Latest news with #Tenable®


Web Release
24-06-2025
- Web Release
Tenable Research Finds Rampant Cloud Misconfigurations Exposing Critical Data and Secrets
Tenable®, the exposure management company, today released its 2025 Cloud Security Risk Report, which revealed that 9% of publicly accessible cloud storage contains sensitive data. Ninety-seven percent of such data is restricted or confidential, creating easy and prime targets for threat actors. Cloud environments face dramatically increased risk due to exposed sensitive data, misconfigurations, underlying vulnerabilities and poorly stored secrets – such as passwords, API keys and credentials. The 2025 Cloud Security Risk Report provides a deep dive into the most prominent cloud security issues impacting data, identity, workload and AI resources and offers practical mitigation strategies to help organizations proactively reduce risk and close critical gaps. Key Findings From The Report Include: ? Secrets Found in Diverse Cloud Resources, Putting Organizations at Risk: Over half of organizations (54%) store at least one secret directly in Amazon Web Services (AWS) Elastic Container Service (ECS) task definitions — creating a direct attack path. Similar issues were found among organizations using Google Cloud Platform (GCP) Cloud Run (52%) and Microsoft Azure Logic Apps workflows (31%). Alarmingly, 3.5% of all AWS Elastic Compute Cloud (EC2) instances contain secrets in user data — major risk given how widely EC2 is used. ? Cloud Workload Security Is Improving, But Toxic Combinations Persist: While the number of organizations with a 'toxic cloud trilogy' – a workload that is a publicly exposed, critically vulnerable, and highly privileged – has decreased from 38% to 29%, this dangerous combination still represents a significant and common risk. ? Using Identity Providers (IdPs) Alone Doesn't Eliminate Risk: While 83% of AWS organizations are exercising best practices in using IdP services to manage their cloud identities, overly-permissive defaults, excessive entitlements, and standing permissions still expose them to identity-based threats. 'Despite the security incidents we have witnessed over the past few years, organizations continue to leave critical cloud assets, from sensitive data to secrets, exposed through avoidable misconfigurations,' said Ari Eitan, Director of Cloud Security Research, Tenable. 'The path for attackers is often simple: exploit public access, steal embedded secrets or abuse overprivileged identities. To close these gaps, security teams need full visibility across their environments and the ability to prioritize and automate remediation before threats escalate. The cloud demands continuous, proactive risk management, and not reactive patchwork.' The report reflects findings by the Tenable Cloud Research team based on telemetry from workloads across diverse public cloud and enterprise environments, analyzed from October 2024 through March 2025. To download the report today, please visit:


Tahawul Tech
21-04-2025
- Business
- Tahawul Tech
Tenable appoints Steve Vintz and Mark Thurmond as Co-CEOs
Tenable®, the exposure management company, recently announced that its Board of Directors has unanimously appointed Steve Vintz and Mark Thurmond as co-Chief Executive Officers on a permanent basis. Following an extensive search process that considered both internal and external candidates, the Board concluded that Vintz and Thurmond are best positioned to move the company forward. The decision reflects the Board's confidence in the strength of their leadership following a successful interim period during which they drove significant operational and strategic momentum. The Board also intends to appoint Vintz and Thurmond to the Board immediately following the company's annual shareholder meeting to be held on May 14, 2025. Vintz, Tenable's Chief Financial Officer since 2014, and Thurmond, who has served as Chief Operating Officer since 2020, bring deep industry and operational experience. Under the co-CEO structure, Vintz will oversee product, cyber security, corporate development and all general and administrative functions, while Thurmond will oversee GTM functions including sales, professional services, technical support, marketing, and customer success. Together, they will continue to guide the company's mission to help organisations understand and reduce cyber risk across their modern attack surfaces. 'Mark and Steve have demonstrated exceptional leadership and alignment during their time as interim co-CEOs', said Art Coviello, Chairman of the Tenable Board of Directors. 'Their collaborative leadership style, deep industry knowledge, and customer-first mindset have already created strong results. We are confident in their ability to continue driving innovation and long-term value for all stakeholders'. Under their interim leadership, Tenable has expanded its customer footprint, with strong adoption of the Tenable One Exposure Management platform and growing momentum behind Tenable Cloud Security. They also completed the strategic acquisition of Vulcan Cyber, advancing Tenable's product roadmap with the expected launch of a significantly expanded version of Tenable One that we believe will be the most comprehensive exposure management platform on the market. 'We are honoured to lead Tenable as co-CEOs and energized by the opportunity ahead', said Vintz and Thurmond in a joint statement. 'We have tremendous belief in Tenable's mission, team and market position, and we're excited to build on our momentum to deliver meaningful outcomes for our customers, employees and shareholders'. Coviello, a respected cybersecurity leader, will remain Chairman of the Board. Additionally, Steve Vintz will continue to serve as Chief Financial Officer, while the company conducts a CFO search. Image Credit: Tenable