STOCK TITAN

Tenable Enhances Nessus Risk Prioritization to Help Customers Expose and Close Exposures

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Neutral)
Tags

Tenable has announced new risk prioritization and compliance features for its Nessus vulnerability assessment solution. The enhancements include support for Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4, helping customers improve prioritization for risk reduction and maintain compliance. Tenable's Vulnerability Priority Rating (VPR) combines proprietary and third-party data to measure risk effectively.

Key features in this release include:

  • EPSS and CVSS v4 support for informed prioritization
  • Nessus Offline Mode for air-gapped environments
  • Declarative Agent Versioning On-Prem for managing agent profiles
These enhancements aim to address evolving threats and expanding attack surfaces, enabling organizations to identify and act on the most critical vulnerabilities in their specific environments.

Tenable ha annunciato nuove funzionalità di prioritizzazione del rischio e conformità per la sua soluzione di valutazione delle vulnerabilità Nessus. I miglioramenti includono il supporto per il Exploit Prediction Scoring System (EPSS) e il Common Vulnerability Scoring System (CVSS) v4, aiutando i clienti a migliorare la prioritizzazione per la riduzione del rischio e mantenere la conformità. Il Vulnerability Priority Rating (VPR) di Tenable combina dati proprietari e di terze parti per misurare efficacemente il rischio.

Le principali caratteristiche di questa release includono:

  • Supporto EPSS e CVSS v4 per una prioritizzazione informata
  • Modalità Offline di Nessus per ambienti isolati
  • Versionamento Dichiarativo degli Agenti On-Prem per la gestione dei profili degli agenti
Questi miglioramenti mirano a affrontare le minacce in evoluzione e le superfici di attacco in espansione, consentendo alle organizzazioni di identificare e agire sulle vulnerabilità più critiche nei loro ambienti specifici.

Tenable ha anunciado nuevas funciones de priorización de riesgos y cumplimiento para su solución de evaluación de vulnerabilidades Nessus. Las mejoras incluyen soporte para el Exploit Prediction Scoring System (EPSS) y el Common Vulnerability Scoring System (CVSS) v4, ayudando a los clientes a mejorar la priorización para la reducción de riesgos y mantener el cumplimiento. La Vulnerability Priority Rating (VPR) de Tenable combina datos propios y de terceros para medir el riesgo de manera efectiva.

Las características clave de esta versión incluyen:

  • Soporte para EPSS y CVSS v4 para una priorización informada
  • Modo Offline de Nessus para entornos aislados
  • Versionado Declarativo de Agente On-Prem para la gestión de perfiles de agente
Estas mejoras tienen como objetivo abordar las amenazas en evolución y las superficies de ataque en expansión, permitiendo a las organizaciones identificar y actuar sobre las vulnerabilidades más críticas en sus entornos específicos.

Tenable은 Nessus 취약점 평가 솔루션을 위한 새로운 위험 우선순위 지정 및 준수 기능을 발표했습니다. 이번 개선 사항에는 Exploit Prediction Scoring System (EPSS)Common Vulnerability Scoring System (CVSS) v4에 대한 지원이 포함되어 있어, 고객이 위험 감소를 위한 우선순위 지정을 개선하고 준수를 유지하는 데 도움을 줍니다. Tenable의 Vulnerability Priority Rating (VPR)은 독자적인 데이터와 제3자 데이터를 결합하여 위험을 효과적으로 측정합니다.

이번 릴리스의 주요 기능은 다음과 같습니다:

  • 정보에 입각한 우선순위 지정을 위한 EPSS 및 CVSS v4 지원
  • 공기 차단 환경을 위한 Nessus 오프라인 모드
  • 에이전트 프로필 관리를 위한 온프레미스 선언적 에이전트 버전 관리
이 개선 사항은 진화하는 위협과 확장하는 공격 표면에 대응하기 위해 설계되어, 조직이 특정 환경 내에서 가장 중요한 취약점을 식별하고 조치를 취할 수 있도록 지원합니다.

Tenable a annoncé de nouvelles fonctionnalités de priorisation des risques et de conformité pour sa solution d'évaluation des vulnérabilités Nessus. Les améliorations incluent le support pour le Exploit Prediction Scoring System (EPSS) et le Common Vulnerability Scoring System (CVSS) v4, aidant les clients à améliorer la priorisation pour la réduction des risques et à maintenir la conformité. Le Vulnerability Priority Rating (VPR) de Tenable combine des données propriétaires et de tiers pour mesurer efficacement le risque.

Les principales fonctionnalités de cette version comprennent:

  • Support EPSS et CVSS v4 pour une priorisation éclairée
  • Mode Hors Ligne de Nessus pour des environnements cloisonnés
  • Versionnement Déclaratif de l'Agent sur Site pour la gestion des profils d'agents
Ces améliorations visent à répondre aux menaces évolutives et aux surfaces d'attaque en expansion, permettant aux organisations d'identifier et d'agir sur les vulnérabilités les plus critiques dans leurs environnements spécifiques.

Tenable hat neue Risikopriorisierungs- und Compliance-Funktionen für seine Nessus-Schwachstellenbewertungslösung angekündigt. Die Verbesserungen umfassen die Unterstützung für das Exploit Prediction Scoring System (EPSS) und das Common Vulnerability Scoring System (CVSS) v4, was den Kunden hilft, die Priorisierung zur Risikominderung zu verbessern und die Compliance aufrechtzuerhalten. Tenables Vulnerability Priority Rating (VPR) kombiniert proprietäre und Drittanbieterdaten, um das Risiko effektiv zu messen.

Die wichtigsten Funktionen dieses Releases sind:

  • EPSS- und CVSS-v4-Unterstützung für informierte Priorisierung
  • Nessus Offline-Modus für luftdicht abgeschottete Umgebungen
  • Deklaratives Agenten-Management On-Prem für die Verwaltung von Agentenprofilen
Diese Verbesserungen zielen darauf ab, sich entwickelnden Bedrohungen und erweiterten Angriffsflächen Rechnung zu tragen, sodass Organisationen die kritischsten Schwachstellen in ihren spezifischen Umgebungen identifizieren und darauf reagieren können.

Positive
  • Integration of EPSS and CVSS v4 into Nessus for improved risk prioritization
  • Introduction of Nessus Offline Mode for secure scanning in air-gapped environments
  • Addition of Declarative Agent Versioning On-Prem for better agent profile management
  • Tenable VPR combines proprietary and third-party data for effective risk measurement
Negative
  • None.

Insights

Tenable's enhancement of Nessus with EPSS and CVSS v4 support is a significant development in vulnerability management. This integration allows for more nuanced risk assessment, potentially improving the efficiency of security operations. The addition of offline mode for air-gapped environments addresses a important need in high-security sectors.

However, it's important to note that while these scoring systems provide valuable insights, they shouldn't be used in isolation. Tenable's approach of combining multiple scoring systems with their proprietary VPR could offer a more comprehensive risk picture. The statistic that only 3% of vulnerabilities frequently result in impactful exposure underscores the importance of context-aware prioritization.

For investors, this update signals Tenable's commitment to staying at the forefront of vulnerability management technology, potentially strengthening its market position.

The new features in Tenable Nessus are particularly relevant for organizations striving to maintain regulatory compliance. The support for EPSS and CVSS v4 aligns with industry standards and could help businesses meet specific compliance requirements more easily. This is especially important as regulatory bodies increasingly focus on cybersecurity measures.

The declarative agent versioning feature for on-premises deployments is a noteworthy addition. It allows for better control over software versions, which is often a key aspect of compliance audits. This feature can help organizations adhere to change control policies, potentially reducing compliance-related risks.

From a compliance perspective, these updates position Tenable favorably in the market, potentially attracting clients who prioritize adherence to regulatory standards in their cybersecurity strategies.

Integration of EPSS into Tenable exposure solutions ensures compliance and accelerates prioritization efforts

COLUMBIA, Md., Sept. 04, 2024 (GLOBE NEWSWIRE) -- Tenable®, the exposure management company, today announced new risk prioritization and compliance features for Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems—Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4—to help customers implement more effective prioritization for risk reduction and maintain compliance.

Due to evolving threats and expanding attack surfaces, organizations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems—EPSS and CVSS v4—and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyzes Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.

“EPSS and CVSS are single variables in the risk equation—context around exposures delivers a deeper level of understanding around true risk,” said Shai Morag, chief product officer, Tenable. “Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimized Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritization strategies to address these critical few.”

Key features in this release include:

  • EPSS and CVSS v4 Support enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritization strategy. This feature enables security teams to remain compliant with organizational policies that require the use of EPSS or CVSS as the primary scoring system.
  • Nessus Offline Mode addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
  • Declarative Agent Versioning On-Prem enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.

Learn more about vulnerability and risk scoring by checking out the Inaugural Study of EPSS Data and Performance developed by Cyentia Institute and the Forum of Incident Response and Security Teams (FIRST).

Join the upcoming Tenable webinar titled, From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurity on September 12, 2024 at 2:00 pm ET, by registering here.

Tenable Nessus is available as a standalone product and is included in Tenable Security Center and Tenable Vulnerability Management. More information on Tenable Nessus is available at: https://www.tenable.com/products/nessus

About Tenable
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for more than 44,000 customers around the globe. Learn more at tenable.com.

Media Contact:
Tenable
tenablepr@tenable.com


FAQ

What new features has Tenable (TENB) added to Nessus in September 2024?

Tenable has added support for EPSS and CVSS v4 scoring systems, introduced Nessus Offline Mode for air-gapped environments, and implemented Declarative Agent Versioning On-Prem for managing agent profiles in Nessus Manager for Tenable Security Center.

How does Tenable's Vulnerability Priority Rating (VPR) work in Nessus?

Tenable VPR uses an advanced data science algorithm to combine and analyze Tenable proprietary vulnerability data, third-party vulnerability data, and threat data to effectively measure risk and inform prioritization strategies.

What percentage of vulnerabilities result in impactful exposure according to Tenable Research?

According to recent Tenable Research, only 3% of vulnerabilities most frequently result in impactful exposure, highlighting the importance of effective vulnerability prioritization.

When is Tenable (TENB) hosting a webinar on predictive scoring for cybersecurity?

Tenable is hosting a webinar titled 'From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurity' on September 12, 2024, at 2:00 pm ET.

Tenable Holdings, Inc.

NASDAQ:TENB

TENB Rankings

TENB Latest News

TENB Stock Data

4.92B
118.04M
1.74%
93.13%
3.14%
Software - Infrastructure
Services-prepackaged Software
Link
United States of America
COLUMBIA