Full Report
Tenable has launched Tenable Cloud Vulnerability Management — a powerful new offering within Tenable One — to help vulnerability management leaders identify, prioritize, and remediate exposures across multi-cloud and hybrid environments. Key takeawaysAgentless inventory and visibility: Achieve complete asset inventory and coverage across all existing virtual machines, virtual machine images and container images in AWS, Azure, Oracle Cloud, and GCP – without deploying agents or moving data off-account. Unified hybrid risk view: Consolidate your virtual machine and image security data into the Tenable One platform for a single, unified Asset Exposure Score (AES), providing instant, contextualized risk insight across your entire attack surface. Guided remediation and an exposure management pathway: Receive the clear remediation steps needed to close risk, laying the foundation for a holistic exposure management program tomorrow.Your vulnerability management team has spent years perfecting its program. With top-notch processes, expertise and technology, it excels at pinpointing and remediating the most critical vulnerabilities that put your on-premises assets at risk. But the cloud is, quite simply, a different beast.Your organization’s cloud-native development keeps accelerating. Cloud workloads and containers spin up and down in minutes. You know you need to extend your program so that cloud vulnerabilities don’t become a dangerous blind spot.What if you could simply extend your existing, best-in-class vulnerability management program directly into the cloud? What if you could get the foundational security you need for cloud workloads and containers? We heard you, and we’re pleased to say that we’ve now made it very easy for you to do this. That’s why we’re thrilled to announce the launch of Tenable Cloud Vulnerability Management — a new offering within our Tenable One Exposure Management Platform. The power of Tenable One in action – Tenable Cloud Vulnerability Management instantly unifies vulnerability risk visibility across on-premises, cloud, and hybrid environments, leveraging prioritization and unified reporting to clarify exposure.Tenable Cloud Vulnerability Management is designed to help organizations identify, prioritize, and remediate cloud vulnerabilities while supporting foundational cloud-workload protection (CWPP) practices. The growing cloud vulnerability gapAs organizations accelerate cloud and AI adoption, security isn’t keeping pace. These stats from the Tenable Cloud AI Risk Report 2025 illustrate how even a single exposure in AI-linked workloads can cascade into major risk:70% of cloud AI workloads contain at least one unremediated critical vulnerability — significantly higher than the 50% of non-AI workloads with the same issue.91% of organizations using Amazon SageMaker have the risky default of root access enabled in at least one notebook instance.14% of Amazon Bedrock users have at least one AI training bucket that lacks public access blocks.With AI-powered applications driving new dependencies and expanding the attack surface, organizations face a growing visibility and prioritization gap between what they can see across their on-prem and cloud environments — and what attackers can exploit. To close this gap, it’s critical to unify vulnerability management and cloud security under a single, contextual view of exposure, enabling both CISOs and security teams to act with clarity and speed.Introducing Tenable Cloud Vulnerability ManagementTenable Cloud Vulnerability Management closes that gap. It brings agentless, multi-cloud coverage to AWS, Azure, Oracle Cloud Infrastructure (OCI), and Google Cloud — offering near real-time visibility and risk assessment through native API connections within the Tenable One platform. The new Tenable Cloud Vulnerability Management license delivers an agentless inventory of all your cloud-based virtual machines, machine images (AMIs) and container images directly within the Tenable Cloud Security dashboard, with clear, guided risk remediation steps.With Tenable Cloud Vulnerability Management, vulnerability management leaders can:Gain effortless, agentless inventory coverage for your hybrid environment. Assess workloads and containers across your entire multi-cloud and hybrid environment without the operational headache. By leveraging native cloud APIs, Tenable performs the data analysis in-account, ensuring continuous, accurate coverage without deploying agents or requiring you to move sensitive data off-account for scanning.Secure containers in registries. Tenable Cloud Vulnerability Management provides comprehensive vulnerability scanning at a critical stage of the container lifecycle: registry scanning. We scan container images stored in registries — whether in managed services like AWS Elastic Container Registry (ECR) or third-party container registries. This allows you to identify and address vulnerabilities before the image is ever pulled into a live runtime environment.Gain the comprehensive, unified view of risk that modern security demands. Tenable Cloud Vulnerability Management integrates seamlessly with the Tenable One Exposure Management Platform. This integration instantly combines your new cloud findings with data from Tenable One components like Tenable Vulnerability Management (for on-prem), Identity Exposure, OT Security, and Web Application Scanning. This platform unification delivers true hybrid visibility and filters out the noise. This means organizations can extend their existing vulnerability management practices into the cloud without the complexity, latency, or blind spots of traditional agent-based solutions. Why agentless visibility changes everythingUnlike legacy vulnerability scanners, Tenable Cloud Vulnerability Management eliminates the need to deploy or maintain agents across thousands of workloads. It uses cloud-native APIs to connect to accounts, capture snapshots, and decrypt volumes as needed — providing fast, comprehensive insight into software packages, file signatures, and vulnerabilities.Without impacting the performance of production workloads, Tenable Cloud Vulnerability Management gives vulnerability management leaders:Instant onboarding across accounts and regionsIn-account data analysis for strict privacy complianceManaging and prioritizing vulnerabilities - everywhereCombined with Tenable’s Vulnerability Priority Rating (VPR) — a predictive model powered by one of the world’s most comprehensive vulnerability-intelligence databases — organizations can pinpoint which exposures matter most based on exploitability, maturity, and threat context.Visibility meets context: Start with what you need, grow as you goWith Tenable Cloud Vulnerability Management, you can start addressing critical cloud vulnerabilities today. For example, the platform can instantly reveal a live virtual machine that has a critical vulnerability (like an old OS with an unpatched zero-day) that has a known exploit and high VPR score. You can then find and remediate this high-impact issue before attackers exploit the flaw, gaining immediate protection. At the same time, Tenable Cloud Vulnerability Management is part of Tenable One, the Exposure Management platform, which provides a scalable path forward. It unifies visibility across IT, cloud, identity, and operational technology (OT), and enables the layering of additional capabilities – including CIEM for identity risks, DSPM for sensitive data, and more – to create a holistic continuous threat exposure management (CTEM) program without starting from scratch. Vulnerability data is no longer just a list of flaws – it’s analyzed in the context of misconfigurations, exposure, and operational risk. In other words, capitalize on Tenable Cloud Vulnerability Management to start protecting your cloud workloads today and gain a clear path to holistic CTEM tomorrow.Learn moreRead the Tenable Cloud AI Risk Report 2025Explore Tenable Cloud SecurityDownload the Tenable Cloud Vulnerability Management datasheet
Analysis Summary
As a malware analyst and TTPs specialist, I have summarized the information provided. Note that the source material primarily describes a security *product offering* (Tenable Cloud Vulnerability Management) designed to *identify and manage exposures* rather than detailing specific offensive malware or threat actor Tooling/TTPs, outside of describing the *vulnerabilities* attackers might exploit.
The summary below focuses on the capabilities and features of the Tenable offering as if it were a defensive tool used to counter adversarial techniques.
# Tool/Technique: Tenable Cloud Vulnerability Management (TCVM)
## Overview
Tenable Cloud Vulnerability Management (TCVM) is a new offering within the Tenable One Exposure Management Platform designed to extend existing vulnerability management programs into multi-cloud and hybrid environments (AWS, Azure, OCI, GCP). Its primary purpose is to identify, prioritize, and facilitate the remediation of security exposures across cloud workloads, VMs, and container images without deploying security agents. It unifies this data with on-premises findings for a holistic view of cyber risk.
## Technical Details
- Type: Security / Vulnerability Management Tool
- Platform: Multi-cloud (AWS, Azure, OCI, GCP), Hybrid Environments (VMs, Containers)
- Capabilities: Agentless inventory, unified hybrid risk scoring (Asset Exposure Score - AES), guided remediation, container registry scanning, integration with VPR prioritization.
- First Seen: Recent launch announcement (Context suggests current/new product).
## MITRE ATT&CK Mapping
Since this is a defensive tool, it is mapped against the adversary techniques it helps detect or mitigate.
- **TA0001 - Initial Access**
- T1190 - Exploit Public-Facing Application (Helps identify exploitable vulnerabilities, e.g., in VMs or images).
- **TA0003 - Persistence**
- T1578 - Modify System Process (Identifying vulnerable configurations that allow persistence mechanisms).
- **TA0006 - Credential Access**
- T1212 - Exploit Public-Facing Application (Identifying misconfigurations that lead to credential exposure).
- **TA0011 - Command and Control**
- T1573 - Encrypted Channel (By identifying vulnerable software stacks that might be leveraged for C2).
- **TA0012 - Discovery**
- T1518 - Software Discovery (Identifying installed software packages across cloud assets).
- **TA0040 - Impact**
- T1489 - Service Denial (Identifying vulnerabilities that could lead to denial of service).
## Functionality
### Core Capabilities
- **Agentless Inventory and Visibility:** Achieves complete asset inventory (VMs, VM images, container images) across supported clouds without installing agents or moving data outside the customer account.
- **Unified Hybrid Risk View:** Integrates cloud findings with on-prem data (from Tenable Vulnerability Management) to provide a single **Asset Exposure Score (AES)**.
- **Guided Remediation:** Provides clear, actionable steps to close identified risks.
- **Container Registry Scanning:** Scans container images in registries (e.g., AWS ECR) before runtime to identify vulnerabilities in the container lifecycle.
### Advanced Features
- **In-Account Data Analysis:** Leverages native cloud APIs to perform data analysis within the customer's account, meeting strict privacy compliance requirements.
- **Vulnerability Prioritization Rating (VPR):** Utilizes a predictive model based on exploitability, maturity, and threat context to prioritize the most critical exposures, moving beyond traditional CVSS scoring.
- **Exposure Management Pathway:** Integrates within Tenable One to support a scalable path toward Continuous Threat Exposure Management (CTEM), layering capabilities like CIEM and DSPM.
## Indicators of Compromise
*No traditional malware IoCs (Hashes, C2s) are associated with this vulnerability management platform itself. The data it focuses on relates to adversary capabilities.*
- **Behavioral Indicators (Related to Vulnerabilities Spotted):**
- Instances with highly prioritized known vulnerabilities (high VPR) that have active exploits in the wild (e.g., "old OS with an unpatched zero-day").
- Risky default configurations in cloud services, such as:
- Root access enabled in Amazon SageMaker notebook instances (91% adherence noted in a related report).
- AI training buckets lacking public access blocks (14% adherence noted in a related report).
## Associated Threat Actors
This tool is associated with **Defenders/Security Teams** rather than specific threat groups, as its function is defensive risk management. However, the *vulnerabilities* it seeks to find are those that sophisticated actors, including nation-states and organized cybercrime groups, are known to exploit in cloud-native environments.
## Detection Methods
TCVM itself is a detection/assessment mechanism. Detection relies on:
- **API Assessment:** Continuous monitoring via native cloud APIs to check configuration state and installed software packages.
- **Snapshot & Decryption:** Capturing temporary snapshots of volumes and decrypting them as needed to analyze software packages for known vulnerabilities.
- **Prioritization Engine:** Using the VPR score to elevate findings that align with current active threats and exploitability.
## Mitigation Strategies
- **Agentless Scanning:** Eliminates the operational burden and potential security gap caused by patch drift in security agents across ephemeral cloud workloads.
- **Shift Left Security:** Identifying and remediating container image vulnerabilities in the registry *before* deployment.
- **Risk Contextualization:** Focusing remediation efforts based on VPR score and threat context, ensuring critical patching addresses the highest likelihood of exploitation.
- **Hybrid Unification:** Applying consistent security policies and visibility across on-premise, cloud, and AI-linked workloads.
## Related Tools/Techniques
- **Tenable Cloud Security (CNAPP):** The broader suite including TCVM.
- **Tenable Vulnerability Management (TVM/Nessus):** The traditional tool used for on-premises scanning that TCVM extends.
- **Cloud Security Posture Management (CSPM) / Cloud Native Application Protection Platform (CNAPP):** TCVM capabilities overlap with these categories.
- **Cloud Infrastructure Entitlement Management (CIEM)/Data Security Posture Management (DSPM):** Capabilities that can be layered onto Tenable One for a more comprehensive CTEM program.