ジャストインタイム アクセスの実装方法: ベスト プラクティスと教訓
With the just-In-time (JIT) access control method, privileges are granted temporarily on an as-needed basis. This reduces static entitlements, lowering the risk of compromised accounts and preventing privilege creep. In this blog, we’ll share how we implemented JIT access internally at Tenable using...
ImageRunner: GCP Cloud Run に影響を与える権限昇格の脆弱性
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have allowed...
クラウド環境の AI セキュリティリスクなんて怖くない!?
The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions defaults. Find out what to know as your organization ramps up its AI game....
適切なクラウドセキュリティプロバイダーを選ぶには: クラウドセキュリティに絶対必要な 5 項目
Protecting your cloud environment for the long term involves choosing a security partner whose priorities align with your needs. Here's what you need to know....
Azure カスタムロールの作成:「NotActions」を「Action」にする
Creating custom Roles in Azure can be a complex process that may yield long and unwieldy Role definitions that are difficult to manage. However, it doesn’t have to be that way. Read on to learn how you can simplify this process using the Azure “NotActions” and “NotDataActions” attributes, and create...
今年の「データプライバシーデー」がなぜ違うのか
As we celebrate Data Privacy Day, Bernard Montel, Tenable’s EMEA Technical Director and Security Strategist, wants to remind us that we live in a digital world and that we need to protect it. With data breaches a daily occurrence, and AI changing the playing field, he urges everyone to “do better.”...
Tenable Cloud Security でクラウド環境をクリーンアップ
You must periodically review your cloud environments to remove old and unused resources because they can create security risks. But what is the right way to perform this task? Read on to learn about five best practices we employ internally to clean up our cloud accounts which we hope can help enhanc...
適切な CNAPP の選択: 中堅企業向けの 6 つの考慮事項
Mid-sized enterprises increasingly find themselves in need of a CNAPP, as their cloud adoption matures. But how should they go about selecting the right one? What questions should they ask and what criteria should they use? Here we unpack six key considerations that’ll help them evaluate their optio...
Web App Scanning の基礎: セキュリティ専門家が CI/CD パイプラインについて知っておくべきこと
Git, repositories and pipelines…oh my! We unpack standard practices in the web app development process and provide guidance on how to use Tenable Web Application Scanning to secure your code....
新たな AWS 制御ポリシー
AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about and how to use them, as well as how Tenable Cloud Security already factors them into its analysis....
ドメイン固有言語のダークサイド: ドメイン固有言語 OPA と Terraform における新たな攻撃手段
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen? Stea...
有毒なクラウドの 3 大特性を恐れるのは誰?
The Tenable Cloud Risk Report 2024 reveals that nearly four in 10 organizations have workloads that are publicly exposed, contain a critical vulnerability and have excessive permissions. Here’s what to watch for in your organization....