Tenable has announced new Predictive Prioritization capabilities within Tenable.io and Tenable.sc, for vulnerability management in the cloud and on-premises. Depending on the issuing software vendor, a significant lag may exist between when a vulnerability is publicly announced and when it appears in the NVD. Furthermore, organizations often rely on NVD’s severity rating to prioritize remediation efforts. This delay creates a Cyber Exposure gap where security teams are unable to accurately identify which new vulnerabilities pose the greatest risk to the business.
Tenable’s Cyber Exposure platform now addresses this problem by automatically prioritizing vulnerabilities prior to publication in the NVD, ultimately reducing lag and accelerating remediation time. The company’s ground-breaking Predictive Prioritization innovation analyzes Tenable vulnerability data combined with third-party vulnerability data, threat intelligence and vendor security advisories using data science to predict the likelihood a vulnerability will be exploited in the near future.
The resulting Vulnerability Priority Rating (VPR) indicates the remediation priority of each flaw and provides organizations with a head start in reducing their exposure to cyber risk. Furthermore, VPR scores are dynamic and change with the threat landscape, arming security teams with actionable insight into their true level of business risk.
“The lag time between when a vulnerability is first disclosed and when it’s published in the NVD inhibits an organization’s ability to manage its exposure with risk-based metrics,” said Renaud Deraison, CTO, Tenable. “The latest functionality in Predictive Prioritization gives security teams a head start in reducing their organization’s cyber exposure, providing them with the actionable insight needed to focus on the vulnerabilities that matter most.”
Predictive Prioritization with the new pre-NVD ratings is available for both Tenable.io and Tenable.sc (formerly SecurityCenter).