Tenable has been named a Continuous Threat Exposure Management (CTEM) Leader in Latio’s 2025 Cloud Security Market Report. This recognition is based on rigorous product testing conducted by Latio founder and lead analyst James Berthoty.

Latio’s recognition of Tenable as a hybrid cloud CTEM leader in its 2025 Cloud Security Market Report validates our strategy with the Tenable One Exposure Management Platform. As a cloud security thought leader, Latio approaches analysis from a practitioner’s perspective. Their motto says it all: “The only analyst firm that tests products, so you can find the right one.”

According to the report, CTEM leaders are “building the future of doing vulnerability management at scale by taking data from multiple sources and unifying it into a single vulnerability management tool. These tools provide teams the ability to ingest, prioritize, and deliver remediations across several teams.”

The 2025 Cloud Security Market Report discusses the evolution of cloud security beyond cloud native application protection platform (CNAPP) tools. It includes a buyer’s guide as well as findings from a survey of cloud security practitioners at organizations ranging in size from 10 to tens of thousands of employees. While over 70% of organizations’ CNAPP tools are owned by their cloud security team — with the remainder dispersed between product security or vulnerability management teams — the report predicts that “the evolution of cloud security into larger vulnerability management programs will be a continuing trend.”

What Latio predicts for the cloud security market

The report states that “the future of cloud security will not be defined by a single [CNAPP] platform offering a set of capabilities. Instead, organizations will move towards more consolidated cloud vulnerability management programs which sit alongside their security operations programs. These two programs will drive results focused respectively on proactive risk mitigation, and fast reactions to ongoing security incidents.”

“The future of cloud security tooling is moving beyond CNAPP as an ‘everything security’ platform.”

— James Berthoty, Latio founder and lead analyst

Latio’s emphasis on proactive risk mitigation aligns with what Tenable has been saying for years: The future of cloud security isn’t about building another isolated platform. It’s about giving organizations a holistic view of their entire attack surface, including vulnerability management, identities, cloud, operational technology (OT), internet of things (IoT), and AI, so they can build a navigable map of their environment, showing the attack paths teams simply can’t see from inside their functional silos. And it’s about empowering organizations to proactively find and fix the exposures that pose the greatest risk to their environment.

As James Berthoty, Latio founder and lead analyst, writes in the report: “The future of cloud security tooling is moving beyond CNAPP as an ‘everything security’ platform.”

The report goes on to note: “Increasingly, enterprise security teams need to build complicated workflows for getting vulnerabilities fixed. These tools need to span across all of an organization’s assets in order to create consistent and scalable vulnerability programs. Cloud security no longer happens in isolation.”

The report identifies three emerging categories:

• Application Security Testing (AST) for developers
• Continuous Threat Exposure Management (CTEM) for unified vulnerability management
• Cloud Application Detection and Response (CADR) for runtime protection

Latio positions CTEM as the critical integration layer — the platform that brings everything together. This is exactly what we built Tenable One to be.

Where Tenable fits in: Hybrid cloud CTEM leader

Latio's recognition of Tenable as a leader in hybrid cloud CTEM solutions highlights our ability to standardize infrastructure risk management across on-prem and cloud systems. It explicitly calls for solutions that provide “hybrid cloud vulnerability management,” bringing the innovations of cloud security to on-premises and hybrid environments.

"Cloud security no longer happens in isolation."

— Latio 2025 Cloud Security Market Report

What makes this recognition special is the acknowledgment of Tenable’s unique position. We’re not a cloud-native vendor trying to retrofit on-premises support, nor are we bolting cloud capabilities onto a legacy scanner. We’re a unified exposure management platform that treats your entire attack surface — cloud, on-premises, identity, containers — as one ecosystem.

This is precisely why Tenable Cloud Security exists as part of Tenable One, not as a standalone product.

The CTEM category

Latio’s articulation of the CTEM category closely aligns with Tenable’s exposure management vision. The report shows how CTEM integrates multiple data sources to produce three critical outputs:

• Attack paths
• Prioritizations
• Remediations

What makes Tenable’s approach to cloud security unique

Tenable One brings together data from across your attack surface, applying sophisticated prioritization that considers threat intelligence, asset criticality, and business context, and helps you drive remediation workflows. We believe Tenable is unique in four key ways:

• We’re outcome-focused. As the report notes, many practitioners prefer using “best in class scanners” with “an aggregation layer.” Tenable Cloud Security can be that best-in-class scanner, or we can be the aggregation layer. We’re focused on outcomes, not vendor lock-in.
• We understand both worlds. Unlike vendors who started as cloud-native solutions and are now adding on-premises support, Tenable has deliberately built a platform for hybrid environments from the start.
• We’re focused on the right problem.The report makes a critical observation: “A misconfiguration is just another kind of vulnerability.” We couldn’t agree more. Your CISO doesn’t care whether a risk comes from an unpatched server or a misconfigured S3 bucket — they care about what’s most likely to lead to a breach. Tenable One helps answer that question.
• We enable flexibility. The report’s decision tree for buyers shows that different organizations have different needs based on their architecture, team size, and security maturity. Tenable One is designed to meet organizations where they are, integrating with the tools they’ve chosen while providing unified visibility and prioritization.

Learn more

• Read the Latio 2025 Cloud Security Market Report
• See how Tenable Cloud Security fits into our exposure management vision. Visit our cloud security page: https://www.tenable.com/products/tenable-cloud-security