Introducing Tenable Cloud Security Agentless Assessment for Microsoft Azure

Tenable Cloud Security users now can quickly connect their Azure cloud accounts to perform cloud security posture management, including scanning for security vulnerabilities, misconfigurations and compliance. Here's how.

For years, thousands of customers have relied on Tenable to help them scan and manage vulnerabilities in their cloud infrastructure. As cloud usage has matured, we've introduced cloud-native tooling that leverages the power of public clouds, and we're proud to announce the general availability of Tenable Cloud Security Agentless Assessment for Microsoft Azure.

We offer this same capability for Amazon Web Services and Google Cloud Platform (GCP), and we've expanded Tenable Cloud Security's ability to now manage workloads in the world's largest public cloud providers. 

Agentless Assessment reflects significant technological advances and offers customers a unified approach to cloud security posture and vulnerability management across cloud and non-cloud assets. With the latest release of Tenable Cloud Security, Microsoft Azure users gain comprehensive visibility into their cloud environments and can perform robust vulnerability management, significantly reducing their risk of breaches. The new features include:

• Quick, organization-wide configuration that automatically discovers individual user workloads and their vulnerabilities
• Tenable Cloud Security provides the latest insights and updates automatically with no need to create new scans
• Enhanced policy management and reporting
• Expanded DevOps / GitOps coverage

Tenable Cloud Security Agentless Assessment for Microsoft Azure

Empowering security teams to monitor the sprawling attack surface with continuous, complete cloud visibility is critical for any organization looking to build a unified cloud security program.

Tenable Cloud Security Agentless Assessment enables security teams to quickly and easily discover and assess all their cloud assets in AWS and Azure. Data is continuously updated via automatic live scans triggered by any logged change event. When a new vulnerability is added to the database, security teams see if a vulnerability exists in their current asset inventory, without needing to execute a new scan.

Onboarding Azure cloud accounts is fast and easy. The one-time setup makes visible all Virtual Private Clouds (VPCs), virtual machines, virtual networks, user accounts and roles, cloud resources and data services, as well as a wide range of cloud resources. That way, users get views of both runtime vulnerabilities and cloud environment misconfigurations in a single solution.

Easily onboard Azure cloud accounts

Onboarding Azure cloud accounts is straightforward, requiring a subscription client ID, secret value and tenant ID, all available from the Azure dashboard. The video below shows how this is done.

Source: Tenable, November 2023

Agentless Assessment allows organizations to reduce their potential for exploits by detecting vulnerabilities on a continuous basis, and discovering zero-day threats as soon as they're published — without having to re-scan their entire environment. With coverage for more than 76,000 vulnerabilities, Tenable has the industry's most extensive database of Common Vulnerabilities and Exposures (CVEs). In addition, Tenable's security-configuration data helps customers understand all of their exposures across all of their assets.

Existing Tenable customers can now access Tenable Cloud Security Agentless Assessment for Amazon Web Services (AWS) and Microsoft Azure. 

Enhanced policy management and reporting

For years, we've been hearing about the importance of certain cybersecurity practices in cloud environments, particularly:

• Cloud security to properly protect those environments
• DevSecOps to embed security into software delivery pipelines
• “Shift left” to start security checks as part of local development cycles where they can be immediately fixed

These points are clearly top-of-mind for Tenable customers, who cite poor visibility into their assets and their security posture as key pain-points.

Tenable Cloud Security provides broad visibility across clouds and resources, and helps security teams prioritize remediation in a standardized way. With enriched policy workflows, new compliance reporting and failing policy groupings, Tenable Cloud Security insights help users improve their cloud governance and cloud security posture management.

Tenable Cloud Security Compliance Reporting: We dynamically update compliance reports and provide groupings for pre-defined benchmarks and regulatory frameworks. Tenable Cloud Security supports more than 20 benchmarks and frameworks, including Service Organization Control 2 (SOC2), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR).

View comprehensive reports on security findings

Scan data is automatically measured against your applied security policies and presented in Tenable Cloud Security reports, which show compliant and non-compliant resources. These views can be filtered by industry benchmarks and regulations, including Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). 

Tenable Cloud Security automated workflows: Users can easily create integrated workflows based on a specific policy so they can quickly re-assess any out-of-the-box policy or use it as a template to build a new customized policy specific to their environment.

Expanded remediation, DevOps and GitOps coverage

Tenable customers also tell us they're currently not widely adopting automation or DevSecOps – the practice of integrating development, security and operations to provision systems in public clouds. This can lead to a high level of cloud security risks and long remediation times due to manual processes. We want to help them adopt and accelerate their DevSecOps strategies.

Tenable Cloud Security helps users do that – and reduces the number of security weaknesses found in production – by integrating into existing DevOps workflows. Along these lines, we have made several key enhancements to aid DevSecOps teams.

Automated remediation workflows: Out of the box, Tenable Cloud Security provides an integrated view of all the resources failing a security policy, including details along with remediation recommendations that can be quickly passed to development teams via ServiceNow, Jira and other developer tools. 

Improved source code management integration and scanning: Tenable Cloud Security provides a “no experience necessary” mechanism of discovering all your repositories. It also can pull multiple repositories into an integrated view of all the resources failing security policies or compliance benchmarks. Any policy violations can quickly be resolved via auto-generated pull requests that can be submitted and tracked all within the same console. 

Learn more

• Watch the on-demand webinar: What's New with Tenable Cloud Security?
• Read the blog: Accelerate Vulnerability Detection and Response for AWS with Tenable Cloud Security Agentless Assessment
• Visit our Tenable Cloud Security product page