What is Tenable Cloud Security?
Tenable Cloud Security (Formerly Tenable.cs) is a developer-friendly, cloud-native application platform that allows organisation to secure cloud resources, container images and cloud assets as well as providing end-to-end security from code to cloud to workload.
Tenable and Accurics
Accurics is a now a part of Tenable. With believe that Infrastructure as Code (IaC) is the future cloud, Tenable completed its acquisition with Accurics in October 2021.
Accurics is a cloud-native security platform that establishes security control from code to cloud from a single definition of security and compliance policy. It is a platform that secure your cloud-native applications while leveraging the single and multicloud as well as hybrid cloud throughout their entire lifecycle.
Like the former Accurics platform, Tenable Cloud Security provides a single platform for cloud security from design through runtime, leveraging a single definition of security and compliance policy, however with extended capabilities.
1. Cloud Security as Code
Tenable Cloud Security focuses on strengthening and establishing your DevSecOps practice through:
Policy as code
Tenable Cloud Security provides continuous assesment by capturing security policy as code, for example, CIS benchmark. With this feature, Tenable Cloud Security continuously detect non-compliance across Infrastructure as code at build-time and at the same time enforces of security policies before deployment (CI/CD).
Governance as code
Tenable Cloud Security offers automated Governance by capturing security governance decisions such as exception within infrastructure as code (IaC). It leverages code repositories for governance workflow and audit.
Drift as code
Tenable Cloud Security supports continuous detection of infrastructure changes in runtime thus report the policy non-compliance as infrastructure as code .In an incident where runtime configuration drifts away from the IaC, remediation as code will revert the vulnerable changes to propagate the safe changes to the IaC.
Security as code
Tenable Cloud Security gives advanced security. With Tenable Cloud Security, potential breach paths and blast radius are identified and assessed to understand vulnerabilities of application as well as prioritize risk resolution.
Remediation as code
Tenable Cloud Security promotes automated remediation. Once a vulnerabilities or exposure is detected, Tenable Cloud Security will automatically generates Infrastructure as code for remediation. The remediation code is then checked into the repository as a pull-requests (GitOps) and force security remediation as Iac directly to the related developers.
2. Security from Build-time to Runtime
Tenable Cloud Security delivers full lifecycle Cloud native security from build-time to runtime.
In build-time phase, Tenable.cs enables developer to integrate security by
- integrating into the IDE and pipeline to detect flaws in Infrastructure as Code
- assessing Infrastructure as Code on commit or merge requests.
- integrating into the CI/CD pipeline to detect flaws in containers and third-party libraries before deployment
In runtime phase, Tenable Cloud Security helps the security and operation team to enforce security by
- supporting continuous scanning and assessing Kubernetes and cloud infrastructures to detect drift.
- allowing detection of flaws in running containers and compute instances without deploying scanners or installing agents.
- enabling merge critical ad hoc changes and needed remediation steps back into build.
3. Added Developer focused features
- Tenable Cloud Security is supported with various features that facilitates developers capabilities which include:
- Ability to integrate the platform with IDE to get continuous security syntax monitoring of your Infrastructure as Code.
- Creating Infrastructure as Code snippets from running cloud configurations automatically,
- Reduce effort by continuously being in compliance with defined security policies in every commit.
- Ability to integrate the assessment and findings into your trusted or favourable tools, for example, Github, Gitlab, Jenkins, Slack, Bitbucket and many more.
- Freely available infrastructure as Code assessment tool as Tenable Cloud Security is built on the foundations of Terrascan.
4. Full Stack cloud-native security
Tenable Cloud Security delivers security in every steps from
- development tools which include JiRA, Jenkins, GitLab and GitHub as well as bitbucket
- infra as code including kubernetes, codecommit, arm and terraform
- cloud such as aws, google cloud and azure
- compute like docker, amazon lamda and amazon EC2
- apps which include API
1. Enhances User Experience
2. Improved runtime capabilities and reporting
3. Better integration with development workflows
Tenable Cloud Security can be a standalone solution, as part of Tenable Vulnerability Management (Formerly Tenable.io)
Tenable Cloud Security data is completely integrated into Tenable.io to provide unified views of assets and vulnerabilities.
E-SPIN Group had conducted a webinar session to provide customers with better understanding on Tenable Cloud Security Solution. Watch our video presentation on the topic ‘Tenable Cloud Security (formerly Tenable.cs) Product Overview’ as below.
E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Don’t hesitate to contact E-SPIN for your project requirement and inquiry.
This post was first published in 2022-Feb-16, updated 2023-May-26.