Continuous Security with Tenable + SecureW2
Leverage Tenable insights to ensure only trusted, compliant, and less vulnerable devices maintain network and application access.
Every device carries some level of risk, but that risk changes constantly depending on the threat exposure level, the growing attack surface, and the risk appetite of the organization. By ingesting Tenable’s exposure scores, SecureW2 ensures that network access reflects a device’s current security posture and not just its state at enrollment. Certificates are only valid as long as the device remains trustworthy, enabling continuous policy enforcement.
Technical Specifications
Setup Time
30 minutes
Cert-Based Network Authentication
Universal Compatibility
Support Tenable
Plus Leverage Your IAMs, MDM, & EDRs
Secure Protocols
ACME OAuth
SAML 2.0, Webhooks
Sync Method
Dynamic APIs
Triggered via Webhook
Certificate Infrastructure
Cloud-Native PKI
HSM-Backed Certificate Management
Device Trust
Adaptive Access
Manage Access as Threats Evolve
How SecureW2 + Tenable Enhances Your Security
Risk-Driven Network Access
Network policies that automatically adapt to Tenable's risk signals and threat detections in real-time.
Real-Time Automation
Continuous Device Trust
Enforce certificate-based access only for devices that remain healthy and compliant, even after onboarding.
Ongoing Assurance
Automated Remediation
Replace manual security actions by automatically denying access and enforcing policy changes based on Tenable events.
Immediate Containment
Top SecureW2 + Tenable Use Cases
Automate Network Access & Segmentation via Tenable Signals
Enable automated network access control and segmentation for devices based on real-time threat intelligence from Tenable.
- 1 SecureW2's Cloud PKI integrates with Tenable to receive real-time threat signals.
- 2 The Dynamic Policy Engine correlates these risk signals with identity and device context.
- 3 Access policies are automatically updated based on the combined information.
- 4 Devices are segmented into appropriate VLANs and allowed/denied access based on their current risk exposure
-
Automated, policy-driven network segmentation.
-
Reduced attack surface and lateral movement.
-
Immediate quarantine of compromised devices.
-
Continuous validation of device and user trust.
Validate Device Status & Posture During Certificate Issuance
Secure and automate certificate issuance with real-time device and posture intelligence
- 1 A device initiates a certificate request to SecureW2
- 2 SecureW2’s Dynamic PKI queries Tenable with the relevant Asset UUID for the device’s exposure posture
- 3 The policy engine evaluates the device's health and other attributes
- 4 Based on the policy evaluation, a certificate is either issued or denied.
-
Ensures that only trusted and compliant devices receive certificates.
-
Reduced risk of rogue or compromised devices accessing the network.
-
Adaptive, policy-driven certificate issuance without manual oversight.
-
Strengthened security posture in line with DeviceTrust principles.
Webhook-based Certificate Lifecycle Automation
Leverage webhooks and automate the entire certificate lifecycle—from issuance to revocation.
- 1 Tenable detects a change in the device’s exposure level
- 2 The platform sends a real-time webhook or eventhook to the SecureW2 Dynamic PKI.
- 3 SecureW2's policy engine receives these signals and instantly triggers auto-remediation workflows
- 4 The certificate is retained, suspended, or revoked based on these workflow decisions
-
Instant certificate revocation for compromised or deprovisioned devices.
-
Reduced security risks from non-compliant or untrusted endpoints.
-
Elimination of manual certificate management tasks.
-
Continuously enforced DeviceTrust policies in real time.
Protocols Supported
Comprehensive protocol support for SecureW2 and Tenable integration
| Protocol | Supported | Notes |
|---|---|---|
| SAML 2.0 | Used with JoinNow MultiOS to authenticate users against a cloud IDP, initiating the certificate enrollment process. | |
| LDAP | Used with JoinNow MultiOS to validate users in an LDAP database before enrolling them for a certificate. | |
| 802.1X | Set up 802.1x in under an hour with our cloud, managed PKI, 802.1x onboarding, and RADIUS authentication services. | |
| EAP-TLS | We don't just set you up for 802.1x. Achieve the gold standard, Passwordless, certificate-based, 802.1x Wi-Fi. | |
| ACME | Dynamic PKI services that enable the use of ACME DA for user devices and for server certificate automation. | |
| Dynamic SCEP | Prevent API compromise and certificate spoofing with certificate auto-enrollment via Dynamic SCEP. | |
| OAuth 2.0 | Query IAM, MDM, and EDR infrastructure to continuously monitor trust for PKI and network access automation. | |
| OpenID Connect | Confirm user/device identity before authorizing certificate enrollment or renewal. |
Frequently Asked Questions
What is the SecureW2 and Tenable integration?
This integration connects SecureW2’s Dynamic PKI and policy engine with Tenable's risk signals. It turns device risk assessments into automated certificate issuance, updates, or revocations—ensuring only compliant, trusted devices retain access to your network and applications.
Why is this integration important for my organization?
This integration helps automate your security processes. Instead of relying on manual actions, it uses real-time data to automatically manage device access, which helps prevent breaches and simplifies your IT workload
What information from Tenable does SecureW2 use?
SecureW2 uses the "Overall Assessment" value, which is considered the device's risk score. It can also use other attributes like the device's serial number, operating system, and a unique agent ID.
How does the integration handle policy changes?
The integration uses webhooks to automatically update access policies. This means that if a device's risk score changes or a user's status is altered in Tenable, SecureW2 is notified instantly and can automatically apply the correct network policy, ensuring security is always up to date.
Can I use this for non-corporate devices?
Yes, this integration can also support BYOD (Bring Your Own Device). It allows for a simplified and secure onboarding process for personal devices, ensuring they are automatically validated for compliance and risk before being granted network access, without requiring an agent.
Ready to Activate Tenable Integration with SecureW2?
Schedule a demo to see how certificate lifecycle automation and device trust keep only the right users connected to your network.