It’s a new beginning! Ermetic is now Tenable Cloud Security.

Kubernetes Security Posture Management (KSPM)

KSPM tools automate security and compliance for K8S environments. Learn how Tenable Cloud Security’s KSPM, part of an identity-first cloud native application protection platform (CNAPP), accurately reveals, prioritizes and remediates security gaps in Kubernetes clusters across your cloud infrastructure.

Organizations have manually stitched together DevSecOps with 10 or more disparate security tools — some new and some old — each with siloed responsibilities and a limited view of application risk.

Gartner, Inc, Innovation Insight for Cloud-Native Application Protection Platforms Report August 2021

Who Needs Kubernetes Protection?

Kubernetes is today’s go-to technology for orchestrating containers in the cloud. Solutions like cloud security posture management (CSPM) manage risk and non-compliance for cloud environments however are unable to see inside Kubernetes components. KSPM provides this added depth, addressing the risks unique to Kubernetes environments – and is essential for organizations using Kubernetes.

Tenable Cloud Security for KSPM

Tenable Cloud Security offers a powerful KSPM solution that gives full, contextual visibility into Kubernetes resources, including nodes, namespaces, deployments, servers and service accounts. With fine-grained accuracy, Tenable detects, prioritizes and remediates Kubernetes compliance violations, misconfigurations, and other security gaps that can lead to breaches.

Tenable’s expertise in securing human and service identities in cloud infrastructure extends to Kubernetes. Its advanced risk analysis includes all the users and services in the internal Kubernetes IAM mechanism (RBAC), surfacing IAM risk – and generating fine-grained least privilege policies for remediation.

Unified Visibility and Asset Management

Tenable Cloud Security provides a full, categorized asset inventory for AWS, Azure and GCP, letting you manage all cloud resources, including workloads, identities, data, network and Kubernetes clusters, in one place. Tenable continuously discovers all resources in your environment, and visualizes them in a meaningful, multi-dimensional context. Smart search and query tools let you easily investigate configurations, permissions and relationships to understand more. 

Tenable Cloud Security ingests Kubernetes inventory data by querying the cloud APIs and Kubernetes API for each cluster, and through continuous, agentless scanning of Kubernetes node configuration and the containers in each node.

Full-Stack Risk Assessment for Kubernetes Security

Tenable Cloud Security brings full stack risk analysis – including vulnerability scanning for containers – and guided remediation to the management of Kubernetes security posture. Tenable contextualizes container image scanning, visualizing network exposure, posture issues, IAM misconfigurations, and other risks to prioritize which vulnerabilities can expose sensitive resources and potentially have the greatest impact on your assets. 

  • Enforce compliance standards for Kubernetes clusters including CIS and hardening guide benchmarks
  • Detect container vulnerabilities deployed on Kubernetes clusters, by leveraging integrated workload scanning of images 
  • Detect misconfigurations defined in Kubernetes manifests, by leveraging integrated Infrastructure as Code scanning 

Tenable prioritizes findings, helping teams tap into their “inner security expert” to focus on the risks that matter most.

Remediation for Accelerated Risk Reduction

Tenable Cloud Security offers automated and guided remediation of misconfigurations, policy violations, and risky privileges within clusters and for the full cloud environment.

  • Auto-remediates misconfigurations, policy violations, and risky privileges, including excessive and unused, in your multicloud environment
  • Speeds up mitigation using wizards, pre-populated optimized policies and configuration fixes in tickets, and snippets in Terraform and CloudFormation
  • Secures RBAC in internal Kubernetes roles, cluster roles and identities

Anomaly Detection and Threat Investigation

Tenable Cloud Security automates threat detection of unusual activity through continuous risk analysis against behavioral baselines, helping identify anomalous and suspicious behavior that can endanger your most critical assets. It analyzes cloud provider logs and correlates cloud threats with the underlying architecture to instantly reveal the context associated with each risk. 

By querying enriched logs, your incident response teams can understand, view and investigate risks in context. Accelerate response through integrations with SIEM solutions (such as Splunk and IBM QRadar) and with ticketing/notification systems (such as ServiceNow and Jira).

Compliance Audit and Automated Reporting

Tenable Cloud Security automates compliance and security against industry standards, security benchmarks and custom frameworks. It helps you understand what is running in your environment and how it is configured. Audit and compliance teams can use Tenable to identify and mitigate compliance violations early, and create detailed reports.

  • Continuous multicloud compliance with tens of industry frameworks including CIS, GDPR, NIST, PCI-DSS, Kubernetes benchmarks and more, and custom checks
  • Produce detailed reports for internal compliance, external audit and daily security activities (asset inventory, misconfiguration, network configurations,…)

Full Cloud-Native Security across the Lifecycle

Tenable Cloud Security offers Kubernetes protection as part of its comprehensive Cloud Native Application Protection Platform (CNAPP) for AWS, Azure and GCP. It provides continuous discovery across identities, infrastructure, workloads and data, visualizing, prioritizing and remediating cloud security and compliance risks from development to deployment. Tenable integrates into CI/CD pipelines for complete shift left security, and democratizes and accelerates organizational security efforts.

Start a free trial

See how Tenable Cloud Security can help secure your data.

Get Started

Tenable Cloud Infrastructure Entitlement Management

  • Get Deep, Multicloud Visibility

    Manage all identities and resources in one platform. Investigate permissions, configurations and relationships

    Learn More
  • Understand the Attack Surface

    Assess & prioritize risk across human and service identities, network configuration, data and compute resources

    Learn More
  • Automate Remediation

    Mitigate risky privileges and faulty configurations through integration with ticketing, CI/CD pipelines, and IaC

    Learn More
  • Enforce Policies and Shift Left

    Define and enforce automated guardrails for access permissions and resource configuration, from dev to production.

    Learn More
  • Detect Anomalies

    Detect suspicious behavior and configuration changes with continuous behavioral analysis and alerts

    Learn More
  • Comply with Standards

    Audit inventory and ensure compliance with CIS, GDPR, SOC2, NIST, PCI DSS, HIPAA, ISO and more

    Learn More

Hear from Our Customers

Skip to content