Vulnerability Management

Built for continuous exposure reduction, Tenable Vulnerability Management is a cloud-managed vulnerability management platform that helps you discover assets, assess vulnerabilities, and prioritize what to fix first, without running a full on-prem management stack.

Why teams choose this platform

• Cloud-managed VM (vs on-prem): Tenable Vulnerability Management is managed in the cloud, while Tenable Security Center is the on-prem option.
• Continuous discovery + assessment: always-on discovery and assessment to find assets and vulnerabilities.
• Built-in prioritization + threat intelligence: helps focus remediation on critical exposure.
• API + integrations: supports automation and integration-driven workflows.
• Clear asset model: licensed by annual subscription and priced by asset (not IP), with an asset-counting approach to reduce duplication.

Tenable Vulnerability Management At a glance

• What it is: Cloud-based vulnerability management for asset discovery, scanning, prioritization, and reporting.
• Best for: Security + IT teams that need centralized vulnerability visibility and predictable remediation workflows across mixed environments.
• Subscription model: Annual subscription priced by asset (not IP).
• Activation method: Deploy/link scanners and/or agents to your cloud instance using a linking key (linked scanner workflow).
• What we need from you (for a fast quote): estimated asset count (now + growth), environment mix (on-prem/cloud), scanning approach (network scanners vs agents), any web app scope (if applicable), and term.

License overview

The Tenable Vulnerability Management license is an annual subscription that unlocks cloud-based vulnerability management and determines how many unique assets you can continuously discover, scan, and track. Tenable prices the subscription by asset (not by IP address) and uses an asset-counting method to identify unique assets and reduce duplication across scan sources. Your subscription term is typically 1 year or multi-year, and while active it provides access to platform updates plus the licensed product capabilities in your Tenable account.

Activation is account-based rather than “installing a key” on every endpoint: once the subscription is provisioned, you add sensors such as linked Nessus scanners and/or agents, then authenticate them to your cloud instance using a linking key from the Sensors/Linked Scanners area. From there, scan templates and policies drive assessment schedules, while the platform counts and reports licensed assets and can reclaim assets over time as they fall out of scope.

For procurement, the clean way to avoid overages is to size for your real asset inventory (including ephemeral cloud resources), decide what discovery methods you will use (network scanners, agents, connectors), and align any add-ons (for example, web applications) with your intended coverage. If you share your asset estimate, environment mix, and term preference, we can map the right subscription and quote-ready bill of materials.

Product Overview

At a high level, Tenable Vulnerability Management combines a cloud console with deployable sensors (scanners and agents) to collect vulnerability data, build an accurate asset inventory, and drive risk-based remediation.

Core technical flow

1. Provision the cloud tenant and set up users/roles.
2. Deploy sensors (linked Nessus scanners and/or agents) where scanning must occur.
3. Link sensors securely using a linking key so they report to your instance.
4. Create scan policies and target groups to match networks, segments, and cloud scope.
5. Prioritize + operationalize remediation with built-in risk scoring, reporting, and integrations/APIs.

Ordering Guide and Pricing

• Asset count(current + 12–24 month growth buffer)
• Subscription term (1 year vs multi-year)
• Scope of coverage (on-prem networks, cloud resources, remote endpoints via agents)
• Any add-on coverage you want alongside the platform (e.g., web applications, if in scope).

Activation Guide For Tenable Vulnerability Management

Connected / online activation

1. In Tenable Vulnerability Management: Settings → Sensors → Linked Scanners → copy the linking key
2. Deploy a Nessus scanner (or agent) in the target network
3. Link it to your instance using the linking key (and validate it shows as linked)

Controlled / restricted environments

• Use approved egress (proxy/allowlist) so sensors can reach the cloud service, rather than requiring broad outbound access.
• For agents, the linking workflow commonly points to sensor.cloud.tenable.com:443 (policy-dependent).