Tenable adds continuous validation to exposure platform

Tenable has added extended continuous security control and validation features to its Tenable One Exposure Management Platform. The update is available to all Tenable One customers.

The new functions are designed to help security teams determine which cyber exposures are actually accessible and exploitable in their own environments. Evidence from security controls and contextual analysis can improve how organisations rank and address risk.

Exposure management tools often surface large numbers of vulnerabilities and configuration issues, but security teams still need to determine which findings present a realistic path for attackers. Tenable is addressing that problem by feeding validation data into its prioritisation process, aiming to reduce time spent on risks that may already be blocked by existing defences.

The update extends continuous validation within the Tenable One platform by linking security control visibility with threat intelligence and attack feasibility. According to Tenable, the platform checks whether compensating controls are active and uses that information to assess whether an exposure is functionally mitigated or remains open to exploitation.

Tenable argued that exploitability depends heavily on the details of each organisation's environment. Without continuous validation, security teams can struggle to separate real threats from false positives, leading remediation efforts toward issues that are less urgent or already addressed by other controls.

The change also reflects a broader shift in the threat landscape as artificial intelligence increases the speed of vulnerability discovery. In that context, errors in prioritisation can raise both the cost of security operations and the potential impact of leaving genuinely exploitable weaknesses unresolved.

Prioritisation focus

The new validation approach is integrated with Tenable Hexa AI, which Tenable describes as the platform's agentic engine for automated remediation workflows. The combination is intended to streamline how security teams move from identifying exposures to deciding what action to take.

Many organisations face a resource problem as much as a detection problem. Even where visibility across networks, cloud systems and other assets has improved, security teams still have to make judgement calls about which issues to tackle first and which can safely wait.

For vendors in the exposure management market, this has become a central area of competition. Companies are increasingly trying to show they can do more than compile lists of vulnerabilities by using context, validation and environmental data to reduce alert volume and improve confidence in remediation decisions.

Eric Doerr, Chief Product Officer at Tenable, made that case when announcing the update. "Our customers' biggest challenge is knowing which exposures attackers can actually exploit and how to prioritise them," he said.

He added: "With continuous security control validation, Tenable One now delivers visibility and context into customers' unique security controls, further enhancing prioritisation efforts. Our platform enables security teams to stop chasing theoretical risk and focus their resources on the true, exploitable threats to their business. CISOs gain confidence that their evidence-based exposure management strategy will protect against AI-powered attacks."

Tenable says it serves more than 40,000 customers worldwide. The company positions Tenable One as a platform that brings together security visibility, insight and action across IT infrastructure, cloud environments and critical infrastructure.