Tenable Cloud Security users now can quickly connect their Azure cloud accounts to perform cloud security posture management, including scanning for security vulnerabilities, misconfigurations and compliance. Here’s how.
For years, thousands of customers have relied on Tenable to help them scan and manage vulnerabilities in their cloud infrastructure. As cloud usage has matured, we’ve introduced cloud-native tooling that leverages the power of public clouds, and we’re proud to announce the general availability of Tenable Cloud Security Agentless Assessment for Microsoft Azure.
We offer this same capability for Amazon Web Services, and we’ve expanded Tenable Cloud Security’s ability to now manage workloads in the world’s two largest public cloud providers.
Agentless Assessment reflects significant technological advances and offers customers a unified approach to cloud security posture and vulnerability management across cloud and non-cloud assets. With the latest release of Tenable Cloud Security, Microsoft Azure users gain comprehensive visibility into their cloud environments and can perform robust vulnerability management, significantly reducing their risk of breaches. The new features include:
- Quick, organization-wide configuration that automatically discovers individual user workloads and their vulnerabilities
- Tenable Cloud Security Live Results for Azure, providing Tenable Research updates automatically with no need to create new scans
- Enhanced policy management and reporting
- Expanded DevOps / GitOps coverage
Tenable Cloud Security Agentless Assessment and Live Results for Microsoft Azure
Empowering security teams to monitor the sprawling attack surface with continuous, complete cloud visibility is critical for any organization looking to build a unified cloud security program.
Tenable Cloud Security Agentless Assessment and Tenable Cloud Security Live Results enable security teams to quickly and easily discover and assess all their cloud assets in AWS and Azure. Data is continuously updated via automatic live scans triggered by any logged change event. When a new vulnerability is added to the database by our industry-leading Tenable Research team – responsible for more than 185,000 plugins able to assess 76,000 CVEs and threats – Tenable Cloud Security Live Results allows security teams to see if a vulnerability exists in their current asset inventory, without needing to execute a new scan.
As with Tenable Cloud Security’s support for AWS, onboarding Azure cloud accounts is fast and easy. The one-time setup makes visible all Virtual Private Clouds (VPCs), virtual machines, virtual networks, user accounts and roles, cloud resources and data services, as well as a wide range of cloud resources. That way, users get views of both runtime vulnerabilities and cloud environment misconfigurations in a single solution.
Easily onboard Azure cloud accounts
Onboarding Azure cloud accounts is straightforward, requiring a subscription client ID, secret value and tenant ID, all available from the Azure dashboard. The video and images below show how this is done.
Source: Tenable, May 2023
Run vulnerability scans and related IaC scans
With your Azure account connected, you can create projects to scan your cloud resources, selecting the policies appropriate to your use case. This video shows a VM scan.
Source: Tenable, May 2023
Agentless Assessment allows organizations to reduce their potential for exploits by detecting vulnerabilities on a continuous basis, and discovering zero-day threats as soon as they’re published — without having to re-scan their entire environment. With coverage for more than 76,000 vulnerabilities, Tenable has the industry’s most extensive database of Common Vulnerabilities and Exposures (CVEs). In addition, Tenable’s security-configuration data helps customers understand all of their exposures across all of their assets.
Existing Tenable customers can now access Tenable Cloud Security Agentless Assessment for Amazon Web Services (AWS) and Microsoft Azure.
Enhanced policy management and reporting
For years, we’ve been hearing about the importance of certain cybersecurity practices in cloud environments, particularly:
- Cloud security to properly protect those environments
- DevSecOps to embed security into software delivery pipelines
- “Shift left” to start security checks as part of local development cycles where they can be immediately fixed
These points are clearly top-of-mind for Tenable customers, who cite poor visibility into their assets and their security posture as key pain-points.
Tenable Cloud Security provides broad visibility across clouds and resources, and helps security teams prioritize remediation in a standardized way. With enriched policy workflows, new compliance reporting and failing policy groupings, Tenable Cloud Security insights help users improve their cloud governance and cloud security posture management.
Tenable Cloud Security Compliance Reporting: We dynamically update compliance reports and provide groupings for pre-defined benchmarks and regulatory frameworks. Tenable Cloud Security supports more than 20 benchmarks and frameworks, including Service Organization Control 2 (SOC2), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR).
View comprehensive reports on security findings
Scan data is automatically measured against your applied security policies and presented in Tenable Cloud Security reports, which show compliant and non-compliant resources. These views can be filtered by industry benchmarks and regulations, including Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). Check out this video of the Reports dashboard.
Source: Tenable, May 2023
Tenable Cloud Security automated workflows: The image below shows an example of how users can easily create integrated workflows based on a specific policy so they can quickly re-assess any out-of-the-box policy or use it as a template to build a new customized policy specific to their environment.
Source: Tenable, May 2023
Expanded remediation, DevOps and GitOps coverage
Tenable customers also tell us they’re currently not widely adopting automation or DevSecOps – the practice of integrating development, security and operations to provision systems in public clouds. This can lead to a high level of cloud security risks and long remediation times due to manual processes. We want to help them adopt and accelerate their DevSecOps strategies.
Tenable Cloud Security helps users do that – and reduces the number of security weaknesses found in production – by integrating into existing DevOps workflows. Along these lines, we have made several key enhancements to aid DevSecOps teams.
- Automated remediation workflow improvements
- HashiCorp Terraform cloud run-task support
- Improved source code management
Automated remediation workflows: Out of the box, Tenable Cloud Security provides an integrated view of all the resources failing a security policy, including details along with remediation recommendations that can be quickly passed to development teams. We continue to make improvements to Jira-specific workflows, alert management and other existing features. Here's a video of built-in remediation workflows.
Source: Tenable, May 2023
HashiCorp Terraform cloud run-task integration: Tenable Cloud Security can scan Terraform templates during the Terraform cloud-deploy step for AWS and Azure. This allows Terraform cloud customers to detect any security issues within their Infrastructure as Code (IaC) using Tenable Cloud Security as part of their Terraform planning. This functionality helps developers detect and fix compliance and security risks in their IaC so they can mitigate issues before cloud infrastructure is provisioned.
Source: Tenable, May 2023
Improved source code management integration and scanning: Tenable Cloud Security provides a “no experience necessary” mechanism of discovering all your repositories. It also can pull multiple repositories into an integrated view of all the resources failing security policies or compliance benchmarks. Any policy violations can quickly be resolved via auto-generated pull requests that can be submitted and tracked all within the same console.
Source: Tenable, May 2023
Learn more
- Watch the on-demand webinar: What’s New with Tenable Cloud Security?
- Read the blog: Accelerate Vulnerability Detection and Response for AWS with Tenable Cloud Security Agentless Assessment
- Visit our Tenable Cloud Security product page
