It’s a new beginning! Ermetic is now Tenable Cloud Security.

Secure Cloud Identities and Entitlements

Governing identities is core to protecting your cloud environment. A misconfigured cloud infrastructure entitlement can bring down an entire application or lead to a devastating breach. Traditional methods for eliminating overprivileged and unused entitlements don’t meet cloud needs. Tenable’s holistic Cloud Native Application Protection Platform (CNAPP) enables organizations to govern cloud identities and access entitlements, and enforce least privilege at scale.

Why Govern Cloud Identities?

As cloud infrastructure grows, organizations quickly discover the challenges of cloud identity. The burgeoning number of identities and entitlements is impossible to manage manually. The number of service (machine) identities can easily reach the thousands. With so many identities, policies and permissions, the attack surface grows and lateral movement by attackers leveraging misconfigured or excessive permissions seems inevitable.

Cloud provider tools for monitoring and reducing identity risk fall short in scope and depth, and in providing a single multi-cloud platform where Security, DevOps and IAM can align on contextual visibility into access risk. Tenable Cloud Security offers a holistic identity-first approach that enables you to prevent cloud breaches and data theft by automating management of identity, permissions and access risks at scale and across clouds.

What Does Cloud Identity Governance Do?

According to Forrester, Cloud Identity Governance (CIG) solutions – also called Cloud Infrastructure Entitlement Management (CIEM) – enable organizations to track performance, allocate resources and modify cloud services in a robust cloud identity management context. CIG solutions like Tenable Cloud Security automate the detection, analysis and mitigation of access risk to help organizations meet protection requirements for cloud-native applications across virtual machines, containers and serverless workloads.

Ermetic [now Tenable Cloud Security] identifies risks and tells you what to do – this is awesome in helping explain to different groups what needs to be done.

Larry Viviano, Director of Information Security, IntelyCare

Automate Risk Analysis and Mitigation across Multi-cloud Environments

Cloud Identity Governance protects your organization’s cloud infrastructure by automating analysis of access risk for all permissions granted to all resources across all clouds in use. By analyzing risk deeply, at scale, CIG solutions can identify toxic combinations of permissions that are near-impossible to identify manually. Most importantly, CIG provides automated risk remediation, including policy corrections sent to the right stakeholders through workflows.

Using Tenable Cloud Security you can drill down on any identity or resource to view the full context of configurations, permissions, network exposure and activity across AWS, Azure and GCP, and make smart queries into activity logs. Tenable offers full stack insight across identity, network, compute and storage, and auto-generates optimized policies for mitigating the risk of unused identities, excessive permissions and otherwise risky privileges, including third parties and federated users from identity providers (iDPs). Tenable Cloud Security risk analysis also monitors for behavioral anomalies, using EUBA technology.

Securing IaaS, PaaS, IAM and More – Shared Responsibility

The shared responsibility models of cloud providers place the bulk of responsibility for securing Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) on the cloud customer. This includes responsibility for securing applications and customer data. Getting this done in IaaS/PaaS is especially hard because of the multitude of policies, configurations and cloud settings that impact effective access and block the path to least privilege.

Apply Least Privilege to All Cloud Infrastructure Access

Consider all IaaS and PaaS access to be privileged – and protect your organization accordingly. This means applying the principles of privileged access management and least privilege to all cloud entitlements. The pathway to least privilege starts with a full and accurate picture of all entitlements. Due to the cloud’s dynamic nature, you need to perform continuous discovery of all entities and policies, and continuous analysis of the relationships. The advanced analytics capabilities of Tenable’s holistic Cloud Identity Governance platform work to reveal gaps between the desired enterprise policy and actual entitlements, and enable security teams to keep up.

Tenable Cloud Security empowers organizations to speed up remediation of cloud infrastructure risks by executing automated response actions to fix problems with generated rightsized permissions policies integrated in your CI/CD pipelines like Jira and ServiceNow. The platform provides a number of options including one-click remediation, pre-populated optimized policies and configuration fixes fed directly into service tickets, or automatically generated IaC snippets in Terraform and CloudFormation.

Secure Your Public Cloud with Just-in-Time (JIT) Access

Your engineering teams occasionally need direct, highly privileged access to your sensitive cloud environments for specific activities, such as debugging or manual deployment of a service. Such all-encompassing entitlements can introduce significant risk if not revoked when no longer needed. Tenable Cloud Security provides a Just-in-Time (JIT) self-service portal for facilitating and controlling access requests to your cloud environments, and that minimizes the risk of long-standing privileges.

Using Tenable’s JIT capability you can:

  • Minimize exposure to identity compromise by granting access for the exact period of time needed for users to complete the task
  • Enable developers to make quick requests, notify approvers and gain temporary access, saving engineering teams time
  • Enforce zero trust by reducing long-standing privileges, which minimizes your cloud’s attack surface
  • Monitor user activity during elevated sessions and generate reports for all JIT access requests and authorizations

Achieve and Maintain Compliance

Whether your cloud environment is subject to regulatory frameworks or you prefer to benchmark against your own standards, Tenable’s holistic CNAPP enables continuous compliance audit with industry standards and best practices. Tenable Cloud Security monitors the full stack for potential compliance violations, including asset inventory, misconfigurations and network configuration, across dozens of industry standards, best practices and custom frameworks to help you meet your compliance needs.

  • Carry out continuous compliance audit including for CIS, GDPR, HIPAA, ISO, NIST, PCI and SOC2
  • Ticket automatically-generated, optimized policies and configuration fixes through Jira and ServiceNow
  • Generate detailed reports for asset inventory, network configurations and activity audits

Full Cloud-Native Security across the Lifecycle

Tenable Cloud Security offers robust identity and entitlement management as part of its comprehensive CNAPP for AWS, Azure and GCP. The platform provides continuous discovery across identities, infrastructure, workloads and data, visualizing, prioritizing and remediating cloud security and compliance risks from development to deployment. Tenable integrates into CI/CD pipelines for complete shift left security, and democratizes and accelerates organizational security efforts.

Start a free trial

See how Tenable Cloud Security can help secure your data.

Get Started

Tenable Cloud Identity Governance

  • Get Deep, Multicloud Visibility

    Manage all identities and resources in one platform. Investigate permissions, configurations and relationships

    Learn More
  • Understand the Attack Surface

    Assess & prioritize risk across human and service identities, network configuration, data and compute resources

    Learn More
  • Automate Remediation

    Mitigate risky privileges and faulty configurations through integration with ticketing, CI/CD pipelines, and IaC

    Learn More
  • Enforce Policies and Shift Left

    Define and enforce automated guardrails for access permissions and resource configuration, from dev to production.

    Learn More
  • Detect Anomalies

    Detect suspicious behavior and configuration changes with continuous behavioral analysis and alerts

    Learn More
  • Comply with Standards

    Audit inventory and ensure compliance with CIS, GDPR, SOC2, NIST, PCI DSS, HIPAA, ISO and more

    Learn More

Hear from Our Customers

Skip to content