// Competitive Positioning — CSM Reference
Tenable One vs. The Field
How to win renewal and expansion conversations when Wiz, Qualys, or CrowdStrike is in the room
Customers evaluating alternatives almost always anchor on one surface — cloud, endpoint, or vulnerability scanning.
Your job is to redirect the conversation to the full attack surface.
The core Tenable One message: competitors solve one problem well; Tenable One is the only platform that tells you how exposed you are across all of them simultaneously.
Use the sections below to prep for competitive displacement conversations, expansion pushback, and "why not just use Wiz" objections.
#1
Gartner MQ leader · Exposure Assessment 2025
5
Attack surface domains no competitor fully covers
44K+
Customers — broadest install base in exposure mgmt
46%
Of Q4 2025 new/expansion biz from Tenable One
VS
Wiz
Cloud Security Platform
Their pitch to your customer
"We give you complete cloud visibility with zero agents — why do you need a separate VM tool?"
Where Wiz falls short
Cloud-only. Wiz has no visibility into on-premises infrastructure, OT/ICS networks, Active Directory, or AI assets. Your customer's exposure doesn't stop at the cloud boundary.
No vulnerability scanner. Wiz relies on agent-based and API-based detection — it cannot perform the deep authenticated scanning that Nessus does for CVE accuracy.
No exposure score across surfaces. Wiz gives a cloud risk score. Tenable One gives a unified Cyber Exposure Score that includes IT, identity, OT, and AI in one number.
No identity or AD coverage. If an attacker pivots from a cloud resource to Active Directory, Wiz loses the thread. Tenable One tracks that entire attack path.
Your winning use cases against Wiz
Customer has hybrid IT/cloud environment → Tenable One covers both, Wiz covers only half
Customer has Active Directory → cross-surface attack path analysis from cloud to AD is a Tenable exclusive
Customer wants a single risk score for the board → Tenable One's Cyber Exposure Score; Wiz has no equivalent
Customer already has Tenable VM → adding Cloud Security is native; adding Wiz creates a second silo
Objection handler
"Wiz is cheaper and easier to deploy for cloud."
"For pure cloud posture, Wiz is fine. But your risk doesn't live only in the cloud — it lives across every surface an attacker can reach. When Wiz finds a misconfigured cloud role, it can't tell you if that role connects to a compromised AD account that leads to your on-prem crown jewels. That's the gap Tenable One closes."
VS
Qualys TruRisk
Vulnerability & Risk Platform
Their pitch to your customer
"We have a risk score too — and we've been in VM longer than anyone. Why pay more for Tenable One?"
Where Qualys falls short
Score built on top, not underneath. TruRisk is a scoring layer applied to Qualys VM output. Tenable One was architected as an exposure platform — the correlation across surfaces is native, not a retrofit.
Weak OT and identity. Qualys has limited OT coverage and no dedicated AD security product. For customers with OT networks or complex AD environments, Tenable has purpose-built tools Qualys cannot match.
No attack path analysis. Qualys TruRisk shows risk scores by asset. Tenable One shows how an attacker would chain findings together across IT, cloud, and identity — a fundamentally different level of insight.
Lower scanner accuracy. Independent benchmarks consistently show Nessus with higher detection rates and lower false positives than Qualys — the foundation matters.
Your winning use cases against Qualys
Customer wants attack path visualization → Tenable One; Qualys has no equivalent cross-surface path analysis
Customer has OT/ICS environment → Tenable OT Security is purpose-built; Qualys has minimal OT support
Customer cares about AD security → Tenable Identity Exposure; Qualys has no AD product
CISO wants one unified exposure score → Tenable One's platform architecture; Qualys stitches multiple products together
Objection handler
"We already have Qualys for VM — we don't need another tool."
"Qualys tells you what's vulnerable on assets you already know about. Tenable One tells you what's exposed across everything — including the identities, cloud resources, OT devices, and AI tools that Qualys can't see. The gap between those two things is where most breaches start."
VS
CrowdStrike
Falcon Exposure Management
Their pitch to your customer
"You already have Falcon for endpoint — Spotlight gives you vuln data in the same console. Why add Tenable?"
Where CrowdStrike falls short
Endpoint-only by design. Falcon Spotlight only sees assets with a Falcon agent installed. Unmanaged devices, network infrastructure, OT assets, and cloud resources without agents are invisible to it.
No OT coverage. CrowdStrike has no passive OT/ICS monitoring capability. Tenable OT Security is purpose-built for industrial environments where agents cannot be deployed.
No dedicated identity/AD security product. Falcon Identity Protection detects active attacks but doesn't continuously harden AD posture the way Tenable Identity Exposure does.
Scanner accuracy gap. Spotlight relies on agent telemetry, not authenticated scanning. Nessus's 220K+ plugins catch misconfigurations and vulnerabilities that agent-based approaches routinely miss.
Your winning use cases against CrowdStrike
Customer has unmanaged or agentless assets → Tenable VM scans anything on the network; Falcon only sees what has an agent
Customer has OT/ICS environment → CrowdStrike has no OT answer; Tenable OT is purpose-built and passive
Customer needs to harden AD proactively → Tenable Identity Exposure finds misconfigurations before attackers do; CrowdStrike reacts after the fact
Customer wants external attack surface coverage → Tenable ASM; CrowdStrike has no external discovery capability
Objection handler
"CrowdStrike is already our EDR — Spotlight is included. Why pay for Tenable on top?"
"Spotlight tells you about vulnerabilities on the machines CrowdStrike already manages. What it can't tell you is what's exposed across the 30–40% of your environment that doesn't have an agent — your network gear, cloud infrastructure, OT devices, and AD. That's not a small gap. That's where attackers go when the endpoint is locked down."
// Capability comparison at a glance
| Capability | Tenable One | Wiz | Qualys TruRisk | CrowdStrike |
|---|---|---|---|---|
| IT / Network VM | ✓ Native (Nessus) | ✗ No | ✓ Yes | ~ Agent-only |
| Cloud Security (CNAPP) | ✓ Full CSPM/CIEM/DSPM | ✓ Strong | ~ Limited | ~ Limited |
| OT / ICS Security | ✓ Purpose-built | ✗ No | ✗ Minimal | ✗ No |
| Identity / AD Security | ✓ Dedicated product | ✗ No | ✗ No | ~ Detect only |
| AI Exposure | ✓ GA (Jul 2025) | ~ Limited | ✗ Early stage | ✗ No |
| Cross-surface attack paths | ✓ All surfaces | ~ Cloud only | ✗ No | ✗ No |
| External ASM | ✓ Dedicated (5B+ assets) | ~ Basic | ~ Limited | ✗ No |
| Unified exposure score | ✓ Cyber Exposure Score | ✗ Cloud score only | ~ TruRisk (VM-based) | ✗ No |
| Agentless deployment | ✓ Yes | ✓ Yes | ✓ Yes | ✗ Agent required |
| Gartner EAP Leader 2025 | ✓ Highest ATE | ✗ Not listed | ~ Listed | ✗ Not listed |
Tenable One
// Exposure Management PlatformThe flagship platform that unifies visibility across the entire attack surface — IT, cloud, OT, identity, and AI. It brings all Tenable products together and helps organizations prioritize and communicate cyber risk at a business level.
VS
Qualys TruRisk PlatformCrowdStrike Falcon Exposure ManagementWiz
Key Differentiators
01Only platform that unifies IT, OT, cloud, identity, and AI risk in a single exposure score
02ExposureAI delivers attack path analysis across all asset types — not just endpoints or cloud
03Largest vulnerability intelligence database (220K+ plugins) powering prioritization across all surfaces
Renewal Risk Signals
R1Customer is only using it for one asset type (e.g., IT only) — not realizing cross-surface value
R2Executive dashboards and risk reporting features are unused — leadership isn't seeing ROI
R3No integrations configured with SIEM, SOAR, or ticketing tools — data stays siloed
Discovery Questions
Q1How are you currently aggregating risk data across your different security tools, and how do you communicate that risk to executive leadership?
Q2Do you have a way to see how an attacker might chain together vulnerabilities across your IT, cloud, and identity environments in a single view?
QBR Talking Points
P1Show the Cyber Exposure Score trend — a declining score over the quarter is the clearest ROI story for the CISO
P2Pull the attack path count: 'You had X critical paths in Q1, you now have Y — here's what your team closed and how'
P3Highlight new assets discovered vs. what they thought they had — the delta makes a compelling unknown-risk story
Tenable Vulnerability Management
// Cloud-Based VM PlatformThe SaaS-based core vulnerability management solution. It continuously discovers and tracks all assets and their vulnerabilities with high accuracy — the go-to for most enterprise customers modernizing their VM program.
VS
Qualys VMDRRapid7 InsightVMCrowdStrike Falcon Spotlight
Key Differentiators
01Nessus-powered scanning with the highest accuracy and lowest false positive rate in the industry
02Predictive Prioritization (VPR) scores risk based on real-world threat context, not just CVSS severity
03Continuous asset discovery catches dynamic cloud and remote assets competitors routinely miss
Renewal Risk Signals
R1Low scan frequency — customers scanning monthly instead of continuously are getting limited value
R2Asset count hasn't grown with the business — license may not reflect actual environment size
R3Team is overwhelmed by volume of findings and not using prioritization features to reduce noise
Discovery Questions
Q1Are you managing your vulnerability program from the cloud today, or are you relying on an on-prem solution that requires heavy maintenance?
Q2How confident are you that you have complete asset visibility across your environment, including cloud and remote assets?
QBR Talking Points
P1Show total vulnerabilities found vs. remediated this quarter — the closure rate demonstrates program maturity and team productivity
P2Highlight VPR-prioritized findings: 'Of 50,000 findings, Tenable identified 312 that truly matter based on active exploitation — your team focused there'
P3Show asset discovery growth — new cloud instances, remote endpoints, or shadow IT caught automatically reinforces continuous value
Tenable Security Center
// On-Premises VM SolutionThe on-premises version of vulnerability management for organizations that require local data control. Provides the same centralized scanning and reporting as Tenable VM, but managed within the customer's own infrastructure.
VS
Qualys VMDR (on-prem)Rapid7 InsightVMSkybox Security
Key Differentiators
01Same Nessus scanning engine as the cloud platform — no accuracy trade-off for on-prem deployments
02Deep compliance reporting and audit support built for regulated industries and government environments
03Highly customizable dashboards and workflows suited for large, complex multi-team organizations
Renewal Risk Signals
R1Customer is running an outdated version and not applying patches — eroding confidence in the product
R2IT resources to maintain the on-prem infrastructure are shrinking — cloud migration conversation needed
R3Reporting is underutilized — leadership and compliance teams aren't pulling value from the platform
Discovery Questions
Q1Do you have regulatory or compliance requirements that mandate keeping vulnerability data on-premises or within a specific network boundary?
Q2How are you currently managing and correlating scan data from multiple scanners across different network segments today?
QBR Talking Points
P1Pull compliance report pass/fail trends — show improvement in audit-readiness as a direct output of the program
P2Show scan coverage growth: percentage of the environment now scanned vs. last quarter, with any newly added network segments
P3Highlight remediation SLA adherence — critical vulns patched within policy window demonstrates security program discipline
Tenable Nessus
// Industry-Leading Vulnerability ScannerThe industry's most widely recognized vulnerability scanner, ideal for consultants and smaller teams doing point-in-time assessments. Highly accurate detection without the persistent tracking of the enterprise platforms.
VS
Qualys Community EditionRapid7 NexposeOpenVAS / Greenbone
Key Differentiators
01220,000+ plugins covering the broadest CVE and misconfiguration detection of any scanner on the market
02Trusted by security consultants globally as the gold standard for accurate, comprehensive assessments
03Nessus Expert adds cloud infrastructure scanning and attack surface coverage beyond traditional network scanning
Renewal Risk Signals
R1Customer's team has grown and they're outgrowing point-in-time scanning — signal to upgrade to VM
R2Low scan count or infrequent usage — may not see enough value to justify standalone renewal
R3Competitor offers a free or bundled scanner as part of a broader platform the customer is evaluating
Discovery Questions
Q1Are you doing periodic vulnerability assessments today, and do you need accurate, comprehensive scans without a full enterprise platform?
Q2How are you validating the security posture of environments before or after major changes like mergers, acquisitions, or new deployments?
QBR Talking Points
P1Review scan count and frequency this quarter — consistency shows the team is actively running a scanning program, not just reacting
P2Highlight unique CVEs detected vs. what free/open-source tools found — plugin coverage breadth justifies the license cost
P3Use this QBR to plant the upgrade conversation: if usage has grown, show what continuous VM would add over point-in-time scans
Tenable Cloud Security (CNAPP)
// Cloud-Native Application ProtectionA comprehensive cloud-native application protection platform securing AWS, Azure, and GCP environments. Combines CSPM, CIEM, KSPM, and DSPM capabilities to give full visibility into cloud risk in one place.
VS
WizPalo Alto Prisma CloudOrca Security
Key Differentiators
01Unified CNAPP combining CSPM, CIEM, KSPM, and DSPM — eliminates the need for multiple point cloud tools
02Agentless deployment gets full cloud visibility in minutes without touching workloads or slowing teams
03Native integration with Tenable One ties cloud risk to the broader enterprise exposure picture
Renewal Risk Signals
R1Customer is only using CSPM features and hasn't activated CIEM or DSPM — missing most of the value
R2DevSecOps workflows not integrated — findings aren't reaching developer teams where they need to be fixed
R3Cloud footprint is small or static — customer may question value if environment isn't growing or changing
Discovery Questions
Q1How are you currently identifying misconfigurations and overly permissive identities across your multi-cloud environment?
Q2Do you have a unified way to see cloud security posture, entitlements, and data risk in one place, or are you using multiple point tools?
QBR Talking Points
P1Show misconfigurations found and remediated per cloud account — frame it as: 'here's what was exposed before Tenable, here's where you are now'
P2Pull overprivileged identity count — unused or excessive permissions removed is a strong zero-trust progress metric for leadership
P3Show cloud asset growth monitored: new AWS/Azure/GCP resources discovered automatically reinforces that coverage keeps up with the business
Tenable Identity Exposure
// Active Directory & Entra ID SecurityContinuously monitors Active Directory and Entra ID to detect misconfigurations and attack paths that could be exploited to compromise identities — without requiring agents or elevated privileges.
VS
CrowdStrike Falcon Identity ProtectionSentinelOne Singularity IdentitySemperis DSP
Key Differentiators
01Agentless, read-only architecture — no changes to AD required, no risk of destabilizing production
02Attack path visualization shows exactly how an attacker would move through AD to reach Domain Admin
03Covers both on-prem Active Directory and Entra ID (Azure AD) in a single unified view
Renewal Risk Signals
R1AD health has improved and customer thinks the risk is resolved — needs ongoing monitoring messaging
R2Low alert volume is misread as 'nothing to see' rather than 'good hygiene' — value perception issue
R3IT and security teams aren't aligned on ownership of AD remediation — findings go unaddressed
Discovery Questions
Q1When did you last audit your Active Directory for misconfigurations like unconstrained delegation, password weaknesses, or Kerberoastable accounts?
Q2If an attacker gained a foothold in your environment today, do you have visibility into which AD paths they could use to reach domain admin?
QBR Talking Points
P1Show IoE (Indicator of Exposure) score trend — improvement over the quarter is direct evidence of a hardening AD posture
P2Pull top misconfigurations remediated this quarter: unconstrained delegation removed, stale accounts purged, etc. — concrete wins for the CISO
P3If IoA (attack) alerts were triggered, walk through what was caught and how fast — response time under attack is a compelling safety story
Tenable OT Security
// Operational Technology ProtectionPurpose-built for OT and industrial control system environments, providing asset discovery and vulnerability visibility across IT/OT converged networks without disrupting sensitive operational systems.
VS
ClarotyDragosArmis Centrix
Key Differentiators
01Passive monitoring with zero impact on sensitive OT/ICS devices — no scanning that could disrupt operations
0265,000+ IDS rules for OT-specific threat detection — the largest industrial threat intelligence database available
03Unified IT/OT view in Tenable One lets security teams manage both environments from a single console
Renewal Risk Signals
R1OT and IT security teams operate in silos — platform value isn't being communicated across both groups
R2Asset inventory was a one-time exercise and isn't being kept current — perceived as a project, not a program
R3Lack of OT security expertise on customer's team leads to underutilization of detection capabilities
Discovery Questions
Q1Do you have full visibility into all OT network assets today, including legacy PLCs, HMIs, and ICS devices that traditional IT scanners can't see?
Q2How are you managing the security boundary between your IT and OT networks, and can you detect lateral movement between them?
QBR Talking Points
P1Show OT asset inventory growth — new devices discovered passively each quarter proves the environment is more visible than it was before Tenable
P2Pull ICS-specific vulnerabilities detected vs. what their IT scanner was catching — the delta justifies purpose-built OT tooling
P3Highlight any anomalous behavior detected: even zero confirmed incidents is a win — 'we were watching and nothing got through'
Tenable Web App Scanning
// Automated Web Application SecurityAutomated scanning for modern web applications to find vulnerabilities with high accuracy and minimal false positives — without heavy manual effort or disruption to production systems.
VS
Invicti (Netsparker)Rapid7 InsightAppSecBurp Suite Enterprise
Key Differentiators
01Purpose-built for modern web frameworks and single-page apps where legacy scanners fail to crawl properly
02Extremely low false positive rate reduces analyst fatigue compared to alternatives like Burp Enterprise
03Included within Tenable One and VM licenses — making it the easiest add-on for existing customers
Renewal Risk Signals
R1Dev team owns application security and isn't collaborating with the security team using the tool
R2Only a handful of apps are being scanned when dozens or hundreds are in scope — coverage too narrow
R3Release cycles have sped up but scan cadence hasn't — findings are arriving too late to matter
Discovery Questions
Q1How are you currently testing your web applications for vulnerabilities, and how often are assessments happening relative to your development release cycles?
Q2Do you have a way to continuously scan your web apps for OWASP Top 10 vulnerabilities without relying solely on periodic pen tests?
QBR Talking Points
P1Show apps scanned this quarter and OWASP Top 10 finding breakdown — coverage breadth and category distribution tells a strong program story
P2Pull false positive rate vs. industry benchmarks — if the team spends less time validating noise, that's a measurable productivity gain
P3Highlight scan-to-fix cycle time: how quickly are web app vulns being remediated compared to last quarter — dev team collaboration metric
Tenable Attack Surface Management
// External Attack Surface VisibilityDiscovers and monitors your organization's internet-exposed assets from an attacker's perspective — including unknown, forgotten, or shadow IT assets that your team may not even know exist.
VS
Palo Alto Cortex XpanseMandiant Advantage ASMCyCognito
Key Differentiators
01Maps over 5 billion internet-facing assets globally — the broadest external discovery coverage available
02Automatically links discovered assets back to the organization using 200+ enrichment data points
03Feeds directly into Tenable VM to instantly scan newly discovered assets and close the unknown-asset gap
Renewal Risk Signals
R1Customer treats ASM as a one-time audit rather than continuous monitoring — not reviewing ongoing alerts
R2Attack surface is stable — customer may question value if no surprises have surfaced recently
R3Findings aren't being acted on — no remediation workflow connected to the discovered exposures
Discovery Questions
Q1Do you have a complete, up-to-date inventory of all assets exposed to the internet, including those spun up without IT's knowledge?
Q2How quickly would you know if a new subdomain, misconfigured cloud bucket, or forgotten server became publicly accessible?
QBR Talking Points
P1Show previously unknown assets discovered this quarter — even one forgotten server or rogue subdomain justifies the program's existence
P2Pull exposure change over time: net reduction in exposed services, open ports, or risky certificates removed since last QBR
P3Highlight time-to-discovery for new assets: 'when a new service went live, Tenable found it in X hours' — speed metric resonates with CISOs
Tenable AI Exposure
// AI Risk Discovery & GovernanceA newer solution that unifies discovery, risk management, and governance of AI-related assets — including AI agents, APIs, SaaS AI tools, and shadow AI — across the enterprise to close the growing AI exposure gap.
VS
Wiz AI-SPMPalo Alto AI-SPM (Prisma Cloud)Qualys AI Security
Key Differentiators
01First solution to unify AI asset discovery, usage governance, and risk prioritization in a single platform
02Covers shadow AI — tools adopted outside IT approval — which competitors focused on cloud APIs routinely miss
03Native integration with Tenable One ties AI risk to the same exposure score as the rest of the environment
Renewal Risk Signals
R1AI adoption within the customer org is still low — limited attack surface means limited perceived value
R2Governance policies haven't been configured — platform is deployed but not actively managing AI risk
R3Security team doesn't yet own AI risk — it's being handled by IT or legal, reducing tool engagement
Discovery Questions
Q1Do you have visibility into all AI tools, agents, and integrations being used across your org, including ones adopted without central approval?
Q2How are you currently assessing the security risk of non-human identities like AI agents that have access to sensitive systems and data?
QBR Talking Points
P1Show AI asset inventory growth — number of AI tools, agents, and integrations discovered quarter-over-quarter is a powerful executive storyline
P2Pull shadow AI discovered: unsanctioned tools caught before they caused a data leak is a headline-level risk prevention story for the board
P3Highlight governance policies enforced: number of AI tools reviewed, approved, or blocked demonstrates a maturing AI security program
Tenable Patch Management
// Vulnerability Remediation & PatchingBridges the gap between finding vulnerabilities and actually fixing them by helping teams prioritize and automate the patching process across their environment.
VS
Ivanti Neurons for Patch ManagementMicrosoft Intune / SCCMQualys Patch Management
Key Differentiators
01Natively connected to Tenable VM — patches are prioritized by the same VPR risk score, not arbitrary severity
02Closes the loop between security findings and IT remediation without requiring a separate tool or manual handoff
03Reduces mean time to remediate (MTTR) by automating patch workflows directly from vulnerability findings
Renewal Risk Signals
R1IT operations team isn't engaged — security bought it but the patching team still uses a legacy tool
R2Patch automation hasn't been configured — running in manual mode and not delivering efficiency gains
R3Customer has a strong existing SCCM or Intune investment and is questioning whether they need both
Discovery Questions
Q1What does your current patch workflow look like, and how long does it typically take from when a critical vulnerability is identified to when it's remediated?
Q2Are your security and IT operations teams working from the same prioritized patch list, or is there friction in how vulnerabilities get handed off?
QBR Talking Points
P1Lead with MTTR improvement: 'Last quarter your average time-to-patch critical vulns was X days, this quarter it's Y — here's what drove that'
P2Show patch success rate: percentage of deployments that succeeded on first push vs. failures — reliability metric matters to IT ops leadership
P3Pull risk-prioritized patches deployed: X patches applied, Y were VPR Critical — proves the team is fixing what matters, not just what's easy
Tenable Enclave Security
// Air-Gapped & Classified EnvironmentsDesigned for highly sensitive, air-gapped, or classified environments where standard cloud connectivity isn't an option — commonly used in government, defense, and critical infrastructure settings.
VS
Qualys Private Cloud PlatformRapid7 InsightVM (on-prem)Nessus Network Monitor
Key Differentiators
01Purpose-built for classified and air-gapped networks — meets strict FedRAMP, IL4/IL5, and DISA requirements
02Same Nessus detection engine as the commercial platform — no security capability trade-off for isolated environments
03Designed for zero-trust architectures where no data can leave the enclave under any circumstances
Renewal Risk Signals
R1Compliance mandate that drove the purchase has been met — customer views it as a checkbox, not ongoing value
R2Small team manages the enclave with limited bandwidth — platform may be underutilized due to capacity constraints
R3Budget scrutiny in public sector leads to consolidation pressure — ensure multi-year contract discussions happen early
Discovery Questions
Q1Do you have air-gapped or classified network segments currently out of scope for your VM program due to connectivity restrictions?
Q2How are you ensuring that your most sensitive, isolated environments meet the same security standards as the rest of your infrastructure?
QBR Talking Points
P1Show compliance posture score and trend — STIG/RMF audit readiness metrics are the primary language for this audience
P2Pull vulnerabilities found and remediated within the enclave — parity with the broader VM program proves no security gap in classified networks
P3Highlight scan coverage completeness: percentage of enclave assets covered demonstrates the program is thorough, not just present
Tenable One — Recent Product Updates
// Top features shipped in the last 6 months · Sep 2025 – Mar 2026
| Released | Feature | What It Does | Why It Matters |
|---|---|---|---|
| Dec 2025 | Native Jira & ServiceNow Ticket Creation | Create tickets directly from Tenable One findings into Jira Cloud and ServiceNow ITSM — no manual export or copy-paste required. Closes the loop between exposure discovery and remediation in one platform. | Accelerates MTTR and removes friction between security and IT ops teams. |
| Dec 2025 | Granular RBAC — Read-Only & Custom Exposure Roles | New read-only role and a fully customizable Exposure Management role with tag enforcement, letting admins control exactly who can see and act on which data across Tenable One. | Enables broader stakeholder access without risking data integrity or compliance. |
| Nov 2025 | Editable Dashboard Widgets | Users can now edit any built-in or custom dashboard widget — adjusting chart type, filters, data labels, and stacking — without rebuilding from scratch. | Saves time and lets teams tailor executive and operational views quickly. |
| Oct 2025 | Inventory Export (CSV & JSON) | Asset and finding data from the inventory can now be exported to CSV or JSON directly from the platform, making it easy to share insights with cross-functional teams or feed into other tools. | Removes barriers to collaboration and reporting across teams. |
| Oct 2025 | Attack Path Analysis — New MITRE Filters | Attack paths can now be filtered by MITRE ATT&CK technique ID, enabling faster and more targeted investigation of specific threat patterns and adversary techniques. | Speeds up triage for SOC and threat intel teams working within a MITRE-aligned framework. |
| Sep 2025 | Findings Global Search | Build advanced custom queries directly on the Findings page using structured filters, operators, and properties — without switching pages or exporting data first. | Dramatically speeds up investigation workflows for large, complex environments. |
| Sep 2025 | Data Source Priority (Deduplication Control) | Administrators can now define which data source takes priority when assets appear in multiple connectors — giving full control over how the asset inventory is built and displayed. | Improves data quality and reduces confusion for customers with many third-party integrations. |
| Aug 2025 | 300+ Validated Third-Party Integrations | Tenable One surpassed 300 validated integrations, including new connectors for Claroty xDome (OT) and Bright (DAST), making it the most open exposure management platform on the market. | Customers can consolidate more of their security stack and eliminate data silos. |
| Aug 2025 | Tagging from Global Asset Search | Tags can now be created directly from a search query on the Assets page — instantly converting any search into a dynamic tag without rebuilding filters elsewhere. | Reduces duplicate work and speeds up asset grouping for large teams. |
| Jul 2025 | Tenable One AI Exposure (GA) | General availability of Tenable One AI Exposure — unifying AI asset discovery, shadow AI detection, non-human identity governance, and risk prioritization in a single module. | Addresses the fastest-growing attack surface as enterprises adopt AI tools at scale. |