Tenable Identity Exposure

Tenable Identity Exposure provides information about an organization's Active Directory environment in an intuitive dashboard that monitors Active Directory in real-time, enabling organizations to identify at a glance the most critical vulnerabilities and recommended courses of remediation. Indicators of Exposure and Indicators of Attack discover underlying issues affecting the organization's Active Directory environment. Some of the Identity Management compliance requirements that Tenable solutions address include:

  • Identify all accounts in the environment

  • Ensure all active accounts are authorized

  • Ensure all accounts are configured to use strong authentication controls

  • Delete or disable dormant accounts

  • Restrict privileged access to only authorized users

  • Ensure group access is appropriately assigned

  • Understand configuration exposures, such as dangerous permissions

Indicators of Exposure provides an overview of critical, high, medium, and low risk exposures identified across the organization’s domains. From the landing page, security analysts can drill down for more details about which assets are exposed.

The Indicators of Attack pane provides a consolidated view of exposures that impact the organization’s Active Directory environment. Displayed is an event timeline that shows when attacks occurred and identifies the severity level of the vulnerability targeted: Critical (red-orange), High (light orange), Medium (yellow), and Low (blue). The tiles below the timeline provide details on the top three attacks in the organization’s domains.

This view enables security teams to:

  • Visualize every Active Directory threat from an accurate attack timeline

  • Analyze in-depth details about an Active Directory attack

  • Explore MITRE ATT&CK descriptions directly from detected incidents