Exposure Center

Exposure Center is a Tenable Identity Exposure feature that enhances your organization's identity security posture. It identifies weaknesses and misconfigurations across your identity risk surface, covering both the underlying identity systems, such as Entra ID, and the identities within those systems.

This feature's user experience revolves around three interconnected concepts: Exposure Overview, Exposure Instances, and Findings. Tenable Research supports these concepts with a new security engine and specifically developed Indicators of Exposure (IoEs) to drive their functionality.

  • Exposure Overview, similar to Indicators of Exposure (IoEs) view in Tenable Identity Exposure, represent potential weaknesses or misconfigurations that attackers could exploit. These are general descriptions of security risks, such as "inactive user accounts" or "misconfigured access permissions." IoEs highlight areas of exposure proactively, giving organizations a comprehensive view of their security posture.

  • Exposure Instances are specific occurrences of these general weaknesses. For instance, the general weakness of "inactive user accounts" can have a specific scenario, such as "user accounts inactive for over 30 days in the marketing department."

  • Findings are the results of analyzing exposure instances against actual data in various identity data sources. A finding represents a security issue on an impacted asset, uniquely identified by attributes like user, group, and role. For example, if a user account is inactive for longer than the specified threshold in the exposure instance, it will be flagged as a finding.

The process begins with a library of weaknesses continuously applied to your Identity Providers through scans.

Tenable Research provides default weaknesses and continuously updates them to follow the threat landscape. These weaknesses, tailored to your specific needs in exposure instances generate findings, which are then presented along with severity ratings and remediation guidelines. By leveraging this feature, Tenable Identity Exposure helps organizations proactively mitigate security risks.

Note: The Exposure Center features only weaknesses that the new security engine supports. Indicators of Exposure (IoEs) generated from the older security engine do not appear here. However, the current Active Directory (AD) IoEs remain visible on the Indicators of Exposure page in Tenable Identity Exposure.

Prerequisites

  • To use Exposure Center in Tenable Identity Exposure, enable the toggle to Activate Identity 360, Exposure Center, and Microsoft Entra ID Support in “System Configuration.”

  • Optional: To take advantage of Active Directory weaknesses, enable data collection in the Tenable Cloud.

    Caution: To use this feature, you must not apply IP address filtering in Tenable Vulnerability Management to allow API access to Tenable Identity Exposure. See API Access Security for more information.

See also