Tenable Identity Exposure Insights

The Tenable Identity Exposure Insights page offers a comprehensive, user-centric interface tailored to meet organizations' critical needs in managing identity security. This includes assessing the fluidity in your identity risk landscape, highlighting the most critical identity risks facing your organization, and providing guidance on prioritizing high-impact, low-effort remediation steps to support teams operating under tight constraints in today’s increasingly complex security environment.

Built to provide an immersive landing page experience, this dashboard consolidates essential identity security metrics and insights into a single, interactive view, or a "single pane of glass." With a streamlined approach to monitoring identity security, Tenable Identity Exposure enables you to assess rapidly your security posture, identify and prioritize high-risk vulnerabilities, and take actionable steps to mitigate potential threats.

The Insights page empowers you with capabilities for full drill-down, identity-specific filtering, and seamless sharing of critical data and insights through a rich reporting experience. It’s designed to serve a variety of roles focused on identity security.

Note: The Insights page currently displays exclusively data associated with the "Tenable" security profile, disregarding all other security profiles.

To access the Tenable Identity Exposure Insights page:

  • In Tenable Identity Exposure, click on the left navigation bar.

Header

The header summarizes new and resolved risks to give you a quick snapshot of the current security status without diving into detailed reports. This feature enables faster decision-making and response.

  • Welcome Message — This message greets a returning user with their username.

  • Identity Metrics for Different Providers (Active Directory, Entra ID, etc.): The visual representation helps you spot unusual shifts across different identity providers, which could indicate potential security issues or highlight where identity growth is occurring.

    • Tiles for AD Identities, Entra Identities, etc. display the current count of identities from each provider, along with a trend percentage illustrated by a small line graph. You can click on any tile to drill down for more details about that identity platform.

    • Click on > to view all identity platforms if they are not all visible on the page.

  • Timeframe Selector: The drop-down menu for selecting a period (e.g., "Last 90 days") lets you customize the data displayed to view trends over various timeframes. This feature allows flexibility in analysis, catering to both short-term risk tracking and long-term strategic planning.

Navigation Across Sections

You can navigate across sections of the Insights page using either of the following:

  • Tabs below the identity metrics tiles:

  • A vertical navigation menu on the right allows you to move between different sections of the Insights page. Click on any section to navigate to that view.

    Tip: Reduce the zoom level of the page so the navigation bar can appear on the right.

Domain/Organization Selection

Using the filter box, you can select one or multiple domains to focus on specific domains or business units.

To select domains or organizations:

  1. Click the arrow in the filter box to show the domains or organizations and select the ones to filter.

  2. Click the arrow in the timeframe selector to adjust the time window for data analysis or help you track trends over time.

  3. Click "Sync All" to apply the filter. A message confirms that Tenable Identity Exposure successfully applied the filter.

This filter box is available for each section on the Insights page.

Prioritization and Remediation Section

This section essentially acts as a security control center, giving administrators a clear view of their most significant security vulnerabilities and helping them prioritize their remediation efforts effectively.

This panel shows the most important risks for the selected domains and timeframe, ranked by severity level. It shows the number of current violations in your environment and illustrates trends through line graphs to indicate if problems are growing or reducing.

  • Click on the tile to understand where to focus their immediate remediation efforts.

Exposure signals are a combination of multiple risks that might become an attack path or toxic combination. These insights rank by severity and each contains the number of violations and the types of risk that create the exposure (indicated by icons). It also includes a trending indicator to show the evolution in percentage.

  • Click on the tile to drill down for detailed information about the exposure signal.

This panel focuses on high-priority risks, enabling quick actions to fix urgent issues.

  • Click on the tile to drill down for further details on remediating the risk.

Demographics Section

The Demographics section provides critical insights into key identity cohorts (groups of identities or users that share common characteristics) for security teams to focus on. It helps you better understand the distribution of risks within your organization, enabling more informed decision-making.

These circular graphics represent key identity cohorts within the Demographics section. Each graphic highlights a specific category of accounts or security indicators that are critical for monitoring.

  • Central number — The number in the center of each visual represents the current count or value of a specific weakness or identity cohort. This number provides a quick snapshot of the total instances related to that category, such as the number of dormant accounts, weak passwords, or privileged accounts, etc. It gives a quick visual gauge of the scale of potential security concerns or identity-related risks within the organization. Interpret this number alongside the trend indicator and color coding for a comprehensive understanding of its significance.

  • Trend indicator — This indicator displays the percentage change in the metric compared to a previous reporting period to show whether the situation is improving, worsening, or stable over time.

    • Downward arrow (↓) with green percentage — Indicates a decrease, often a positive sign when related to security risks (e.g., fewer weak passwords).

    • Upward arrow (↑) with red percentage — Indicates an increase, which may signal a growing concern depending on the metric.

  • Color indicator — The colored rings surrounding each metric represent the distribution of risk levels associated with that specific weakness, ranging from critical (red) to low (yellow).

  • Explanatory text — The text below each colored ring provides a brief description of the specific weakness to help you understand the security implications of what the metric is tracking such as weak passwords, dormant accounts, etc.

To drill down for detailed information:

  • For details on impacted assets for a given weakness, click in the center of the ring to navigate to Tenable Inventory.

  • For details on the distribution of risks for a given weakness, click on the colored segment of the ring to navigate to the Exposure View. For more information, see Exposure Center.

Note: Drill-downs for 'Machine Accounts' are currently disabled because these accounts have been temporarily removed from Tenable Inventory. As a result, 'Machine Accounts' do not appear in Tenable Inventory, causing a discrepancy between the counts displayed in Tenable Identity Exposure and Tenable Inventory.

Note: The Exposure Overview feature currently displays weakness-related data based on the default Tenable profile and does not automatically reflect the status of deviances on AD objects you whitelisted in other profiles.

Therefore:

  • If you have whitelisted an AD object for a specific Indicator of Exposure (e.g., "Native admin group member"), Exposure Overview will still flag it as a security weakness if the default profile identified it as deviant.

  • This can create the impression that the issue has not been addressed, even though the object has already been whitelisted under a different profile.

  • If a remediation action (such as removing group membership) is taken based on the Exposure Overview display, the object will disappear from the view— but this may not have been necessary if the object was already whitelisted elsewhere.

Finding Trends Section

The Finding Trends section shows continuous analysis of your organization's historical security data to uncover patterns in identity-related vulnerabilities and weaknesses. This historical analysis helps security teams stay ahead of potential threats by understanding recurring issues and evolving risk patterns.

The Findings Trends section presents a timeline view that tracks different categories of security findings, displayed as a stacked area graph. The visualization categorizes findings into four key statuses:

  • Resolved findings (displayed in green)

  • Accepted findings (displayed in blue)

  • Re-surfaced findings (displayed in purple)

  • Open findings (displayed in pink/red)

To filter out any of these statuses, click on the status name at the bottom of the graph.

Additional features include:

  • Global evolution metrics

  • Total findings counter

  • Severity level indicators

For detailed information about the data, click on these links:

  • MITRE ATT&CK

  • Impacted tenants

Report Creation

The Export function on the Insights page opens a report creation window to allow you to customize and generate detailed reports based on your needs.

To create a report:

  1. Click Export on the top right-corner of the Insights page.

    The Create a Report window appears.

  1. In the Name box, type a name for the report that helps you and others recognize its contents. For example, use names like "Weekly Security Insights" or "Monthly Identity Trends."

  2. Under Formats, Choose the file format for the report. Options include PDF (for a standard document format) or PNG (useful for individual snapshots or visual elements).

  3. Choose a Section to include in the report:

    • Identities Overview: Lists an inventory of identities from various identity providers (Identity 360).

    • Prioritization & Remediation: Summarizes critical risks and recommended actions.

    • Demographics: Insights into key identity cohorts.

    • Finding Trends: Continuous analysis to uncover patterns in identity-related vulnerabilities and weaknesses.

  4. To schedule a report, toggle the Schedule button to enabled and complete the following:

    • Start Date and Time: Set the start date and time for the first report.

    • Time Zone: Select the appropriate time zone for accurate scheduling.

    • Repeat: Choose how frequently you want the report (e.g., weekly, monthly). For example, to receive a weekly report, select "Every week."

    • Add Recipients: Enter the email addresses of people who should receive the report. Separate multiple email addresses with commas.

    • Password: A read-only token configured in the Reporting Center for information purposes.

  1. Click Schedule Report to save your settings and generate the report according to the specified schedule.

    Report recipients receive an email notification with a URL to download their reports.