tenable’s “Stronger Cloud Security in Five” blog series, we offer three recommendations that you can quickly roll out to help you expedite, prioritize and fine-tune how you detect and respond to cloud security issues....
公开的机密信息:云数据风险暴露将企业置于风险境地
Sensitive data and secrets are leaking. How cloud security leaders can shut them down....
五步加强云安全:在 GCP 中提升 Kubernetes 安全的 3 个快捷方法
In this fifth installment of Tenable’s “Stronger Cloud Security in Five” blog series, we offer three best practices for quickly hardening your Kubernetes environment’s security in GCP: remove wide inbound access to cluster APIs; remove root permissions from containers; and remove privileged permissi...
五步加强云安全:How DSPM Helps You Discover, Classify and Secure All Your Data Assets
In this fourth installment of Tenable’s “Stronger Cloud Security in Five” blog series, we turn our attention to securing cloud data, a complex endeavor as data grows exponentially and threats become more sophisticated. Check out five DSPM best practices to sharpen your cloud data security and compli...
云访问管理的未来: Tenable Cloud Security 如何重新定义即时访问
Traditional approaches to cloud access rely on static, permanent permissions that are often overprivileged. Learn how just-in-time access completely changes the game....
五步加强云安全:如何保护您的云工作负载
In the first installment of Tenable’s “Stronger Cloud Security in Five” blog series, we covered cloud security posture management (CSPM), which focuses on protecting your multi-cloud infrastructure by detecting misconfigurations. Today, we turn to securing cloud workloads, which are the applications...
ConfusedComposer:影响 GCP Composer 的权限提升漏洞
Tenable Research discovered a privilege-escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ConfusedComposer. The vulnerability could have allowed an identity with permission (composer.environments.update) to edit a Cloud Composer environment to escalate pri...
五步加强云安全:云配置安全的重要性
Mismanaging configurations in your multi-cloud environment can put you at an elevated risk for cyber attacks. In the first installment of our “Stronger Cloud Security in Five” blog series, we outline five best practices for boosting your cloud configuration management....