Tenable Enclave Security

Built for highly secure and data-restricted environments, Tenable Enclave Security brings Tenable’s cyber risk capabilities to classified, regulated, and air-gapped networks. It allows teams to assess vulnerabilities and container risk while strictly adhering to data residency and security requirements.

Why teams choose this platform

• High-Security Zones: Purpose-built for environments with strict residency and security controls.
• Private Container Platform: Deploy supported on-prem Tenable products within your own infrastructure model.
• Key Tenable Workloads: Run Tenable Security Center and Tenable Container Security directly within the enclave.
• Air-Gap Friendly: Installation and management workflows include specific offline patterns for controlled networks.
• Clear Boundaries: Know strictly what is supported (e.g., LCE Event Analysis is excluded) to avoid planning surprises.

Tenable Enclave Security: At a Glance

• The Platform: A private container solution designed to run supported Tenable products on-prem in secure environments.
• Best For: Classified/regulated networks, air-gapped enclaves, and mission-critical operations requiring strict residency.
• Deployment: Installed into a Kubernetes cluster via a Helm-based workflow.
• Licensing: Purchased based on assessed container images (per Tenable’s licensing guide).
• Activation: File-based workflows support both connected and offline processes.
• Required Data: Enclave count, Kubernetes environment details, products to deploy (Security Center / Container Security), and connectivity status.

License Overview

The Tenable Enclave Security license defines what you can run in the enclave and the scale of your assessment.

How it works: Tenable ties pricing to assessed container images. Broadly, the licensing flow connects your entitlements to assessed assets coming from Container Security or Security Center data sources.

Activation: After purchase, the experience is file-driven. Administrators upload the provided license file directly through the Enclave Security interface to enable capabilities. For controlled networks: Tenable documents an offline registration approach. You use a separate internet-connected workstation to move license materials in and out, ensuring the enclave never requires direct internet access.

Procurement Strategy: To prevent friction, define these inputs upfront:

1. Expected container image assessment volume.
2. Which products you plan to deploy inside the enclave.
3. Operational constraints (air-gap, update restrictions, compliance).

Product Overview

Tenable Enclave Security acts as a secure hosting and operations layer delivered as a private container platform running inside your Kubernetes environment. Instead of pushing sensitive telemetry out to a SaaS service, you deploy and operate capabilities within the enclave boundary, using built-in utilities to analyze results under your own security rules.

Core Technical Flow

1. Prepare: Ensure Kubernetes meets system requirements and storage performance needs (disk-intensive).
2. Install: Deploy Enclave Security using the standard Helm-based workflow.
3. Deploy Products: Launch supported workloads like Security Center and/or Container Security.
4. Analyze: Collect findings inside the controlled boundary using available reporting utilities.
5. Operate: Manage updates and licensing via connected or offline workflows based on policy.

Operational Outcomes

• Visibility: Vulnerability and container-risk visibility inside high-security networks (no “forced SaaS” model).
• Consistency: Standardized deployment and management of Tenable products in Kubernetes.
• Compliance: Documented offline-friendly workflows for strict auditing.

Ordering Guide and Pricing

Quoting is typically driven by your assessed container image scope, the on-prem products you are deploying (Security Center and/or Container Security), and your specific enclave constraints.

Pricing Factors

• Volume: Assessed container image scope.
• Products: Security Center vs. Container Security.
• Infrastructure: Kubernetes sizing and storage capacity.
• Constraints: Air-gap, controlled updates, and licensing workflow needs.

Activation Guide

Connected / Online Activation

1. Navigate to Settings/Information → Licenses.
2. Upload the license file.
3. Entitlements enabled.

Controlled / Offline Activation

1. Use an internet-connected workstation to obtain license materials.
2. Transfer files to the isolated enclave.
3. Upload/apply locally.
4. Compliance maintained without direct internet access.