# How to get a free Tenable One tenant from us > How to get a free trial Tenable One tenant from FM CyberSecurity, scan your own infrastructure, and walk away with a written readout you can act on. Source: https://fmcybersecurity.com/en/insights/exposure/how-to-get-a-free-tenable-one-tenant/ Locale: English Other locale: https://fmcybersecurity.com/insights/exposure/gratis-tenable-one-tenant/ ## Metadata - Date: 2026-05-29 - Author: anders-helgesplass - Topic: exposure - Format: guide - Partner: tenable Here is how to get a free trial [Tenable One](/en/partners/tenable/) tenant from us, point it at your own infrastructure, and get a written readout at the end. As a Tenable partner, FM CyberSecurity can spin up a real trial environment so you evaluate against your own assets, not a vendor demo. The trial is an evaluation, not a guaranteed result. This is a how-to, not a sales page. Below is what you can scan, what we set up, what you do, and what you take away. ![Tenable logo and Free Tenable One, FM CyberSecurity](../../../assets/news/how-to-get-a-free-tenable-one-tenant-inline.png) ## What you can get a trial of You can trial Tenable One, or any single Tenable module on its own. Tenable One is the exposure management platform that pulls vulnerability, web, cloud, and identity risk into one view. If you only want to test one part, we can stand up that part alone. The modules you can evaluate: - Tenable Vulnerability Management (formerly Tenable.io), the cloud-managed scanner built on Nessus, for internal and external vulnerability scanning. - Tenable Web App Scanning, for the public web apps you run. - Tenable Identity Exposure, which surfaces Active Directory and Entra ID misconfiguration. It shows identity risk; it is not identity management, and it does not replace privileged access management. - Nessus, if you want the scanner on its own rather than the cloud platform. Tell us which question you are trying to answer, and we scope the trial to that question instead of switching everything on at once. ## What FM CyberSecurity sets up We provision the trial tenant under FM CyberSecurity's Tenable partner account and configure it for your scope. You do not have to negotiate a trial with a vendor or stand up the platform yourself. Concretely, we: - Create the trial tenant and add your named users with the right roles. - Deploy one or two Nessus scanners inside your network (virtual appliance or container) for internal scans. - Point external scanning at your public IPs and domains from Tenable's cloud. - Connect cloud accounts (AWS, Azure, Google Cloud) read-only, if cloud is in scope. - Install the Tenable Identity Exposure collector against a read-only service account on a domain controller, if Active Directory is in scope. Every access we use is documented with an expiry, and removed at the end of the trial if you ask. ## What you do You do three things: agree the scope, give us the access, and pick a contact who can answer questions during the trial. That is the whole ask on your side. In practice, that means: 1. Spend thirty minutes with us agreeing what gets scanned. The systems that carry contract obligations go first: the file shares, the customer-facing app, the cloud workloads, the e-mail platform, the Active Directory. 2. Provide least-privilege scanning accounts for internal hosts, your public IP ranges and domains for external, and a read-only role per cloud subscription. 3. Name one person who can confirm an asset owner or a scan window when a question comes up. You do not run the scans. We do, in windows you approve, throttled so low-end devices are not loaded. ## What you scan You scan your own infrastructure, against your own contract obligations, not a sandbox. That is the point of doing this over a vendor demo. The first read against a real network is the read that tells you whether the platform earns a place in your budget. A typical trial scope covers internal vulnerability scanning on the in-scope ranges, an external scan of your public IPs and domains, a web app scan of the apps you named, and, where it is in scope, a continuous read on cloud and identity risk. You see your real findings, on your real assets, prioritised against the systems that matter to your business. ## What you get out of it You get a working tenant, your real findings, and a short written readout. The readout is the deliverable that survives the trial, so it is built to be read by an IT lead, an auditor, or a board. The written readout covers: - Scope: what was scanned and what was not. - Top findings by business impact, not raw CVSS score. - A metrics baseline: total critical and high findings, mean finding age, and the share of assets with a named owner. - What it would take to turn the trial into an ongoing programme. If you decide Tenable is not the right fit, you keep the readout and the asset picture. If you decide it is, see [why we picked Tenable for exposure management](/en/insights/exposure/why-we-picked-tenable-for-exposure-management/), and the [Nessus vs Tenable Vulnerability Management vs Tenable One](/en/insights/exposure/nessus-vs-tenable-vulnerability-management-vs-tenable-one/) comparison to choose the right tier. ## Next action Talk to Anders to scope a free Tenable One trial. We come back with a written scope, stand up the tenant, run the first scan, and hand you a readout you can put in front of a budget owner. For how the first proper scan runs once you commit, see [how we run the first vulnerability assessment in Tenable One](/en/insights/exposure/first-vulnerability-assessment-in-tenable-one/), or read more about [FM CyberSecurity's exposure management service](/en/services/exposure-management/). ## FAQ ### Is the Tenable One trial free, or is there a catch? Yes. We provision a trial tenant under FM CyberSecurity's Tenable partner account at no cost to you, set it up for your scope, run the first scan, and give you a written readout. It is an evaluation, so it runs for a fixed trial period and on a scope we agree up front. There is no obligation to buy at the end. ### Can we trial just one module instead of all of Tenable One? Yes. You can evaluate any single module on its own: Tenable Vulnerability Management, Tenable Web App Scanning, Tenable Identity Exposure, or Nessus. Tell us the one question you want answered and we scope the trial to that, rather than switching on every part of the platform. ### What can we scan during the trial? Your own infrastructure: internal IP ranges, public IPs and domains, web apps, cloud accounts, and Active Directory or Entra ID where identity is in scope. You scan your real assets against your real contract obligations, which is the test a vendor demo cannot give you. ### Will the scans cause downtime? No, on healthy infrastructure. Authenticated vulnerability scans on modern Windows and Linux are read operations. We run them in windows you approve, throttle the scan rate for low-end devices, and pause if your monitoring flags anything. For a production web app we plan around a staging site or a low-traffic window, by agreement. ### Does Tenable Identity Exposure replace our PAM? No. Tenable Identity Exposure surfaces misconfiguration in Active Directory and Entra ID: stale admin accounts, weak Kerberos settings, risky delegations, and trust paths. It is visibility into identity risk, not a privileged access management product. If you run CyberArk, the two complement each other; if you do not, the findings are a useful input to that decision. ### What do we keep if we decide not to buy? You keep the written readout and the asset picture it is built on: the scope, the top findings by business impact, and the metrics baseline. The trial tenant is decommissioned at the end of the evaluation period, but the readout is yours. --- --- For the full documentation index, see https://fmcybersecurity.com/llms.txt For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt