sb-nz logo
Story image

Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach

18 Apr 2019

Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.

The solution claims that helps organisations reduce their business risk by focusing on the top 3% of security vulnerabilities that are most likely to be exploited.

The entire process of prioritising vulnerabilities with the Common Vulnerability Scoring System, otherwise known as CVSS, is often limited. The majority of vulnerabilities rated by the system are ‘high’ or ‘critical’, which can lead to an overload of high-priority vulnerabilities – a challenge for security teams.

Additionally, according to the National Vulnerability Database there were 16,500 new vulnerabilities disclosed in 2018 alone. Only a small subset had a public exploit available and even fewer were actually leveraged by attackers.

Tenable decided to take a different approach to vulnerability prioritisation. Predictive Prioritisation addresses this industry-wide problem by re-prioritising vulnerabilities based on the probability they will be leveraged in an attack. 

''The release of Predictive Prioritisation across Tenable's Cyber Exposure platform is the latest phase of our mission to redefine vulnerability management for the digital era. We're helping customers solve one of the most difficult challenges in the industry today,'' says Tenable’s cofounder and chief technology officer, Renaud Deraison.

“Predictive prioritisation flips the advantage back to cyber defenders by telling them where they're exposed, to what extent and which vulnerabilities to focus on first. These are all critical components of an effective Cyber Exposure strategy.''

Tenable.io now automatically displays a Vulnerability Priority Rating (VPR) that indicates the remediation priority of each flaw, along with VPR Key Drivers, which provide enhanced context into how scores are calculated. Both features are dynamic and change with the threat landscape, arming security teams with actionable insight into their true level of business risk.

This latest release follows the general availability of Predictive Prioritisation in Tenable.sc (formerly SecurityCenter), making Tenable's Cyber Exposure platform the only one to provide predictive capabilities for on-premises and cloud deployments.

Tenable was recently named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment (VA). 

“Thank you to all the customers who took the time to share their experiences working with Tenable, and for trusting us to help them accelerate their Cyber Exposure journeys to reduce their cybersecurity risk,” says Tenable cofounder Jack Huffard.

“At Tenable, our customers are at the heart of what we do, so we’re delighted to be recognised as a Customers’ Choice.”

Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Cloud services top threat vector for healthcare industry
"The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organisations face."More
Story image
Fujitsu, Trend Micro team up to secure private 5G
"We believe that this security solution represents a key technology for applying private 5G to mission-critical areas."More
Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More