Tenable.io and Tenable Lumin combine to measure and manage cyber risk across attack surfaces. Together, they translate data into actionable metrics that help analysts focus resources, prioritize risks and ultimately minimize the impact of risk. In addition, they continuously evaluate converged attack surfaces to communicate what assets exist in an environment and where those assets are located.
This solution integrates seamlessly with Nessus for optimal scanning. The scanning process is so simple that configuring scans is intuitive and easy.
Maintenance facilitates the process of configuring and adjusting scans by issuing the criticality of assets.
Instead of using CVSS-based scoring alone, Tenable combines Asset Criticality Rating (ACR) and Vulnerability Priority Rating (VPR) to re-prioritize assets based on the business risk and exploitation potential of each flaw. ACR further simplifies the prioritization process by using algorithms to score asset criticality automatically. This algorithm considers business, device type, connectivity, capabilities and third-party data. VPR leverages machine learning and threat intelligence to predict the vulnerabilities most likely to attack.
The dashboards place vulnerabilities with more criticality at the forefront and then position less critical incidents, guiding analysts’ focus to those assets that require immediate attention. Analysts can easily customize these dashboards using the library of widgets, filters and custom searches. The vulnerability priority ranking filter is a valuable feature that shows an overview of vulnerabilities that analysts can filter to search for specific criteria. The main dashboard gives a snapshot view of cyber exposure across the entire organization.
Unlike some of the other solutions they evaluated, Tenable.io and Tenable Lumin provide dashboard views and filters that help users create graphical, customizable and exportable reports. Users can also choose from several, predefined reports.
The platform quantifies cyber risk and optimizes vulnerability management by leveraging threat intelligence gathered through extensive research for coverage, accuracy and to address attacks from day zero. This solution specializes in risk prediction that then prioritizes and automates asset criticality on a large scale.
Pricing is based on the number of assets assessed by the solution. Organizations also have access to a knowledge base.
SCMagazine.com, May 2020 – www.scmagazine.com