Home > News > featured news > Tenable Delivers Cloud Security Posture Management for Multi-cloud and Hybrid Environments

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tenable Delivers Cloud Security Posture Management for Multi-cloud and Hybrid Environments

GlobeNewswire | March 23, 2023 | Read time : 05:00 min

Tenable Delivers Cloud Security Posture Management for Multi-cloud

Tenable®, the Exposure Management company, today announced significant advancements to Tenable Cloud Security, a unified and scalable Cloud Security Posture Management (CSPM) and vulnerability management solution delivered on the Tenable One exposure management platform, and expanded availability of Tenable Agentless Assessment for Microsoft Azure.

Hybrid and multi-cloud strategies enable organizations to satisfy unique business requirements and accelerate innovation. But managing highly complex and distributed cloud environments – each with its own security tools, processes and specialized skill requirements – is neither easy nor straightforward. As a result, security issues such as simple misconfigurations and excessive privileges – the root cause of the majority of cloud breaches – can go unseen.

Tenable Cloud Security enables organizations to achieve consistent cloud security and compliance by bringing all cloud vulnerabilities, misconfigurations and drift across multi-cloud and cloud-native environments to the forefront, providing organizations with a unified cloud security solution that simplifies and scales cloud security posture management. Tenable Cloud Security’s built-in best practices consistently enforce security posture and compliance across environments, detecting and preventing risky configurations from ever reaching cloud runtimes.

When deployed as part of Tenable One, customers gain advanced vulnerability prioritization capabilities and automated remediation workflows, enabling security and DevOps teams to prioritize remediation efforts where they can have the biggest impact on security and compliance posture.

“Cloud environments are in a constant state of change, meaning that security, compliance and governance is a ‘never-done’ job,” said Nico Popp, chief product officer, Tenable. “With more than half of data breaches occurring in the cloud, organizations are racing against the clock and cannot afford for weak code to go into runtime. To effectively scale security at the speed and scale of the cloud, the pendulum must swing from reactive threat detection and response to exposure management and preventive cloud security posture management.”

Additional new and enhanced CSPM features include:

  • Continuous Discovery and Assessment - Improved cloud account onboarding enables organizations to continuously discover and assess both managed and unmanaged cloud accounts, limiting blind spots and minimizing risks.
  • Most Comprehensive Policy Portal, Views and Content - New policy portal makes it easy to view and customize over 1,500 out-of-the-box policies spanning 20 industry benchmarks and regulations. Enriched by the expertise and speed of Tenable Research, including the industry’s most comprehensive library of 71,000 known vulnerabilities, Tenable Cloud Security has 2.6 times more cloud Center for Internet Security (CIS) certifications than any other cloud security vendor. Organizations can visualize misconfiguration details, impacted resources and all the context needed to quickly remediate issues. With the new low code policy group editor, organizations can create custom policy groups enabling security teams to build custom policy groups leveraging existing policies.
  • Automated Cloud-to-Cloud Drift Detection - New drift detection enables organizations to maintain compliance by detecting configuration drift in runtime and between Infrastructure-as-Code (IaC), automating pull requests including corrected code or step-by-step instructions to the right owner, or applying remediation code automatically to significantly reduce mean-time-to-remediation.
  • Enhanced Reporting and Collaboration: Enhanced reporting capabilities enable security teams to accurately report on key metrics to executive leadership while increasing cross functional collaboration between security operations and compliance teams. Report and share security posture findings by role, function or by industry benchmarks and regulatory frameworks – such as CIS, SOC 2 and 20+ others.

About Tenable

Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies.

Spotlight

Value Drivers for an ASM Program Get the most out of attack surface management.

Discover What Makes an ASM Program Successful Cloud and remote work have not only revolutionized the way business is done, but they have irrevocably changed attack surfaces. Assets move, change and appear constantly, and this dynamic nature means traditional manual asset inventory processes simply cannot keep up. The modern atta

More featured news

Spotlight

Value Drivers for an ASM Program Get the most out of attack surface management.

Discover What Makes an ASM Program Successful Cloud and remote work have not only revolutionized the way business is done, but they have irrevocably changed attack surfaces. Assets move, change and appear constantly, and this dynamic nature means traditional manual asset inventory processes simply cannot keep up. The modern atta

Related News

DATA SECURITY, ENTERPRISE SECURITY, WEB SECURITY TOOLS

Verimatrix Launches New Cybersecurity Microsite, VMX Labs and Enhanced User Experience for Extended Threat Defense

Businesswire | April 10, 2023

Verimatrix, (Euronext Paris: VMX) (Paris:VMX), the leader in powering the modern connected world with people-centered security, today announced its launch of a new cybersecurity microsite (verimatrixcybersecurity.com), a new UX for its Extended Threat Defense (XTD) product, and a new VMX Labs research team offering cyber threat advisories and insights. “I am excited to unveil a new UX for our cybersecurity product, Extended Threat Defense, along with new services from Verimatrix to help our customers secure their mobile app ecosystems, and rapidly detect and respond to threats – including zero day attacks,” said Asaf Ashkenazi, CEO at Verimatrix. “Today, most companies interact with their customers via mobile applications. If that app is compromised, the connection between the company and their customers is at risk. Verimatrix XTD protects the connection of businesses to their consumers -- and there is nothing more important than that.” Just this year, large mobile-app breaches made headlines through their new use of overlay attacks within mobile app attacks, leading users to believe they were interacting with legitimate apps when they’re really arming bad actors with sensitive information and even their personal banking details. CISOs, SOC teams, fraud departments and developers can now turn to VerimatrixCybersecurity.com for the latest information surrounding mobile app security and the extended ecosystem of connected devices and lurking threats. Today’s launch includes: New cybersecurity microsite – Verimatrix also launched VerimatrixCybersecurity.com to offer a centralized destination and resource center for its XTD cloud platform. The microsite includes a host of new resources, including videos and white papers. New VMX Labs – Led by Klaus Schenk, Verimatrix’s senior vice president of security and threat research, VMX Labs aims to provide ongoing cyber threat advisories, as well as insights and commentary from VMX Lab team members who investigate threat types and information helpful to application developers and even users. New Product UX for Verimatrix XTD - Verimatrix delivers an amazing new user experience for its Extended Threat Defense product; a revamped UX and design that allows customers to more easily prevent, detect, respond and predict threats to mobile applications and the devices that connect to the critical infrastructure. The company has expanded its detection capabilities to the network, in addition to the application and device data. New capabilities include the ability to access network risk per application to protect the connection to the company’s critical infrastructure, and this is all available now. About Verimatrix Verimatrix (Euronext Paris: VMX) helps power the modern connected world with security made for people. We protect digital content, applications, and devices with intuitive, people-centered, and frictionless security. Leading brands turn to Verimatrix to secure everything from premium movies and live streaming sports to sensitive financial and healthcare data, and mission-critical mobile applications. We enable the trusted connections our customers depend on to deliver compelling content and experiences to millions of consumers around the world. Verimatrix helps partners get to market faster, scale easily, protect valuable revenue streams, and win new business. Visit www.verimatrix.com and www.verimatrixcybersecurity.com

Read More

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

CertiK Launches Skynet for Community Web3 Due Diligence Tool

Globenewswire | April 04, 2023

CertiK, the leading provider of blockchain security solutions, is excited to announce the launch of Skynet for Community, an all-in-one security, due diligence, and insights platform for the Web3 ecosystem. Skynet for Community empowers users, investors, and community members to make informed decisions about Web3 projects by providing a comprehensive set of tools for research, analysis, and monitoring. With thousands of Web3 projects creating millions of points of data every day, it's easy to get lost in the noise. Skynet for Community’s rich data-driven insights help users to discover new projects, conduct due diligence on projects of interest, and keep up to date on the latest news and developments in the Web3 space. The platform aggregates a vast amount of data into Web3's most accessible due diligence tool. Skynet for Community puts security front and center, with the Security Leaderboard ranking projects according to their Security Score and market performance. The Verified Teams (KYC) Leaderboard lists and ranks projects based on the status of their CertiK KYC Badge, which is awarded to project teams that undergo a rigorous background investigation. Skynet for Community evaluates the security of Web3 projects through both manual and automated measures. The platform covers the majority of all Web3 projects using transparent metrics, regardless of their relationship with CertiK. Manual Signal Scores are determined by CertiK’s research analysts and security experts, who evaluate factors such as the quality of whitepapers, documentation, and other fundamental aspects of the project. Automatic Signal Scores are calculated in real-time by the underlying software and monitoring systems, which evaluate website cybersecurity, security incidents, and other factors. The signals are weighted based on their severity or potential impact, and the aggregate of qualitative and quantitative insights makes up the project’s final Security Score. Skynet for Community also includes tools such as Exchange Analyzer, which allows users to conduct due diligence on centralized exchanges by displaying their on-chain asset holdings; Skynet Alerts, a system that provides timely notifications on rugpulls and exploits in the cryptocurrency space; and Wallet Analyzer, which provides insights on wallet addresses and makes it easy to visualize and decipher on-chain transactions between wallets. "Skynet for Community is a revolutionary product that leverages CertiK's expertise in blockchain security to provide an independent, transparent, and comprehensive evaluation of Web3 projects," said Professor Ronghui Gu, co-founder and CEO of CertiK. "We are excited to launch this product and offer the Web3 community a powerful tool that makes it easy to do your own research." The launch of Skynet for Community marks a new era of transparency and accountability for the Web3 world as it provides a comprehensive evaluation of projects' security in real-time. With its uniquely comprehensive approach of combining manual and automated measures, CertiK's Security Score provides an independent lens through which all Web3 projects can be evaluated. To learn more about Skynet Community and to try out the suite of due diligence tools, visit skynet.certik.com or follow along on Twitter at @CertiK and @CertiKCommunity. About CertiK CertiK is a pioneer in blockchain security, leveraging best-in-class AI technology and expert manual review to protect and monitor blockchain protocols and smart contracts. Founded in 2018 by professors from Yale University and Columbia University, CertiK secures the Web3 world, by applying cutting-edge innovations from academia to enterprise, enabling mission-critical applications to scale with safety and correctness. CertiK has audited more than 3,900 Web3 projects and secured hundreds of billions of dollars of market capitalization.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

GuidePoint Security Adds Cequence Security as the Latest Technology Partner to Join the Company’s Federal Emerging Cyber Vendor Program

Businesswire | May 03, 2023

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that Cequence Security, the leading provider of Unified API Protection (UAP), has joined its Emerging Cyber Vendor Program. Through this partnership, Cequence Security will leverage GuidePoint’s federal expertise across sales and marketing, operations, engineering and procurement to expand their federal footprint. As part of this program, the Cequence Unified API Protection solution will soon be available under GuidePoint’s GSA Multiple Award Schedule Contract #GS-35F-508CA. “While APIs are critical to enabling business, they have become a primary attack surface that must be protected,” said Jim Quarantillo, Federal Partner, GuidePoint Security. “Simply putting API gateways and WAFs in place to manage known APIs and known threats does not solve the API security issues to keep Government Agency data safe. A Unified API Protection solution that discovers, detects and defends against all API vulnerabilities, risks and threats is required.” “Cequence Security is the only solution that protects organizations from every type of attack on the OWASP API Security Top 10, OWASP Web Application Security Top 10 and OWASP Automated Threat list,” said Mark Azad, Chief Revenue Officer, Cequence Security. “Through our partnership with GuidePoint Security, government agencies will have a complete solution for addressing all API risks.” With the Cequence Unified API Protection (UAP) solution, customers can address every phase of their API protection lifecycle to defend APIs from attackers and eliminate unknown and unmitigated API security risks that can lead to API breaches, data loss, fraud, and business disruption. Security teams deploying the UAP solution achieve continuous protection of their complete API risk surface, enabling their organizations to reap the competitive and business advantages of ubiquitous API connectivity securely while meeting regulatory compliance. For more information on GuidePoint Security’s Emerging Cyber Vendor Program, go to https://www.guidepointsecurity.com/emerging-cyber-vendor-program/. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com. About Cequence Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory tracking, dynamic testing, risk analysis and native mitigation with proven, real-time threat protection against ever-evolving API attacks. Cequence Security secures more than 6 billion API calls a day and protects more than 2 billion user accounts across organizations in different verticals. Our customers trust us to protect their APIs and web applications with the most effective and adaptive defense against online fraud, business logic attacks, exploits and unintended data leakage, which enables them to remain resilient in today’s ever-changing business and threat landscape. Learn more at www.cequence.ai.

Read More

DATA SECURITY, ENTERPRISE SECURITY, WEB SECURITY TOOLS

Verimatrix Launches New Cybersecurity Microsite, VMX Labs and Enhanced User Experience for Extended Threat Defense

Businesswire | April 10, 2023

Verimatrix, (Euronext Paris: VMX) (Paris:VMX), the leader in powering the modern connected world with people-centered security, today announced its launch of a new cybersecurity microsite (verimatrixcybersecurity.com), a new UX for its Extended Threat Defense (XTD) product, and a new VMX Labs research team offering cyber threat advisories and insights. “I am excited to unveil a new UX for our cybersecurity product, Extended Threat Defense, along with new services from Verimatrix to help our customers secure their mobile app ecosystems, and rapidly detect and respond to threats – including zero day attacks,” said Asaf Ashkenazi, CEO at Verimatrix. “Today, most companies interact with their customers via mobile applications. If that app is compromised, the connection between the company and their customers is at risk. Verimatrix XTD protects the connection of businesses to their consumers -- and there is nothing more important than that.” Just this year, large mobile-app breaches made headlines through their new use of overlay attacks within mobile app attacks, leading users to believe they were interacting with legitimate apps when they’re really arming bad actors with sensitive information and even their personal banking details. CISOs, SOC teams, fraud departments and developers can now turn to VerimatrixCybersecurity.com for the latest information surrounding mobile app security and the extended ecosystem of connected devices and lurking threats. Today’s launch includes: New cybersecurity microsite – Verimatrix also launched VerimatrixCybersecurity.com to offer a centralized destination and resource center for its XTD cloud platform. The microsite includes a host of new resources, including videos and white papers. New VMX Labs – Led by Klaus Schenk, Verimatrix’s senior vice president of security and threat research, VMX Labs aims to provide ongoing cyber threat advisories, as well as insights and commentary from VMX Lab team members who investigate threat types and information helpful to application developers and even users. New Product UX for Verimatrix XTD - Verimatrix delivers an amazing new user experience for its Extended Threat Defense product; a revamped UX and design that allows customers to more easily prevent, detect, respond and predict threats to mobile applications and the devices that connect to the critical infrastructure. The company has expanded its detection capabilities to the network, in addition to the application and device data. New capabilities include the ability to access network risk per application to protect the connection to the company’s critical infrastructure, and this is all available now. About Verimatrix Verimatrix (Euronext Paris: VMX) helps power the modern connected world with security made for people. We protect digital content, applications, and devices with intuitive, people-centered, and frictionless security. Leading brands turn to Verimatrix to secure everything from premium movies and live streaming sports to sensitive financial and healthcare data, and mission-critical mobile applications. We enable the trusted connections our customers depend on to deliver compelling content and experiences to millions of consumers around the world. Verimatrix helps partners get to market faster, scale easily, protect valuable revenue streams, and win new business. Visit www.verimatrix.com and www.verimatrixcybersecurity.com

Read More

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

CertiK Launches Skynet for Community Web3 Due Diligence Tool

Globenewswire | April 04, 2023

CertiK, the leading provider of blockchain security solutions, is excited to announce the launch of Skynet for Community, an all-in-one security, due diligence, and insights platform for the Web3 ecosystem. Skynet for Community empowers users, investors, and community members to make informed decisions about Web3 projects by providing a comprehensive set of tools for research, analysis, and monitoring. With thousands of Web3 projects creating millions of points of data every day, it's easy to get lost in the noise. Skynet for Community’s rich data-driven insights help users to discover new projects, conduct due diligence on projects of interest, and keep up to date on the latest news and developments in the Web3 space. The platform aggregates a vast amount of data into Web3's most accessible due diligence tool. Skynet for Community puts security front and center, with the Security Leaderboard ranking projects according to their Security Score and market performance. The Verified Teams (KYC) Leaderboard lists and ranks projects based on the status of their CertiK KYC Badge, which is awarded to project teams that undergo a rigorous background investigation. Skynet for Community evaluates the security of Web3 projects through both manual and automated measures. The platform covers the majority of all Web3 projects using transparent metrics, regardless of their relationship with CertiK. Manual Signal Scores are determined by CertiK’s research analysts and security experts, who evaluate factors such as the quality of whitepapers, documentation, and other fundamental aspects of the project. Automatic Signal Scores are calculated in real-time by the underlying software and monitoring systems, which evaluate website cybersecurity, security incidents, and other factors. The signals are weighted based on their severity or potential impact, and the aggregate of qualitative and quantitative insights makes up the project’s final Security Score. Skynet for Community also includes tools such as Exchange Analyzer, which allows users to conduct due diligence on centralized exchanges by displaying their on-chain asset holdings; Skynet Alerts, a system that provides timely notifications on rugpulls and exploits in the cryptocurrency space; and Wallet Analyzer, which provides insights on wallet addresses and makes it easy to visualize and decipher on-chain transactions between wallets. "Skynet for Community is a revolutionary product that leverages CertiK's expertise in blockchain security to provide an independent, transparent, and comprehensive evaluation of Web3 projects," said Professor Ronghui Gu, co-founder and CEO of CertiK. "We are excited to launch this product and offer the Web3 community a powerful tool that makes it easy to do your own research." The launch of Skynet for Community marks a new era of transparency and accountability for the Web3 world as it provides a comprehensive evaluation of projects' security in real-time. With its uniquely comprehensive approach of combining manual and automated measures, CertiK's Security Score provides an independent lens through which all Web3 projects can be evaluated. To learn more about Skynet Community and to try out the suite of due diligence tools, visit skynet.certik.com or follow along on Twitter at @CertiK and @CertiKCommunity. About CertiK CertiK is a pioneer in blockchain security, leveraging best-in-class AI technology and expert manual review to protect and monitor blockchain protocols and smart contracts. Founded in 2018 by professors from Yale University and Columbia University, CertiK secures the Web3 world, by applying cutting-edge innovations from academia to enterprise, enabling mission-critical applications to scale with safety and correctness. CertiK has audited more than 3,900 Web3 projects and secured hundreds of billions of dollars of market capitalization.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

GuidePoint Security Adds Cequence Security as the Latest Technology Partner to Join the Company’s Federal Emerging Cyber Vendor Program

Businesswire | May 03, 2023

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that Cequence Security, the leading provider of Unified API Protection (UAP), has joined its Emerging Cyber Vendor Program. Through this partnership, Cequence Security will leverage GuidePoint’s federal expertise across sales and marketing, operations, engineering and procurement to expand their federal footprint. As part of this program, the Cequence Unified API Protection solution will soon be available under GuidePoint’s GSA Multiple Award Schedule Contract #GS-35F-508CA. “While APIs are critical to enabling business, they have become a primary attack surface that must be protected,” said Jim Quarantillo, Federal Partner, GuidePoint Security. “Simply putting API gateways and WAFs in place to manage known APIs and known threats does not solve the API security issues to keep Government Agency data safe. A Unified API Protection solution that discovers, detects and defends against all API vulnerabilities, risks and threats is required.” “Cequence Security is the only solution that protects organizations from every type of attack on the OWASP API Security Top 10, OWASP Web Application Security Top 10 and OWASP Automated Threat list,” said Mark Azad, Chief Revenue Officer, Cequence Security. “Through our partnership with GuidePoint Security, government agencies will have a complete solution for addressing all API risks.” With the Cequence Unified API Protection (UAP) solution, customers can address every phase of their API protection lifecycle to defend APIs from attackers and eliminate unknown and unmitigated API security risks that can lead to API breaches, data loss, fraud, and business disruption. Security teams deploying the UAP solution achieve continuous protection of their complete API risk surface, enabling their organizations to reap the competitive and business advantages of ubiquitous API connectivity securely while meeting regulatory compliance. For more information on GuidePoint Security’s Emerging Cyber Vendor Program, go to https://www.guidepointsecurity.com/emerging-cyber-vendor-program/. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com. About Cequence Cequence Security, the pioneer of Unified API Protection, is the only solution that unifies API discovery, inventory tracking, dynamic testing, risk analysis and native mitigation with proven, real-time threat protection against ever-evolving API attacks. Cequence Security secures more than 6 billion API calls a day and protects more than 2 billion user accounts across organizations in different verticals. Our customers trust us to protect their APIs and web applications with the most effective and adaptive defense against online fraud, business logic attacks, exploits and unintended data leakage, which enables them to remain resilient in today’s ever-changing business and threat landscape. Learn more at www.cequence.ai.

Read More

More featured news