Tenable Earns SC Media’s Highest Rating for Risk-Based Vulnerability Management
SC Media recently conducted comprehensive product reviews of Tenable.io and Tenable Lumin, assessing them based on SC Labs’ standards of overall performance, ease of use, features, documentation, support and value for the money.
We’re proud to announce that SC Media awarded Tenable.io and Tenable Lumin their 5-star rating — the highest possible — after testing the products against approximately 50 individual criteria. Tenable received high marks in every category and the reviewer highlighted the value of Tenable going beyond CVSS-only scoring to include extensive contextual data.
From SC Media. ©2020 CyberRisk Alliance, LLC. All rights reserved. Used under license.
In addition to CVSS, Tenable correlates and analyzes other essential security data to determine the vulnerability priority rating (VPR) for each vulnerability, based on the full context surrounding those vulnerabilities. In addition, the asset criticality rating (ACR) determines the importance of each affected asset to the organization, so security teams can understand each vulnerability in terms of the specific risk they pose to their business.
SC Media’s review highlights numerous Tenable advantages, including:
- Dynamic discovery. “[Tenable.io and Tenable Lumin] continuously assess converged attack surfaces to communicate what assets exist in an environment and where such assets are located.”
- Full-context assessment. “Instead of using only CVSS-based scoring, Tenable combines Asset Criticality Rating (ACR) and Vulnerability Priority Rating (VPR) to reprioritize assets according to business risk and each flaw’s potential for exploitation.”
- Risk-based prioritization. “[The Tenable] solution specializes in risk prediction that then prioritizes and automates asset criticality on a broad scale.”
The reviewer also called out Tenable’s capabilities that help teams prioritize the vulnerabilities that matter most. Not only is this one of our key strengths, it’s really at the core of everything we do. We’re all about helping teams focus on the assets and vulnerabilities that matter most, so they can reduce the greatest amount of business risk with the least amount of effort. To that end, we employ machine learning models that automatically combine vulnerability data with threat and exploit intelligence, as well as asset criticality, to predict each vulnerability’s impact on the organization. With all of this, security teams know exactly which vulnerabilities pose the most risk, so they can focus on those first while deprioritizing the vulns that are unlikely to ever be exploited.
And finally, the piece the reviewer mentioned that is too frequently overlooked in a vulnerability management solution is reporting. It’s arguably one of the most important aspects, yet too many VM vendors don’t do it very well. Without rock-solid reporting capabilities, you have no way to effectively communicate the team’s efficiency – to gain and maintain management’s confidence in your abilities. This helps keep you out of firefighting mode so you can focus on the vulnerabilities that pose the most risk to the organization.
Read the review to learn more about SC Media’s assessment of Tenable.
Related Articles
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
September 26, 2024Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26.
Secure Your Sprawling Attack Surface With Risk-based Vulnerability Management
August 27, 2024The cloud, artificial intelligence (AI), machine learning and other technological breakthroughs are radically changing the modern work environment. New assets and services offer increased flexibility, growth potential and access to more resources. However, they also introduce new security risks. Managing vulnerabilities across this ever-expanding threat landscape requires a risk-based approach beyond point solutions and reactive patch management.
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- Vulnerability Management