Start with Identity
CIEM

Tenable Cloud Security

Founded 2019Boston, Massachusetts, USA (Ermetic origin: Tel Aviv, Israel)Public (Tenable; acquired Ermetic in 2023)Score 4.3/5Evaluated 2026-07-03Website ↗

Capability scores

Methodology →
Authentication
3.0
SSO & Federation
3.0
Authorization
4.5
Lifecycle & Provisioning
2.5
MFA & Passwordless
2.5
Governance & Audit
4.5
Developer Experience
4.0
Deployment Flexibility
3.5
Pricing Transparency
2.5
Support & Ecosystem
4.0

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

Tenable Cloud Security is the cloud-native application protection and CIEM offering built on Ermetic, the cloud entitlement specialist Tenable acquired in 2023. It focuses on discovering identities and permissions across multi-cloud environments and enforcing least privilege.

What it is good at

Its heritage is deep entitlement analysis: mapping human and machine identities to the exact permissions they hold across AWS, Azure, and GCP, surfacing toxic combinations and unused access, and recommending least-privilege policies. Just-in-time access and strong multi-cloud coverage round it out, and it correlates entitlement risk with Tenable's broader exposure management.

Where it falls short

It is most compelling for organizations that want a dedicated CIEM and can absorb an enterprise sales motion. Teams already standardized on another CNAPP may prefer that vendor's native entitlement features, and pricing is quote-based.

Pricing

Quote-based enterprise pricing, typically part of a Tenable Cloud Security subscription.

Best for, and who should look elsewhere

Choose it for deep, standalone multi-cloud CIEM, especially alongside Tenable exposure management. Look elsewhere if you want CIEM inside a single CNAPP console (see Wiz) or a lightweight tool.

Bottom line

One of the strongest dedicated CIEM engines, now inside Tenable's exposure management portfolio.

More CIEM vendors

All CIEM

By SWI Community Team · Last evaluated 2026-07-03

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to [email protected].