Tenable, the exposure management company, is debuting two new context-driven prioritization and response features—Vulnerability Intelligence (VI) and Exposure Response (ER). Available within Tenable Vulnerability Management, Tenable One, and Tenable Cloud Security, these new capabilities introduce the ability for enterprises to close vulnerability gaps based on contextualized internal and external data.
According to the Tenable Research Report, despite the National Vulnerability Database (NVD) having recorded almost 30,000 vulnerabilities threatening organizations in 2023, only 3% of vulnerabilities result in significant exposure. Only a small fraction of vulnerabilities poses drastic harm to enterprises, reflecting a larger trend: vulnerability management as a prioritization problem, according to Gavin Millard, VP of product management for vulnerability management at Tenable.
To combat this concerning reality, Tenable’s VI and ER capabilities combine detailed vulnerability information and context with comprehensive, action-based workflows to help enterprises overcome the most impactful exposure risks.
“The vast majority of vulnerabilities never get exploited, so focusing on the critical few allows security teams to concentrate their efforts on the risks that are most likely to be leveraged by attackers and hence, are more impactful,” explained Millard, “This targeted approach enhances efficiency by avoiding the inefficient 'whack-a-mole' scenario where every vulnerability is considered a priority.”
By utilizing 50 trillion data points from over 240,000 vulnerabilities in Tenable’s decades-in-the-making database, VI delivers crucial information regarding vulnerability history—including exploitation status, media mentions, and vulnerability score changes. VI implements natural language and advanced search capabilities that allow security teams to easily search for specific vulnerabilities by CVE number or common name, helping them navigate that critical 3% of impactful vulnerabilities.
Based on this plethora of vulnerability information, ER aids teams in prioritizing exposures based on criticality, as well as tracking remediation efforts against preset SLAs, tracking progress over time, and communicating value to stakeholders in business terms, according to Tenable.
“By integrating these solutions, enterprises gain a comprehensive understanding of their exposure landscape,” said Millard. “Vulnerability Intelligence prioritizes the vulnerabilities that need attention, while Exposure Response coordinates the response and remediation process. Together, they provide a closed-loop system for managing vulnerabilities that helps prioritize resources, reduce risks, and enhance the overall security of the organization.”
Other key features of Tenable VI and ER include:
- Threat landscape overview, curated by seven exposure risk categories that highlight which exposures and CVEs are actively being exploited and require further review
- Campaign-based initiatives that help enterprises streamline prioritization and mitigation efforts by focusing on targeted campaigns and business segments, additionally aiding in efficient resource usage
- Progress tracking and advanced reporting, designed to provide clear accountability and visibility into remediation efforts, as well as insights on vulnerability trends for better data-driven decision making and proactive security measures
“These new features signify a pivot in vulnerability management toward a more strategic and efficient methodology that prioritizes relevant threats, rapid response, and the optimization of security workflows. It represents a paradigm shift from reactive compliance to proactive, intelligence-driven security, which is essential in today's dynamic threat landscape,” concluded Millard.
To learn more about Tenable’s latest advancements, please visit https://www.tenable.com/.