Credentials Used By Tenable
Many Tenable sensors (for example, Tenable Nessus and Tenable Web App Scanning) require the usage of various types of system and application credentials to perform assessments to the deepest possible levels.
Your organization is responsible for securing the credentials kept within your environment. Best practices apply in these cases, and must correlate to your organization’s appropriate risk appetite. For example:
-
Many customers utilize Privileged Access Management (PAM) solutions, which automatically rotate and secure credentials used by the Tenable Nessus scanner. Those without that capability, or a geographically and logically segmented network, may opt for other Tenable Nessus Agent solutions.
-
Tenable Web App Scanning supports uploading of Selenium Files for authentication replay. These files are plaintext at rest and, when not stored in Tenable, you must secure them by some method of local encryption or stored in a secure vault.
Tenable encrypts scan credentials when they are stored within the platform. For more information, see https://www.tenable.com/trust/assurance.