Product updates

Zanshin Release Notes

Learn about new features, changes, and improvements to Zanshin.

The New Security Score: Moving Beyond Relative Risk | November, 2025

November 17, 2025

Security ratings are essential for managing risk and they are most valuable when providing enhanced transparency and stability, with metrics directly linked to action.

‍

Our data science team is taking advantage of the rapid growth of the Zanshin solution, which brings more volume and variety to our dataset. Based on this work, we are excited to announce an upgrade to our scoring methodology, ensuring it more accurately represents the security posture of organizations.

‍

What changed?

A simplification of the factors used to calculate scores, and a calibration of their relative weights;
Adjustments to parts of the score calculation which were evaluating organizations relative to the entire population in our platform. This means your score is now based solely on your own security performance, allowing you to set confident security goals.

The New Security Score is a monumental step toward providing a security rating that is not just a benchmark, but a trusted and transparent tool for improving your risk posture.

Latest Product Updates | October, 2025

October 24, 2025

1. Role-Based Access Control (RBAC)

This concept enhances access management by allowing organizations to assign specific roles with predefined permissions to users. This ensures that users only have access to relevant sections in Zanshin, reducing security risks and improving operational efficiency.

To access this feature:

1. Go to the “MY ORGANIZATION” section and select “Members” from the left-hand menu.

2. Click on the “Roles” tab.

3. Here you can see the roles you created and the predefined roles (labeled in blue) that come with Zanshin.

Please see a sample:

Customized roles can be created by assigning the required permissions and users to them, aligning with your specific business needs.

2. New Scan Target Types

Added support for SentinelOne Singularity and Microsoft Intune (under Microsoft 365), expanding the platforms and services Zanshin can continuously monitor. Check the “SaaS” section in the Scan Targets Dashboard page for the “Microsoft 365” box and the “Security Tools” section for the “SentinelOne Singularity” box.

As usual, Zanshin will scan these platforms without ever having access to your sensitive data, such as your organization’s databases data or credentials. We simply ask for the minimal set of permissions to review security-relevant settings, to ensure you stay as safe as possible.

‍Note: Current Microsoft 365 customers being monitored by Zanshin could experience an impact on their organization score if they use Microsoft Intune.

‍

3. Assign Business Impact to 3rd Parties

This feature allows first-party users (typically TPCRM Managers) to assign a Business Impact level to each of their third-parties. The assigned impact level reflects how critical a third party is to the organization's operations and helps prioritize risk management activities. Business impact values can be set individually or in bulk, and can be used as filters across key views such as the Following Organizations List and 1st Party Portfolio Management Dashboard.

In the “FOLLOWING” section, select “Organizations” from the left-hand menu.

The Following Organizations List will appear.

Check each following organization and choose the desired Business Impact level to set from the dropdown menu above it.

See the sample below:

This classification will also be available during onboarding (Pre-Contract Due Diligence), on the Following Organization profile, and within the Following Organizations List for easy management and visibility.

‍

4. New Reports (Third Party and Self-Assessment)

For third-party reports, go to the “FOLLOWING” section, and click on “Organizations”. In the Following Organizations List, select the one to generate the report for by clicking on it. Click on the “Generate Report” button and select the appropriate options.

Here is a sample:

For self-assessment reports, go to the “FOLLOWERS” or “FOLLOWING” section and click on “Assessments”. Click on the questionnaire you want to generate the report for, and click on the “Self-Assessment Report” button that should appear.

Here is a sample:

‍

5. (SAQ) Historical Information

This feature allows users to view the complete historical information for an assessment, including detailed information for each question (such as the answers and comments provided), any associated comments for the questionnaire, the users that provided information, and the history of status changes. It aims to enhance transparency and traceability within assessments and the interaction between organizations (1st party and 3rd parties).

Questionnaire level historical information sample:

Go to the “FOLLOWERS” or “FOLLOWING” section and click on “Assessments”. Click on the questionnaire to check the historical information, and click on the “Comments” icon.

Toggle "See history" on.

Question level historical information sample:

Go to the “FOLLOWERS” or “FOLLOWING” section and click on “Assessments”. Click on the questionnaire to check the historical information, and click on the desired question.

Our Customer Success team is always ready to assist you in case you have any questions.

Latest Enhancements and Updates | September/25

September 2, 2025

Here at Tenchi Security, we’ve been working hard to make Zanshin more powerful, accurate, and aligned with your needs. Here’s a look at the latest features we’ve added over the past months to help you reduce risk, stay compliant, and work more efficiently.
‍

🔎 Summary of Updates

Security Score Enhancements:

Historical score performance: now you can analyze historical score records up to 12 months.

New score based exclusively on public scan target information, so that 3rd parties security diligence on the specific topic of public attack surface security can be examined

Expanded Coverage: New scan target types - Digital Ocean and Trend Micro Vision One.

Compliance Reporting Upgrade: Support for CIS Controls 8.1, NIST CSF v2.0, and ISO 27001:2022.

Improved Scan Accuracy: Better severity ratings and precision for domain scans.

Faster Workflows: Bulk tagging for scan targets and unlimited bulk execution of alert tasks.

⚠️ Deprecation Notice: Some API endpoints are already deprecated and will be removed on September 22, 2025

‍

💡 Why it matters

These updates bring:

More visibility into the security posture over time.

Broader risk coverage with additional platforms supported.

Stronger compliance alignment to meet evolving regulatory demands.

Sharper insights with more accurate scan results.

Greater efficiency to save time managing alerts and scan targets at scale.

Clear transition time to move away from deprecated API endpoints before removal.
‍

Zanshin evolves alongside you - giving you the clarity to spend less energy chasing risks and more time managing them with confidence.
‍

👉 Watch the video below to see Zanshin’s updates in action - or click through to our website for all the details.

‍

Updates | May, 2025

May 30, 2025

Exciting new features that will significantly enhance our product's capabilities have been released:

Scan Targets sharing settings

Crowdstrike Falcon and Microsoft Defender for Endpoint scanning support

New filters in Dashboards and Alerts Lists

Zanshin rule detection improvements

Navigation to Alerts is now restored

Scan Targets sharing settings

Now, each third-party organization (Following Organization) will be able to define which Scan Targets they share with which first-party organization (Follower Organization). This applies in several places in Zanshin:

During the creation of a new Scan Target, a sharing configuration allows to select the appropriate sharing type:

On the Scan Target details page, the Following Organization will be able to see the Tab “Tags and Sharing”, in order to view or edit the sharing type and the list of Follower Organizations that will have visibility on the corresponding Scan Target.

In the Follower Details page, the Following Organization is now able to select (by Scan Target Tag and Scan Target Name) the Scan Targets needed to be shared with the corresponding Follower Organization.

Domain Scan Targets visibility

Since the findings related to Domain Scan Targets are based on public data, they will now be visible to all licensed Organizations in Zanshin. This will provide a more streamlined way to showcase your domain’s security performance and compliance, and bring Zanshin in line with widespread industry practice. This allows your Organization to build trust and demonstrate security best practices to your customers and partners.

Crowdstrike Falcon and Microsoft Defender for Endpoint scanning support

Zanshin now supports scanning two additional platform types:

Crowdstrike Falcon: A cybersecurity platform that provides cloud-native endpoint protection, threat intelligence, and incident response services. You can find this Scan Target Type under the new section Security Tools in the Scan Targets Dashboard.

Microsoft Defender for Endpoint: An enterprise-grade endpoint security solution and a key component of the Microsoft Security suite. In Zanshin, the predefined security checks for Microsoft Defender are seamlessly executed as part of Microsoft 365 scans. This integration operates transparently, requiring no additional action from the user.

As usual, Zanshin will scan these platforms without ever having access to your sensitive data. We simply ask for the minimal set of permissions to review security-relevant settings to ensure you stay as safe as possible.

New filters available in Dashboard and Alerts lists

New filtering options were introduced in Zanshin to help you quickly find the most relevant information in your dashboards and alerts lists. These enhancements will provide greater control and efficiency when reviewing security data.

You can filter information by Scan Target Tags or Scan Target names (up to 10 items), in:

My Organization Alerts

Similarly, if you are monitoring your Following Organizations, you can now filter this dashboard by Following Organization Tags or Following Organization Names (up to 10 items).

Following Organization Alerts

Zanshin Rule detection improvements

We have introduced an enhancement in the "IP Address with bad reputation detected" Rule, in order to help identify potential threats and take proactive measures to protect the network and systems from malicious activities. As a result, new alerts may be triggered based on this enhanced detection capability.

Navigation to Alerts is now restored

We want to inform you that the Navigation to Alerts, which was previously impacted by an issue reported in January, has now been fully restored. You can once again drill-down seamlessly to the ‘Alerts List’ from Compliance KPIs and Dashboards, with preset filters applied for a more efficient experience.

‍

Recent Updates | April/25

April 23, 2025

I am thrilled to announce some exciting new features that will significantly enhance our product's capabilities:

Organization Score

IBM Cloud and Bitdefender scanning support

Please reach out to the Customer Success team to enable these new features for your organization immediately. In the next few days, you will be able to view your organization's score. However, to enable viewing the score of your third parties (Following Organizations), please contact the Customer Success team.

Organization Score

The Score is a comprehensive metric designed to provide an easy-to-understand assessment of an organization’s security posture. It is calculated by weighing a variety of factors based on the automated tests performed by Zanshin on your Scan Targets.

The design of the Score was a joint project between Tenchi Security's own engineering and data science teams supported by the deep expertise of the Cyentia Institute, one of the leading organizations globally in the application of data science to information security.

Our Score combines a variety of factors that take into account the number of active Alerts and their relative Severities; the age of the active Alerts and the timeliness with which the Organization has fixed Alerts historically; the number of Alerts that have been reopened; the relative density of Alerts based on the number of assets Zanshin sees during its scans.

The scoring system uses both a numerical and a letter scale. The numerical scale ranges from 1.0 to 10.0, where 1.0 is the lowest and 10.0 is the highest score. The letter scale consists of A, B, C, D, and F, where A is the highest and F is the lowest Score.

The Score that first-parties (Follower Organizations) see for their third-parties (Following Organizations) is determined by the specific Scan Target visibility of that relationship. If an Organization has ten Scan Targets but only shares three of them with a Follower, the Score that Follower sees is representative only of those three Scan Targets.

The Scores of third-parties are visible to first-party users across multiple pages within Zanshin, including the Following Dashboard, Organizations List and Organization Details pages:

The Following Dashboard below displays the score distribution of third-party organizations. It also identifies the five organizations with the highest and lowest Scores.

The list of Following Organizations below is displayed with their scores. The "Score" column can be sorted in ascending or descending order.

The Following Organization Details page also displays the Score, which is based on the Scan Targets that this Following organization shares with its Follower.

On the My Organization Dashboard, Zanshin organizations can now view their own Score, based on all their Scan Targets, and the Score distribution as seen by their Follower Organizations. Remember that the score may vary for Follower Organizations depending on which Scan Targets are shared with them:

The Followers page and Follower Organization Details page will display my Score as viewed by my Follower Organizations.

Domain Scan Targets creation

Tenchi will ensure that every organization has a Score by creating one or more Domain Scan Targets for any organization currently lacking one. Findings related to Domain Scan Targets are now visible to all licensed Zanshin Organizations, as they are based on public data, and they will also be used in the Score calculation.

IBM Cloud and Bitdefender scanning support

We’re excited to share that Zanshin now supports two new Scan Target types: IBM Cloud and Bitdefender! This update expands our platform’s capabilities, giving you even greater visibility into your third-party ecosystem and enabling more comprehensive risk assessments.

What’s New?

IBM Cloud: it is a leading enterprise cloud platform offering IaaS and PaaS solutions for building, running, and managing applications and services. With our new scanning support, Zanshin can now assess security configurations, helping you reduce risk across a broader range of infrastructure.

Bitdefender: it provides industry-leading cybersecurity solutions, including endpoint protection, detection and response, and threat prevention. By supporting Bitdefender as a scan target, Zanshin enables visibility into the security posture and alert status of third parties using this platform, enhancing your ability to monitor defenses against malware and advanced threats.

As usual, Zanshin will scan these platforms without ever having access to your sensitive data, simply asking for the minimal set of permissions to review security-relevant settings to ensure you stay as safe as possible.

‍

Recent product updates | March/25

March 17, 2025

We are reaching out to share exciting updates related to Domain Scan Targets in Zanshin, designed to enhance transparency, control, and overall user experience.

Why is this changing?

We are continuously working to improve your experience in Zanshin. These updates are designed to enhance visibility, accuracy, and user control over Domain Scan Targets, aligning our platform with industry best practices.

What is changing?

New modes for Domain Scan Targets

Changes to remove a Domain Scan Target

New modes for Domain Scan Targets

We have introduced two different modes for Domain Scan Targets. This information is shown on the Domain Scan Targets Details Page, under the Settings tab:

Managed Mode (Recommended)

Background Mode

Currently, all existing Domain Scan Targets are set to Managed mode. While you can switch from Managed mode to Background mode at any time, we strongly recommend keeping them in Managed mode for the most comprehensive and accurate monitoring.

Newly created Domain Scan Targets are initially set to Background mode. To enable Managed mode, we must validate the domain to confirm that your organization has control over it. This validation process is essential to verify domain ownership and ensure accurate monitoring.

Changes to remove Domain Scan Targets

As previously communicated, visibility for Domain Scan Targets has changed.

In alignment with the visibility of Domain Scan Targets, now users can no longer directly remove them. Instead, users can request to remove them. This request will be handled by our Customer Success Team, who will evaluate the case and communicate the outcome.

To facilitate this process, a new option “Why is this here?” is now available in the Scan Target list, for Domain Scan Targets.

Selecting this option will provide an explanation about why the Domain Scan Target is listed and offer a way to contact our Customer Success Team if you wish to proceed with a removal request:

Users can then proceed to submit a request to remove the Domain Scan Target:

This option is also available on the Domain Scan Targets Details Page, under the Settings tab:

‍