Attempting to prioritize vulnerabilities with CVSS (Common Vulnerability Scoring System) alone presents significant limitations. According to the National Vulnerability Database, there were 16,500 new vulnerabilities disclosed in 2018 alone, but only a small subset had a public exploit available and even fewer were actually leveraged by attackers. However, the majority of vulnerabilities scored through CVSS are rated 'high' or 'critical.' This creates an overload of high-priority vulnerabilities and one of the most difficult challenges organizations face today.
Predictive Prioritization addresses this industry-wide problem by re-prioritizing vulnerabilities based on the probability they willbe leveraged in an attack. Tenable.io now automatically displays a Vulnerability Priority Rating (VPR) that indicates the remediation priority of each flaw, along with VPR Key Drivers, which provide enhanced context into how scores are calculated. Both features are dynamic and change with the threat landscape, arming security teams with actionable insight into their true level of business risk.
"The release of Predictive Prioritization across Tenable's Cyber Exposure platform is the latest phase of our mission to redefine vulnerability management for the digital era. We're helping customers solve one of the most difficult challenges in the industry today," said Renaud Deraison, Co-Founder and Chief Technology Officer, Tenable. "Predictive Prioritization flips the advantage back to cyber defenders by telling them where they're exposed, to what extent and which vulnerabilities to focus on first. These are all critical components of an effective Cyber Exposure strategy."
This latest release follows the general availability of Predictive Prioritization in Tenable.sc (formerly SecurityCenter), making Tenable's Cyber Exposure platform the only one to provide predictive capabilities for on-premises and cloud deployments.