AWS re:Invent 2025 - From VM to Cloud: Tenable’s Approach to Cloud Vulnerability Management (HMC306)

Summary of AWS re:Invent 2025 - From VM to Cloud: Tenable's Approach to Cloud Vulnerability Management (HMC306)

Challenges of Vulnerability Management in the Cloud

• Cloud environments have unique workloads with ephemeral, constantly changing containers and VMs, creating visibility challenges for agent-based solutions
• Cloud environments are highly complex with many different services and configurations, making it difficult to properly prioritize vulnerabilities based on context
• Managing vulnerabilities across both on-premises and cloud environments is challenging, as most solutions only address one or the other

Tenable's Approach to Cloud Vulnerability Management

• Tenable is a leader in vulnerability management, with a strong vulnerability intelligence database and proprietary risk scoring (VPR) that prioritizes vulnerabilities more effectively than CVSS
• Tenable Cloud Security provides a unified view of cloud risks, including configuration issues, data assets, and vulnerabilities, with context around public exposure and privilege levels
• Tenable's new Cloud VM offering is a lightweight, cloud-focused vulnerability management solution that addresses key use cases:
  • Identifying vulnerabilities in cloud-based VMs and containers
  • Enabling visibility during cloud migration
  • Providing a single pane of glass for hybrid on-premises and cloud vulnerability management

Tenable Cloud VM Solution Details

• Scans cloud workloads (VMs and containers) agentlessly, creating a comprehensive software inventory and identifying vulnerabilities
• Integrates with container image registries (including third-party) to analyze vulnerabilities and malware in container images
• Correlates findings from runtime analysis and image scans, providing a complete view of vulnerabilities
• Integrates with Tenable.one exposure management platform to combine cloud vulnerability data with on-premises and other sources

Key Features and Benefits

• Shift-left vulnerability analysis by scanning container images in registries, not just runtime
• Agentless scanning to overcome deployment and management challenges in cloud environments
• Unified vulnerability view across cloud and on-premises environments
• Prioritization based on Tenable's advanced vulnerability intelligence and risk scoring
• Efficient remediation guidance through Tenable's plugin-based approach

Business Impact

• Enables organizations to effectively manage vulnerabilities in their cloud environments, reducing risk exposure
• Provides visibility and control during cloud migration projects, ensuring consistent vulnerability management
• Integrates cloud vulnerability data with on-premises sources for a comprehensive, cross-environment risk management program
• Helps security teams focus remediation efforts on the most critical vulnerabilities based on Tenable's advanced prioritization

Example Use Cases

• A large enterprise migrating workloads to the cloud uses Tenable Cloud VM to maintain visibility and control over vulnerabilities during the transition
• A multi-cloud organization leverages Tenable Cloud VM and Tenable.one to gain a unified view of vulnerabilities across their entire infrastructure
• A security team uses Tenable's vulnerability intelligence and risk scoring to prioritize remediation efforts, addressing the most critical cloud-based vulnerabilities first