Tenable
Company Details
Linkedin ID:
tenableinc
Website:
Employees number:
2,331
Number of followers:
185,257
NAICS:
541514
Industry Type:
Homepage:
tenable.com
IP Addresses:
0
Company ID:
TEN_3158057
Scan Status:
In-progress
Tenable Company CyberSecurity Posture
tenable.com
Tenable is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.
Tenable A.I CyberSecurity Scoring
Tenable Risk Score (AI oriented)Between 700 and 749
Tenable
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Tenable Global Score (TPRM)XXXX
Tenable
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Tenable Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
Tenable
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: Tenable, a vulnerability assessment firm, was impacted by the **SalesDrift supply chain attack** targeting Salesforce customer data. An unauthorized user exploited stolen **OAuth authentication tokens** linked to the **Salesloft Drift** third-party application (integrated with Salesforce) to gain access to a portion of Tenable’s **Salesforce instance**.The compromised data included **customer support case details** (subject lines, initial descriptions) and **business contact information** (names, email addresses, phone numbers, and location references). While Tenable confirmed **no misuse of the stolen data** and stated its **products and internal systems remained unaffected**, the breach exposed sensitive customer interaction records and corporate contact details.Tenable responded by **disabling Salesloft Drift**, revoking integrations, rotating credentials, and hardening its Salesforce environment. The incident highlights risks in **third-party supply chain vulnerabilities**, where attackers leverage trusted vendor access to infiltrate enterprise systems. Though no direct financial or operational harm was reported, the exposure of **customer support metadata and business contacts** poses reputational and phishing risks.
Tenable and LevelBlue: LevelBlue Integrates Unlimited Tenable Vulnerability Scanning Into Its USM Platform
Vulnerability
Rankiteo Explanation
Attack without any consequences
Description: **LevelBlue Expands Tenable Partnership to Offer Unlimited Vulnerability Scanning at No Extra Cost** LevelBlue has deepened its collaboration with Tenable, now providing unlimited enterprise-grade vulnerability scanning for all customers using its **Unified Security Management (USM) platform**—without additional fees. The move aims to address a persistent challenge in vulnerability management: not the lack of scanning, but the ability to act on findings effectively. While unlimited scanning increases visibility, the real shift lies in **prioritization, remediation, and operational execution**. The USM platform enhances raw scan data with **advanced filtering, categorization, and risk-based prioritization**, helping teams focus on critical vulnerabilities. Automated executive reporting also tracks risk posture over time, aiding compliance and leadership oversight. For organizations requiring broader coverage—such as **attack surface monitoring (ASM), OT, web applications, or dark web exposure**—LevelBlue offers a seamless upgrade to its **fully managed vulnerability program**. Since the scanner is pre-configured, migration involves only a license change, reducing operational friction. Customers retain flexibility: they can **keep existing Tenable licenses** (via bi-directional integration with Tenable One or Security Center) or **consolidate under the embedded USM scanner**, simplifying vendor management and potentially lowering costs. Managed delivery options further streamline operations, allowing LevelBlue to handle Tenable instances while maintaining client visibility. The integration also reshapes how **MSSPs and partners** package vulnerability services. By embedding enterprise-grade scanning at no extra cost, LevelBlue shifts scanning from a premium add-on to a **baseline capability**. This approach contrasts with competitors who treat vulnerability scanning as an incremental expense, instead positioning it as part of a **unified security stack**. Beyond scanning, the update emphasizes **exposure management**—correlating Tenable findings with live detections, contextual prioritization, and end-to-end remediation tracking. The result is a **continuous, actionable view of risk**, moving beyond static reports to real-time reduction of exposure. For security teams and service providers, the change signals a broader industry trend: **reducing tool sprawl while improving outcomes** through tighter integration between vulnerability data and security operations.
Tenable Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Tenable
Incidents vs Computer and Network Security Industry Average (This Year)
Tenable has 194.12% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Tenable has 156.41% more incidents than the average of all companies with at least one recorded incident.
Incident Types Tenable vs Computer and Network Security Industry Avg (This Year)
Tenable reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Tenable (X = Date, Y = Severity)
Tenable cyber incidents detection timeline including parent company and subsidiaries
Tenable Company Subsidiaries
Tenable is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.
Loading...
Tenable Similar Companies
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest s
CrowdStrike
CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-clas
NETWORK-SECURITY-SOLUTIONS
## Our core business We manage linux / unix server infrastructures and build the efficient and secure networking environments using hardware cutting edge technologies suited to the needs of the project and the client. We believe in quality, opposed to quantity. Our company consists of highly
.png)
Tenable CyberSecurity News
December 12, 2025 09:36 PM
GSA, Tenable Partner to Offer Discounted Cloud Security Capabilities
Tenable's cloud security capabilities will be available at a 65 percent discount through GSA's Multiple Award Schedule – IT Category.
December 12, 2025 09:53 AM
Tenable partners with GSA to offer FedRAMP-authorized cloud security solution to US federal agencies
Exposure management company Tenable announced a OneGov agreement with the U.S. General Services Administration (GSA) to deliver its...
December 11, 2025 06:22 PM
Tenable Partners with GSA OneGov To Help Federal Government Boost Its Cloud Security
Tenable is expanding its partnership with the U.S. federal government by supporting the U.S. General Services Administration OneGov...
December 11, 2025 02:21 PM
Tenable Partners with GSA to Provide Discounted FedRAMP-Authorized Cloud Security Solutions to U.S. Federal Agencies
Tenable partners with GSA to provide discounted Cloud Security solutions for U.S. federal agencies t.
December 11, 2025 02:12 PM
GSA OneGov Signs Agreement With Tenable for Cloud Security
Tenable Public Sector has joined the OneGov ranks to offer a discounted rate on its cloud security enterprise solution, the General Services...
December 11, 2025 01:00 PM
GSA inks OneGov pact with Tenable for 65% discount on cloud security tools
This is the General Services Administration's 17th agreement signed for enterprise-level pricing to all federal agencies.
December 01, 2025 08:23 AM
Tenable Advocates New Cyber Playbook for Saudi Digital Economy - News and Statistics
Tenable's co-CEO promotes a unified, AI-powered exposure management approach in Saudi Arabia to secure ambitious digital projects and...
December 01, 2025 04:00 AM
Tenable’s Mark Thurmond on Black Hat, cybersecurity and exposure management
Thurmond explains what exposure management means in practice, why the Middle East is a strategic priority for Tenable.
November 30, 2025 08:00 AM
Tenable pushes exposure management to the forefront of cybersecurity
Tenable is redefining cybersecurity through an exposure-management approach that unifies visibility across cloud, IT, identity and OT...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Tenable CyberSecurity History Information
Official Website of Tenable
The official website of Tenable is http://www.tenable.com.
Tenable’s AI-Generated Cybersecurity Score
According to Rankiteo, Tenable’s AI-generated cybersecurity score is 703, reflecting their Moderate security posture.
How many security badges does Tenable’ have ?
According to Rankiteo, Tenable currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Tenable have SOC 2 Type 1 certification ?
According to Rankiteo, Tenable is not certified under SOC 2 Type 1.
Does Tenable have SOC 2 Type 2 certification ?
According to Rankiteo, Tenable does not hold a SOC 2 Type 2 certification.
Does Tenable comply with GDPR ?
According to Rankiteo, Tenable is not listed as GDPR compliant.
Does Tenable have PCI DSS certification ?
According to Rankiteo, Tenable does not currently maintain PCI DSS compliance.
Does Tenable comply with HIPAA ?
According to Rankiteo, Tenable is not compliant with HIPAA regulations.
Does Tenable have ISO 27001 certification ?
According to Rankiteo,Tenable is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Tenable
Tenable operates primarily in the Computer and Network Security industry.
Number of Employees at Tenable
Tenable employs approximately 2,331 people worldwide.
Subsidiaries Owned by Tenable
Tenable presently has no subsidiaries across any sectors.
Tenable’s LinkedIn Followers
Tenable’s official LinkedIn profile has approximately 185,257 followers.
NAICS Classification of Tenable
Tenable is classified under the NAICS code 541514, which corresponds to Others.
Tenable’s Presence on Crunchbase
Yes, Tenable has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/tenable-network-security.
Tenable’s Presence on LinkedIn
Yes, Tenable maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/tenableinc.
Cybersecurity Incidents Involving Tenable
As of December 24, 2025, Rankiteo reports that Tenable has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Tenable has an estimated 3,179 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Tenable ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Breach.
How does Tenable detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with salesforce, third party assistance with google cloud’s mandiant, and containment measures with disabled salesloft drift application, containment measures with revoked associated integrations, containment measures with rotated integration credentials, and remediation measures with hardened salesforce environment (tenable), remediation measures with collaborated with salesforce and mandiant (qualys), and recovery measures with restored salesloft-salesforce integration (as of 2024-09-07), and communication strategy with public security alerts (tenable: 2024-09-03, qualys: 2024-09-06), communication strategy with nudge security dashboard tracking affected companies, and enhanced monitoring with okta: restricted inbound ip access to salesforce, and remediation measures with advanced filtering, categorization, and prioritization of vulnerabilities; executive-level reporting; seamless upgrade path to fully managed vulnerability program., and communication strategy with executive-level reporting to track risk posture over time; visibility for leadership and compliance efforts., and enhanced monitoring with continuous view of risk through correlation of tenable findings with live detections...
Incident Details
Can you provide details on each incident ?
Title: SalesDrift Supply Chain Attack Targeting Salesforce Customer Data via OAuth Token Theft
Description: A supply chain attack targeting Salesforce customer data involved the theft of OAuth authentication tokens connected to Salesloft Drift, a third-party application integrated with Salesforce. Attackers gained unauthorized access to customer information stored in Salesforce instances of multiple companies, including Tenable and Qualys. The breach exposed business contact information and support case details, though no evidence of misuse was found. The attack was first identified by Google Threat Intelligence Group (GTIG) in August 2024, with initial compromise dating back to March 2024. Multiple cybersecurity firms were affected, and responses included disabling Salesloft Drift, revoking integrations, and collaborating with Salesforce and Mandiant for investigations.
Date Detected: 2024-08-26
Date Publicly Disclosed: 2024-09-03
Type: Supply Chain Attack
Attack Vector: Stolen OAuth TokensThird-Party Application Compromise (Salesloft Drift)Dormant Persistence
Vulnerability Exploited: Weak OAuth Token SecurityLateral Movement via Stolen Credentials
Motivation: Data ExfiltrationPotential Espionage or Financial Gain (unconfirmed)
Title: None
Description: LevelBlue expanded its partnership with Tenable to include unlimited, enterprise-grade vulnerability scanning for all customers using the LevelBlue Unified Security Management (USM) platform at no additional cost. The update removes constraints in vulnerability programs and shifts focus to prioritization, remediation, and operational follow-through to reduce risk.
Type: Vulnerability Management Enhancement
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Salesloft Drift (Compromised in March 2024).
Impact of the Incidents
What was the impact of each incident ?
Incident : Supply Chain Attack TEN3532135090825
Data Compromised: Business contact information (names, emails, phone numbers, locations), Support case subject lines and initial descriptions
Systems Affected: Salesforce InstancesSalesloft Drift Integration
Operational Impact: Temporary Disruption of Salesloft Drift IntegrationInvestigation and Remediation Efforts
Brand Reputation Impact: Potential Erosion of Trust Due to Supply Chain Vulnerability
Identity Theft Risk: ['Low (no PII misuse reported)']
Incident : Vulnerability Management Enhancement TENLEV1766519861
Operational Impact: Improved operational efficiency and risk reduction through integrated vulnerability management and exposure management.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Business Contact Information, Support Case Metadata and .
Which entities were affected by each incident ?
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Tenable
Entity Type: Cybersecurity Firm (Vulnerability Assessment)
Industry: Cybersecurity
Customers Affected: Portion of customers with data in Salesforce
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Qualys
Entity Type: Cybersecurity Firm (Risk Management)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Google
Entity Type: Technology Company
Industry: Technology
Customers Affected: Limited number of Google Workspace users
Incident : Supply Chain Attack TEN3532135090825
Entity Name: BeyondTrust
Entity Type: Cybersecurity Firm
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Bugcrowd
Entity Type: Cybersecurity Firm (Crowdsourced Security)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Cato Networks
Entity Type: Cybersecurity Firm (Network Security)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Cloudflare
Entity Type: Cybersecurity Firm (Web Infrastructure)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: CyberArk
Entity Type: Cybersecurity Firm (Privileged Access Management)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Elastic
Entity Type: Cybersecurity Firm (Search and Analytics)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: JFrog
Entity Type: Cybersecurity Firm (DevOps Security)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Nutanix
Entity Type: Cloud Computing Firm
Industry: Technology
Incident : Supply Chain Attack TEN3532135090825
Entity Name: PagerDuty
Entity Type: Incident Response Firm
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Palo Alto Networks
Entity Type: Cybersecurity Firm
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Rubrik
Entity Type: Cybersecurity Firm (Data Protection)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: SpyCloud
Entity Type: Cybersecurity Firm (Identity Protection)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Tanium
Entity Type: Cybersecurity Firm (Endpoint Management)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Zscaler
Entity Type: Cybersecurity Firm (Cloud Security)
Industry: Cybersecurity
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Okta
Entity Type: Cybersecurity Firm (Identity Management)
Industry: Cybersecurity
Customers Affected: Attack Attempt Blocked (No Compromise)
Incident : Supply Chain Attack TEN3532135090825
Entity Name: Salesloft
Entity Type: Sales Automation Platform
Industry: Technology
Customers Affected: Multiple (OAuth Tokens Stolen in June 2024)
Incident : Vulnerability Management Enhancement TENLEV1766519861
Entity Name: LevelBlue
Entity Type: Cybersecurity Service Provider
Industry: Cybersecurity
Customers Affected: All customers using LevelBlue USM platform
Incident : Vulnerability Management Enhancement TENLEV1766519861
Entity Name: Tenable
Entity Type: Cybersecurity Vendor
Industry: Cybersecurity
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Supply Chain Attack TEN3532135090825
Incident Response Plan Activated: True
Third Party Assistance: Salesforce, Google Cloud’S Mandiant.
Containment Measures: Disabled Salesloft Drift ApplicationRevoked Associated IntegrationsRotated Integration Credentials
Remediation Measures: Hardened Salesforce Environment (Tenable)Collaborated with Salesforce and Mandiant (Qualys)
Recovery Measures: Restored Salesloft-Salesforce Integration (as of 2024-09-07)
Communication Strategy: Public Security Alerts (Tenable: 2024-09-03, Qualys: 2024-09-06)Nudge Security Dashboard Tracking Affected Companies
Enhanced Monitoring: Okta: Restricted Inbound IP Access to Salesforce
Incident : Vulnerability Management Enhancement TENLEV1766519861
Remediation Measures: Advanced filtering, categorization, and prioritization of vulnerabilities; executive-level reporting; seamless upgrade path to fully managed vulnerability program.
Communication Strategy: Executive-level reporting to track risk posture over time; visibility for leadership and compliance efforts.
Enhanced Monitoring: Continuous view of risk through correlation of Tenable findings with live detections.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Salesforce, Google Cloud’s Mandiant, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Supply Chain Attack TEN3532135090825
Type of Data Compromised: Business contact information, Support case metadata
Sensitivity of Data: Low to Moderate (No Highly Sensitive PII or Financial Data)
Personally Identifiable Information: NamesBusiness Email AddressesPhone NumbersLocation References
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Hardened Salesforce Environment (Tenable), Collaborated with Salesforce and Mandiant (Qualys), , Advanced filtering, categorization, and prioritization of vulnerabilities; executive-level reporting; seamless upgrade path to fully managed vulnerability program..
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled salesloft drift application, revoked associated integrations, rotated integration credentials and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Restored Salesloft-Salesforce Integration (as of 2024-09-07), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Vulnerability Management Enhancement TENLEV1766519861
Regulatory Notifications: Supports compliance efforts through executive-level reporting.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Supply Chain Attack TEN3532135090825
Lessons Learned: OAuth token security requires stricter monitoring and rotation policies., Third-party integrations pose significant supply chain risks and must be continuously audited., Dormant threats can persist for months (initial compromise in March, exploitation in August)., Proactive measures like IP restrictions (Okta) can prevent unauthorized access.
Incident : Vulnerability Management Enhancement TENLEV1766519861
Lessons Learned: Vulnerability management often fails due to overwhelming scan results rather than lack of scanning. Prioritization, remediation, and operational follow-through are critical to reducing risk. Unlimited scanning alone does not solve the problem without proper integration and actionable insights.
What recommendations were made to prevent future incidents ?
Incident : Supply Chain Attack TEN3532135090825
Recommendations: Implement multi-layered authentication for third-party integrations., Enforce least-privilege access for OAuth tokens and revoke unused credentials., Monitor for anomalous activity in integrated applications, especially after dormant periods., Adopt zero-trust principles for Salesforce and similar cloud platforms., Collaborate with vendors (e.g., Salesforce) to share threat intelligence and hardening guidelines.Implement multi-layered authentication for third-party integrations., Enforce least-privilege access for OAuth tokens and revoke unused credentials., Monitor for anomalous activity in integrated applications, especially after dormant periods., Adopt zero-trust principles for Salesforce and similar cloud platforms., Collaborate with vendors (e.g., Salesforce) to share threat intelligence and hardening guidelines.Implement multi-layered authentication for third-party integrations., Enforce least-privilege access for OAuth tokens and revoke unused credentials., Monitor for anomalous activity in integrated applications, especially after dormant periods., Adopt zero-trust principles for Salesforce and similar cloud platforms., Collaborate with vendors (e.g., Salesforce) to share threat intelligence and hardening guidelines.Implement multi-layered authentication for third-party integrations., Enforce least-privilege access for OAuth tokens and revoke unused credentials., Monitor for anomalous activity in integrated applications, especially after dormant periods., Adopt zero-trust principles for Salesforce and similar cloud platforms., Collaborate with vendors (e.g., Salesforce) to share threat intelligence and hardening guidelines.Implement multi-layered authentication for third-party integrations., Enforce least-privilege access for OAuth tokens and revoke unused credentials., Monitor for anomalous activity in integrated applications, especially after dormant periods., Adopt zero-trust principles for Salesforce and similar cloud platforms., Collaborate with vendors (e.g., Salesforce) to share threat intelligence and hardening guidelines.
Incident : Vulnerability Management Enhancement TENLEV1766519861
Recommendations: Integrate vulnerability scanning with detection and response workflows for continuous risk visibility., Use advanced filtering, categorization, and prioritization to focus on critical vulnerabilities., Leverage executive-level reporting to track risk posture over time and support compliance efforts., Consider managed services to streamline operations and reduce internal resource burdens., Monetize vulnerability management through layered services like advanced reporting and remediation support.Integrate vulnerability scanning with detection and response workflows for continuous risk visibility., Use advanced filtering, categorization, and prioritization to focus on critical vulnerabilities., Leverage executive-level reporting to track risk posture over time and support compliance efforts., Consider managed services to streamline operations and reduce internal resource burdens., Monetize vulnerability management through layered services like advanced reporting and remediation support.Integrate vulnerability scanning with detection and response workflows for continuous risk visibility., Use advanced filtering, categorization, and prioritization to focus on critical vulnerabilities., Leverage executive-level reporting to track risk posture over time and support compliance efforts., Consider managed services to streamline operations and reduce internal resource burdens., Monetize vulnerability management through layered services like advanced reporting and remediation support.Integrate vulnerability scanning with detection and response workflows for continuous risk visibility., Use advanced filtering, categorization, and prioritization to focus on critical vulnerabilities., Leverage executive-level reporting to track risk posture over time and support compliance efforts., Consider managed services to streamline operations and reduce internal resource burdens., Monetize vulnerability management through layered services like advanced reporting and remediation support.Integrate vulnerability scanning with detection and response workflows for continuous risk visibility., Use advanced filtering, categorization, and prioritization to focus on critical vulnerabilities., Leverage executive-level reporting to track risk posture over time and support compliance efforts., Consider managed services to streamline operations and reduce internal resource burdens., Monetize vulnerability management through layered services like advanced reporting and remediation support.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are OAuth token security requires stricter monitoring and rotation policies.,Third-party integrations pose significant supply chain risks and must be continuously audited.,Dormant threats can persist for months (initial compromise in March, exploitation in August).,Proactive measures like IP restrictions (Okta) can prevent unauthorized access.Vulnerability management often fails due to overwhelming scan results rather than lack of scanning. Prioritization, remediation, and operational follow-through are critical to reducing risk. Unlimited scanning alone does not solve the problem without proper integration and actionable insights.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Consider managed services to streamline operations and reduce internal resource burdens., Leverage executive-level reporting to track risk posture over time and support compliance efforts., Integrate vulnerability scanning with detection and response workflows for continuous risk visibility., Monetize vulnerability management through layered services like advanced reporting and remediation support., Use advanced filtering, categorization and and prioritization to focus on critical vulnerabilities..
References
Where can I find more information about each incident ?
Incident : Supply Chain Attack TEN3532135090825
Source: Tenable Security Alert
Date Accessed: 2024-09-03
Incident : Supply Chain Attack TEN3532135090825
Source: Qualys Security Alert
Date Accessed: 2024-09-06
Incident : Supply Chain Attack TEN3532135090825
Source: Google Threat Intelligence Group (GTIG) Findings
Date Accessed: 2024-08-26
Incident : Supply Chain Attack TEN3532135090825
Source: Salesloft Update on Compromise Timeline
Date Accessed: 2024-09-07
Incident : Supply Chain Attack TEN3532135090825
Source: Nudge Security Dashboard (Tracking Affected Companies)
Incident : Supply Chain Attack TEN3532135090825
Source: Okta Statement on Blocked Attack Attempt
Date Accessed: 2024-09-02
Incident : Vulnerability Management Enhancement TENLEV1766519861
Source: MSSP Alert
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Tenable Security AlertDate Accessed: 2024-09-03, and Source: Qualys Security AlertDate Accessed: 2024-09-06, and Source: Google Threat Intelligence Group (GTIG) FindingsDate Accessed: 2024-08-26, and Source: Salesloft Update on Compromise TimelineDate Accessed: 2024-09-07, and Source: Nudge Security Dashboard (Tracking Affected Companies), and Source: Okta Statement on Blocked Attack AttemptDate Accessed: 2024-09-02, and Source: MSSP Alert.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Supply Chain Attack TEN3532135090825
Investigation Status: Ongoing (Collaboration with Salesforce and Mandiant)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Security Alerts (Tenable: 2024-09-03, Qualys: 2024-09-06), Nudge Security Dashboard Tracking Affected Companies and Executive-level reporting to track risk posture over time; visibility for leadership and compliance efforts..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Supply Chain Attack TEN3532135090825
Stakeholder Advisories: Public Disclosures By Affected Companies, Nudge Security Dashboard.
Customer Advisories: Tenable and Qualys Notified Affected CustomersNo Evidence of Misuse Reported
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Public Disclosures By Affected Companies, Nudge Security Dashboard, Tenable And Qualys Notified Affected Customers, No Evidence Of Misuse Reported and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Supply Chain Attack TEN3532135090825
Entry Point: Salesloft Drift (Compromised in March 2024)
Reconnaissance Period: March 2024 to June 2024 (Mapping Internal Systems)
High Value Targets: Salesforce Customer Data, Oauth Tokens,
Data Sold on Dark Web: Salesforce Customer Data, Oauth Tokens,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Supply Chain Attack TEN3532135090825
Root Causes: Insufficient Protection Of Oauth Tokens In Salesloft Drift, Delayed Detection Of Initial Compromise (March To August 2024), Lack Of Segmentation Between Third-Party App And Salesforce Data,
Corrective Actions: Disabled Vulnerable Integrations (Salesloft Drift), Hardened Salesforce Environments (E.G., Tenable), Enhanced Monitoring For Anomalous Oauth Token Usage, Restored Salesloft-Salesforce Integration With Improved Security Controls,
Incident : Vulnerability Management Enhancement TENLEV1766519861
Root Causes: Vulnerability management breakdowns due to overwhelming scan results and lack of prioritization/remediation.
Corrective Actions: Embedded Tenable scanning in USM platform with advanced filtering, categorization, and prioritization; seamless upgrade path to managed vulnerability program; integration with detection and response workflows.
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Salesforce, Google Cloud’S Mandiant, , Okta: Restricted Inbound Ip Access To Salesforce, , Continuous view of risk through correlation of Tenable findings with live detections..
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Disabled Vulnerable Integrations (Salesloft Drift), Hardened Salesforce Environments (E.G., Tenable), Enhanced Monitoring For Anomalous Oauth Token Usage, Restored Salesloft-Salesforce Integration With Improved Security Controls, , Embedded Tenable scanning in USM platform with advanced filtering, categorization, and prioritization; seamless upgrade path to managed vulnerability program; integration with detection and response workflows..
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-08-26.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Business Contact Information (names, emails, phone numbers, locations), Support Case Subject Lines and Initial Descriptions and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Salesforce InstancesSalesloft Drift Integration.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was salesforce, google cloud’s mandiant, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Disabled Salesloft Drift ApplicationRevoked Associated IntegrationsRotated Integration Credentials.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Support Case Subject Lines and Initial Descriptions, Business Contact Information (names, emails, phone numbers and locations).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Proactive measures like IP restrictions (Okta) can prevent unauthorized access., Vulnerability management often fails due to overwhelming scan results rather than lack of scanning. Prioritization, remediation, and operational follow-through are critical to reducing risk. Unlimited scanning alone does not solve the problem without proper integration and actionable insights.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enforce least-privilege access for OAuth tokens and revoke unused credentials., Monitor for anomalous activity in integrated applications, especially after dormant periods., Consider managed services to streamline operations and reduce internal resource burdens., Collaborate with vendors (e.g., Salesforce) to share threat intelligence and hardening guidelines., Leverage executive-level reporting to track risk posture over time and support compliance efforts., Adopt zero-trust principles for Salesforce and similar cloud platforms., Integrate vulnerability scanning with detection and response workflows for continuous risk visibility., Implement multi-layered authentication for third-party integrations., Monetize vulnerability management through layered services like advanced reporting and remediation support., Use advanced filtering, categorization and and prioritization to focus on critical vulnerabilities..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are MSSP Alert, Tenable Security Alert, Qualys Security Alert, Nudge Security Dashboard (Tracking Affected Companies), Salesloft Update on Compromise Timeline, Google Threat Intelligence Group (GTIG) Findings and Okta Statement on Blocked Attack Attempt.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Collaboration with Salesforce and Mandiant).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Public Disclosures by Affected Companies, Nudge Security Dashboard, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Tenable and Qualys Notified Affected CustomersNo Evidence of Misuse Reported.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Salesloft Drift (Compromised in March 2024).
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was March 2024 to June 2024 (Mapping Internal Systems).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Insufficient Protection of OAuth Tokens in Salesloft DriftDelayed Detection of Initial Compromise (March to August 2024)Lack of Segmentation Between Third-Party App and Salesforce Data, Vulnerability management breakdowns due to overwhelming scan results and lack of prioritization/remediation..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Disabled Vulnerable Integrations (Salesloft Drift)Hardened Salesforce Environments (e.g., Tenable)Enhanced Monitoring for Anomalous OAuth Token UsageRestored Salesloft-Salesforce Integration with Improved Security Controls, Embedded Tenable scanning in USM platform with advanced filtering, categorization, and prioritization; seamless upgrade path to managed vulnerability program; integration with detection and response workflows..
.png)
Latest Global CVEs (Not Company-Specific)
Description
Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account Token specified in spec.hashiCorpVault.credential.serviceAccount. An attacker with permissions to create or modify a TriggerAuthentication resource can exfiltrate the content of any file from the node's filesystem (where the KEDA pod resides) by directing the file's content to a server under their control, as part of the Vault authentication request. The potential impact includes the exfiltration of sensitive system information, such as secrets, keys, or the content of files like /etc/passwd. This issue has been patched in versions 2.17.3 and 2.18.3.
Risk Information
cvss4
Base: 8.2
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
- https://github.com/fedify-dev/fedify/commit/2bdcb24d7d6d5886e0214ed504b63a6dc5488779
- https://github.com/fedify-dev/fedify/commit/bf2f0783634efed2663d1b187dc55461ee1f987a
- https://github.com/fedify-dev/fedify/releases/tag/1.6.13
- https://github.com/fedify-dev/fedify/releases/tag/1.7.14
- https://github.com/fedify-dev/fedify/releases/tag/1.8.15
- https://github.com/fedify-dev/fedify/releases/tag/1.9.2
- https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93
Description
Authenticated Remote Code Execution (RCE) in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file (e.g., home.php).
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Description
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=tenableinc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
