Stronger Cloud Security in Five: The Importance of Cloud Configuration Security
Mismanaging configurations in your multi-cloud environment can put you at an elevated risk for cyber attacks. In the first installment of our “Stronger Cloud Security in Five” blog series, we outline five best practices for boosting your cloud configuration management....
How To Implement Just-In-Time Access: Best Practices and Lessons Learned
With the just-In-time (JIT) access control method, privileges are granted temporarily on an as-needed basis. This reduces static entitlements, lowering the risk of compromised accounts and preventing privilege creep. In this blog, we’ll share how we implemented JIT access internally at Tenable using...
ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have allowed...
Who's Afraid of AI Risk in Cloud Environments?
The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions defaults. Find out what to know as your organization ramps up its AI game....
Choosing the Right Cloud Security Provider: Five Non-Negotiables for Protecting Your Cloud
Protecting your cloud environment for the long term involves choosing a security partner whose priorities align with your needs. Here's what you need to know....
Creating Elegant Azure Custom Roles: Putting NotActions into Action!
Creating custom Roles in Azure can be a complex process that may yield long and unwieldy Role definitions that are difficult to manage. However, it doesn’t have to be that way. Read on to learn how you can simplify this process using the Azure “NotActions” and “NotDataActions” attributes, and create...
What Makes This “Data Privacy Day” Different?
As we celebrate Data Privacy Day, Bernard Montel, Tenable’s EMEA Technical Director and Security Strategist, wants to remind us that we live in a digital world and that we need to protect it. With data breaches a daily occurrence, and AI changing the playing field, he urges everyone to “do better.”...
How To Clean Up Your Cloud Environment Using Tenable Cloud Security
You must periodically review your cloud environments to remove old and unused resources because they can create security risks. But what is the right way to perform this task? Read on to learn about five best practices we employ internally to clean up our cloud accounts which we hope can help enhanc...
Choosing the Right CNAPP: Six Considerations for Mid-Sized Enterprises
Mid-sized enterprises increasingly find themselves in need of a CNAPP, as their cloud adoption matures. But how should they go about selecting the right one? What questions should they ask and what criteria should they use? Here we unpack six key considerations that’ll help them evaluate their optio...
Web App Scanning 101: What Security Pros Need to Know About CI/CD Pipelines
Git, repositories and pipelines…oh my! We unpack standard practices in the web app development process and provide guidance on how to use Tenable Web Application Scanning to secure your code....
New AWS Control Policy on the Block
AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about and how to use them, as well as how Tenable Cloud Security already factors them into its analysis....
The Dark Side of Domain-Specific Languages: Uncovering New Attack Techniques in OPA and Terraform
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen? Stea...
