This content is part of the Conference Coverage: RSA 2017: Special conference coverage

Conference Coverage

Browse Sections

Tenable launches cloud-based vulnerability management platform

At RSA Conference 2017, Tenable Network Security introduced a cloud-based vulnerability management platform called that allows users to import and export vulnerability data.

SAN FRANCISCO -- Tenable Network Security is hoping to make vulnerability management great again.

The security vendor, based in Columbia, Md., unveiled a new cloud-based vulnerability management platform, dubbed, this week at RSA Conference 2017., which is delivered as a software-as-a-service offering, includes an API and software development kit that allows third parties to export and import vulnerability data. The vulnerability management platform includes web application scanning and container security monitoring features, as well as an asset tracking algorithm that tracks not only devices, but virtual machines and cloud instances, as well.

"We're looking to be the information security hub for the industry," Cris Thomas, security strategist at Tenable, told SearchSecurity. "It was important for us to build an ecosystem that works together for everyone."

Thomas said builds on the foundation of existing products like Nessus, Tenable's vulnerability scanning and configuration auditing tool. However, the vulnerability management platform was largely built from the ground up as a totally new, cloud-based offering. For example, has a service-level agreement with an uptime guarantee that's similar to SLAs of other major cloud providers.

The vulnerability management platform is also integrated with the IT service management workflows of several other security vendors and technology providers, including Amazon Web Services, CyberArk and ForeScout. The Tenable Technology Integration Partner program allows other companies to collaborate with Tenable and build integrations into the platform.

"We designed this to be easy to use," Thomas said. "You can export the data and feed it into other products, if you like. We obviously prefer you use it with Tenable products, but we make it work for pretty much any product."

Thomas admitted vulnerability management hasn't been the hottest of security technology categories in recent years and is often overlooked by many companies today. But he said better vulnerability management is crucial for enterprises with today's massive threat landscape, and the more companies that take part in, the more valuable vulnerability data will be generated for the participants.

"One of the issues that makes this sort of thing challenging is that it's hard to get critical mass," Thomas said. "But we have close to 2,500 customers that are already using products that are the basis for"

Next Steps

Learn how to adapt your enterprise's vulnerability monitoring strategy to hybrid cloud use

Find out how the Google Cloud Security Scanner compares to traditional vulnerability scanners

Examine the pros and cons of using a third-party web application scanner over a cloud provider's

Dig Deeper on Cloud Security Services: Cloud-Based Vulnerability Scanning and Antivirus