sb-as logo
Story image

Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach

18 Apr 2019

Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.

The solution claims that helps organisations reduce their business risk by focusing on the top 3% of security vulnerabilities that are most likely to be exploited.

The entire process of prioritising vulnerabilities with the Common Vulnerability Scoring System, otherwise known as CVSS, is often limited. The majority of vulnerabilities rated by the system are ‘high’ or ‘critical’, which can lead to an overload of high-priority vulnerabilities – a challenge for security teams.

Additionally, according to the National Vulnerability Database there were 16,500 new vulnerabilities disclosed in 2018 alone. Only a small subset had a public exploit available and even fewer were actually leveraged by attackers.

Tenable decided to take a different approach to vulnerability prioritisation. Predictive Prioritisation addresses this industry-wide problem by re-prioritising vulnerabilities based on the probability they will be leveraged in an attack. 

''The release of Predictive Prioritisation across Tenable's Cyber Exposure platform is the latest phase of our mission to redefine vulnerability management for the digital era. We're helping customers solve one of the most difficult challenges in the industry today,'' says Tenable’s cofounder and chief technology officer, Renaud Deraison.

“Predictive prioritisation flips the advantage back to cyber defenders by telling them where they're exposed, to what extent and which vulnerabilities to focus on first. These are all critical components of an effective Cyber Exposure strategy.''

Tenable.io now automatically displays a Vulnerability Priority Rating (VPR) that indicates the remediation priority of each flaw, along with VPR Key Drivers, which provide enhanced context into how scores are calculated. Both features are dynamic and change with the threat landscape, arming security teams with actionable insight into their true level of business risk.

This latest release follows the general availability of Predictive Prioritisation in Tenable.sc (formerly SecurityCenter), making Tenable's Cyber Exposure platform the only one to provide predictive capabilities for on-premises and cloud deployments.

Tenable was recently named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment (VA). 

“Thank you to all the customers who took the time to share their experiences working with Tenable, and for trusting us to help them accelerate their Cyber Exposure journeys to reduce their cybersecurity risk,” says Tenable cofounder Jack Huffard.

“At Tenable, our customers are at the heart of what we do, so we’re delighted to be recognised as a Customers’ Choice.”

Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Protegrity rolls out updates to data protection platform
Protegrity has updated its Protegrity Data Protection Platform to better secure sensitive data in hybrid-cloud, multi-cloud and SaaS environments.More
Story image
Unbound seeks channel growth with new partner programme
Those who sign up will have access to Unbound’s security solutions, sales and partner enablement, deal registration and partner portal.More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
The business case for an in-house ethical hacker
Ethical hackers, also known as penetration testers or white-hat hackers, mimic the techniques used by malicious hackers to try and break into computer systems and discover vulnerabilities before the bad guys can exploit them.More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More