Without context more data becomes as useful as counting stars on a clear night in the desert. Too much; can’t comprehend. Such is the state of cybersecurity.
Tenable has released a couple of new capabilities to its portfolio using understanding of its vast data to provide context to users seeking to find real vulnerabilities in their systems.
First up, two definitions that Tenable provided (and I hate shortened words):
- Vulnerability Intelligence: brings together a vast number of sources pulled from decades of vulnerability data collection to streamline analysis and help security teams quickly understand the important details
- Exposure Response: prioritizes vulns and exposures based on criticality, monitors remediation trends, tracks progress and communicates value to stakeholders in business terms
Tenable, the Exposure Management company, announced August 5 the release of Vulnerability Intelligence and Exposure Response, two powerful context-driven prioritization and response features available in Tenable Vulnerability Management and Tenable One, and accessible through Tenable Cloud Security. The combined power of these features contextualizes vulnerability data from internal and external sources, enabling organizations to close the exposures that pose the greatest risks to their businesses.
Those of us in process control have dealt with the problem of too many alarms demanding response, many of which are not critical. Tools that evaluate context have alleviated pain for a generation of operators. Similarly, Tenable’s research reveals a similar lack of context driving problems.
Cybersecurity teams are inundated with troves of fragmented vulnerability and threat intelligence data. The lack of contextualization exacerbates their ability to effectively prioritize remediation efforts. Tenable Research reveals that only 3% of vulnerabilities most frequently result in impactful exposure. In addition, traditional tools lack comprehensive reporting, making it difficult to track progress, identify areas where teams may need additional support and communicate status to stakeholders.
Therefore introducing these new capabilities that allow customers to pinpoint these key vulnerabilities with rich context, curated by Tenable Research, and close risky exposures.
“Without threat context and research insights, every vulnerability is a priority, creating a high-stress, low efficiency whack-a-mole scenario for security teams,” said Tenable’s Gavin Millard, VP of product management for Vulnerability Management. “Tenable is unleashing more than two decades of carefully curated exposure data to enable security teams to focus on the risk that matters most to their organization and communicate succinctly to stakeholders. The enriched intelligence and contextualization takes prioritization and response to a new level, providing security teams with the critical data needed to identify and reduce risk.”
Cybersecurity companies are also watching you—for a good reason.
In the last two decades, Tenable has collected and analyzed 50 trillion data points on more than 240,000 vulnerabilities, capturing detailed vulnerability information and deep context. This enriched database supercharges Tenable Vulnerability Intelligence, enabling efficient proactive defense. Backed by the expertise of Tenable Research, Vulnerability Intelligence integrates comprehensive vulnerability sources, streamlining data analysis and enabling security teams to quickly understand vulnerability details. With comprehensive, action-oriented workflows from Exposure Response, security teams can prioritize asset exposures based on criticality, monitor remediation trends against SLAs and track progress against desired outcomes. This helps them to ensure resources are used efficiently, reduces risk and communicates value to stakeholders in business terms.
Vulnerability Intelligence and Exposure Response are available to Tenable Vulnerability Management and Tenable One customers, empowering proactive security for the modern enterprise. Vulnerability Intelligence is also accessible directly from Tenable Cloud Security.
Key features include:
- Threat Landscape Overview – Seven curated exposure risk categories provide a unique way to proactively surface key exposures that warrant further review by highlighting CVEs under CISA known exploits, active exploitation, ransomware campaigns, emerging threats in the news and more.
- Natural Language and Advanced Search – Easy to use search function that enables security teams to search for specific vulnerabilities by CVE number or common name, review distilled knowledge available on a vulnerability and surface impacted assets quickly. Buildable advanced query that enables security teams to zero in on high-impact vulnerabilities by identifying groups of vulnerabilities based on VPR key drivers, common vulnerability scoring system (CVSS) metrics and Tenable Research metadata.
- Campaign-Based Initiatives: Targeted campaigns and business segments using an end-to-end workflow that streamlines prioritization and mitigation of critical vulnerabilities, ensuring efficient use of resources and improved security outcomes.
- Progress Tracking and Advanced Reporting: Advanced reporting capabilities provides clear accountability and visibility into remediation efforts and detailed reports on vulnerability trends, empowering data-driven decision-making and proactive security improvements, such as identifying bottlenecks, assisting with resource allocation and facilitating data-driven decisions.
