Tenable, the cyberexposure company, has announced Predictive Prioritization is now generally available within Tenable.io – its cloud-based vulnerability management platform and a core component of the Tenable Cyber Exposure platform.
Predictive Prioritization is a ground-breaking innovation for solving the vulnerability prioritisation problem, enabling organisations to dramatically improve their remediation efforts by focusing on the 3% of vulnerabilities that are most likely to be exploited.
Attempting to prioritise vulnerabilities with CVSS (Common Vulnerability Scoring System) alone presents significant limitations.
According to the National Vulnerability Database, there were 16,500 new vulnerabilities disclosed in 2018 alone, but only a small subset had a public exploit available and even fewer were actually leveraged by attackers.
However, the majority of vulnerabilities scored through CVSS are rated ‘high’ or ‘critical.’ This creates an overload of high-priority vulnerabilities and one of the most difficult challenges organisations face today.
Predictive Prioritization addresses this industry-wide problem by re-prioritising vulnerabilities based on the probability they will be leveraged in an attack.
Tenable.io now automatically displays a Vulnerability Priority Rating (VPR) that indicates the remediation priority of each flaw, along with VPR Key Drivers, which provide enhanced context into how scores are calculated. Both features are dynamic and change with the threat landscape, arming security teams with actionable insight into their true level of business risk.
“The release of Predictive Prioritization across Tenable’s Cyber Exposure platform is the latest phase of our mission to redefine vulnerability management for the digital era. We’re helping customers solve one of the most difficult challenges in the industry today,” said Renaud Deraison, co-founder and Chief Technology Officer, Tenable.
“Predictive Prioritization flips the advantage back to cyberdefenders by telling them where they’re exposed, to what extent and which vulnerabilities to focus on first. These are all critical components of an effective cyberexposure strategy.”