Company Builds Vulnerability Management Platform for the Cloud

Tenable rolls out new Software-as-a-Service vulnerability platform, built from the ground-up for the cloud era.

Tenable Network Security is expanding its product portfolio with a new Software-as-a-Service (SaaS) security platform called The new platform isn't simply a cloud version of Tenable's existing Security Center platform, but rather is a complete re-write, with features and capabilities purpose-built for the evolving cloud era.

"Tenable has been in the vulnerability management business for many years," Renaud Deraison, CTO and co-founder of Tenable, told eWEEK. "The complexity of IT today has never been greater."

In the modern world of IT, applications can be deployed in many different ways ranging from on-premises deployment to various forms of virtualization technologies running in public and private clouds. Rather than tracking IP addresses which are increasingly ephemeral in a virtualized application world, the platform tracks assets. Deraison added that the new platform is also built for integration, with an extensible Application Programming Interface (API) and Software Development Kits (SDKs).

Application Scanning

Among the capabilities on the platform is a new web application scanning capability. Deraison is well known in the security community for being the author of the Nessus vulnerability scanner that was first released back in 1998. Nessus was open-source until 2005, when Tenable decided to make the code proprietary. The web application scanning capability in is not based on Nessus, but rather is a new effort.

"Web application scanning has become extremely complex and you have to do a bunch of things that frankly Nessus has not been adapted to do," Deraison explained. "So we took a long hard look and we decided to build a brand new product."

Additionally, Tenable is now expanding into the container security landscape. Tenable acquired a container security vendor FlawCheck in October 2016 and has been working to advance the technology ever since. The container security capability in will scan applications for known vulnerabilities in containers. The market for container security is a growing one, with multiple technologies in the market, including the Docker Security Scanning.


Deraison explained that Tenable is using the Amazon Web Services (AWS) cloud as the backend infrastructure for the new platform. is deployed across multiple AWS regions, which enables customers to stay within a specific geography if required. For example, European customers can choose to keep all their data in an AWS European data center.

One of the concerns when it comes to cloud use has long been the issue of isolation in a multi-tenant environment. AWS offers a Virtual Private Cloud (VPC) connection that enables a private connection and an isolated segment of the cloud for users. Deraison said that Tenable is not currently directly offering its customers VPC capabilities.

"Customers use scanners locally on their own network and those scanners then reach back to us," Deraison explained. "So there is no need for a VPC, but we do isolate the data in many different ways."

From a migration standpoint, Deraison said that Tenable will work with its customers that want to transition from Tenable's existing Security Center vulnerability management platform. He noted that there will be an on-premises version of at some point in the near future.

"Security Center will continue to be maintained for a very long time, but we believe that customers will get way more value from," Deraison said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.