Tenable Network Security is expanding its product portfolio with a new Software-as-a-Service (SaaS) security platform called Tenable.io. The new platform isn’t simply a cloud version of Tenable’s existing Security Center platform, but rather is a complete re-write, with features and capabilities purpose-built for the evolving cloud era.
“Tenable has been in the vulnerability management business for many years,” Renaud Deraison, CTO and co-founder of Tenable, told eWEEK. “The complexity of IT today has never been greater.”
In the modern world of IT, applications can be deployed in many different ways ranging from on-premises deployment to various forms of virtualization technologies running in public and private clouds. Rather than tracking IP addresses which are increasingly ephemeral in a virtualized application world, the Tenable.io platform tracks assets. Deraison added that the new platform is also built for integration, with an extensible Application Programming Interface (API) and Software Development Kits (SDKs).
Application Scanning
Among the capabilities on the Tenable.io platform is a new web application scanning capability. Deraison is well known in the security community for being the author of the Nessus vulnerability scanner that was first released back in 1998. Nessus was open-source until 2005, when Tenable decided to make the code proprietary. The web application scanning capability in Tenable.io is not based on Nessus, but rather is a new effort.
“Web application scanning has become extremely complex and you have to do a bunch of things that frankly Nessus has not been adapted to do,” Deraison explained. “So we took a long hard look and we decided to build a brand new product.”
Additionally, Tenable is now expanding into the container security landscape. Tenable acquired a container security vendor FlawCheck in October 2016 and has been working to advance the technology ever since. The container security capability in Tenable.io will scan applications for known vulnerabilities in containers. The market for container security is a growing one, with multiple technologies in the market, including the Docker Security Scanning.
Cloud
Deraison explained that Tenable is using the Amazon Web Services (AWS) cloud as the backend infrastructure for the new platform. Tenable.io is deployed across multiple AWS regions, which enables customers to stay within a specific geography if required. For example, European customers can choose to keep all their Tenable.io data in an AWS European data center.
One of the concerns when it comes to cloud use has long been the issue of isolation in a multi-tenant environment. AWS offers a Virtual Private Cloud (VPC) connection that enables a private connection and an isolated segment of the cloud for users. Deraison said that Tenable is not currently directly offering its customers VPC capabilities.
“Customers use scanners locally on their own network and those scanners then reach back to us,” Deraison explained. “So there is no need for a VPC, but we do isolate the data in many different ways.”
From a migration standpoint, Deraison said that Tenable will work with its customers that want to transition from Tenable’s existing Security Center vulnerability management platform. He noted that there will be an on-premises version of Tenable.io at some point in the near future.
“Security Center will continue to be maintained for a very long time, but we believe that customers will get way more value from Tenable.io,” Deraison said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.