Effective 16 April, Predictive Prioritization, the ground-breaking new functionality for solving the vulnerability prioritization problem, will be available in Tenable.io. Predictive Prioritization re-prioritizes vulnerabilities based on the probability that a vulnerability will be leveraged in an attack. Predictive Prioritization combines over 150 data sources, including Tenable vulnerability data and third-party vulnerability and threat data, leveraging a proprietary machine learning algorithm to identify the vulnerabilities with the highest likelihood of exploitability within the short-term future. With Predictive Prioritization, organizations can dramatically improve their remediation efficiency and effectiveness by focusing first on the 3% of vulnerabilities that have been or will likely be exploited.
How it works
Directly within Tenable.io, a Vulnerability Priority Rating (VPR) is automatically displayed for each vulnerability based on the output of Predictive Prioritization, indicating the remediation priority of the vulnerability. VPR is a dynamic value and changes with the threat landscape, enabling organizations to focus on remediating the vulnerabilities with the highest likelihood of being leveraged in a cyber attack.
By taking a predictive and threat-based approach to vulnerability remediation, organizations can expect an approximate 97% reduction in the number of critical and high vulnerabilities they need to patch first, focusing on the issues that matter most to their organization and improving the efficiency of scarce security personnel and budget resources.
Key VPR Features: Tenable.io vs Tenable.sc
While the VPR experience is largely the same across Tenable.sc and Tenable.io, there are a couple of important new capabilities to highlight:
• New VPR context will be provided in the vulnerability details overview (available at VPR GA). Instead of only providing a VPR score, Tenable.io will also include "VPR Key Drivers" that provide important context into how the score was calculated. These drivers include: CVSSv3 impact score, threat recency, threat intensity, exploit code maturity, age of the vulnerability, product coverage, and threat sources. VPR Key Drivers will also be available shortly in a forthcoming release of Tenable.sc.
• Sort vulnerabilities by VPR score (available at VPR GA). Tenable.io users can quickly sort through vulnerabilities by VPR severity in the vulnerabilities overview summary to understand and investigate the full list of high risk vulnerabilities.
• Customizable dashboards in Tenable.io will include filters based on VPR (available in late April after VPR GA). Organizations can create custom widgets or use the VPR widget in the widget library to create tailored reporting based on VPR to meet specific needs. Tenable.io leverages a self-service model to allow for customers to create their own dashboards and resulting PDF reports.
The following resources are available to assist you in understanding, positioning and selling Tenable.io with Predictive Prioritization:
• Sales Resources (should not be shared with customers)
- April 24 Tenable Talk Webcast at 11 AM ET/15:00 GMT - Register to attend
Predictive Prioritization Playbook
Tenable.sc Continuous View Datasheet
Predictive Prioritization FAQs
• Customer Resources
- Press Release: Tenable Announces General Availability of Industry’s First Predictive Prioritization Innovation
- Blog: Predictive Prioritization is now available in Tenable-io
Web Page: Predictive Prioritization
Whitepapers and eBooks:
>> Ebook: 3 Things You Need to Know About Prioritizing Vulnerabilities
>> Business Whitepaper: How to Focus on the Vulnerabilities That Matter Most
>> Technical Whitepaper: Data Science Lets You Focus on the 3% of Vulnerabilities Likely to Be Exploited
Presentation: Predictive Prioritization