5 分鐘內加強雲端安全:雲端設定安全的重要性
Mismanaging configurations in your multi-cloud environment can put you at an elevated risk for cyber attacks. In the first installment of our “Stronger Cloud Security in Five” blog series, we outline five best practices for boosting your cloud configuration management.
如何建置 Just-In-Time 存取:最佳做法以及經驗教訓
With the just-In-time (JIT) access control method, privileges are granted temporarily on an as-needed basis. This reduces static entitlements, lowering the risk of compromised accounts and preventing privilege creep. In this blog, we’ll share how we implemented JIT access internally at Tenable…
ImageRunner:一種影響 GCP Cloud Run 的特權提升弱點
Tenable Research discovered a privilege escalation vulnerability in Google Cloud Platform (GCP) that is now fixed and which we dubbed ImageRunner. At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions. The vulnerability could have…
誰害怕雲端環境中的 AI 風險?
The Tenable Cloud AI Risk Report 2025 reveals that 70% of AI cloud workloads have at least one unremediated critical vulnerability — and that AI developer services are plagued by risky permissions defaults. Find out what to know as your organization ramps up its AI game.
選擇正確的雲端安全供應商:5 個保護雲端決不能妥協的原則
Protecting your cloud environment for the long term involves choosing a security partner whose priorities align with your needs. 以下是幾點須知。
建立巧妙的 Azure 自訂角色:將毫無作為轉化為付諸行動!
Creating custom Roles in Azure can be a complex process that may yield long and unwieldy Role definitions that are difficult to manage. However, it doesn’t have to be that way. Read on to learn how you can simplify this process using the Azure “NotActions” and “NotDataActions” attributes, and…
What Makes This “Data Privacy Day” Different?
As we celebrate Data Privacy Day, Bernard Montel, Tenable’s EMEA Technical Director and Security Strategist, wants to remind us that we live in a digital world and that we need to protect it. With data breaches a daily occurrence, and AI changing the playing field, he urges everyone to “do better.”
如何利用 Tenable Cloud Security 清理您的雲端環境?
You must periodically review your cloud environments to remove old and unused resources because they can create security risks. But what is the right way to perform this task? Read on to learn about five best practices we employ internally to clean up our cloud accounts which we hope can help…
選擇正確的 CNAPP: 中型企業的六大考量
Mid-sized enterprises increasingly find themselves in need of a CNAPP, as their cloud adoption matures. But how should they go about selecting the right one? What questions should they ask and what criteria should they use? Here we unpack six key considerations that’ll help them evaluate their…
Web 應用程式掃描基本概念:關於 CI/CD 工作流程安全專業人員必須知道的事
Git, repositories and pipelines…oh my! We unpack standard practices in the web app development process and provide guidance on how to use Tenable Web Application Scanning to secure your code.
最新上路的 AWS 控制原則
AWS has released an important new feature that allows you to apply permission boundaries around resources at scale called Resource Control Policies (RCPs). Read on to learn what RCPs are all about and how to use them, as well as how Tenable Cloud Security already factors them into its analysis.
特定領域程式語言的黑暗面:探索 OPA 與 Terraform 的最新攻擊伎倆
Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen?…
