IT Brief India - Technology news for CIOs & IT decision-makers
India
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Cybersecurity
#
Risk & Compliance
#
Common Vulnerability Scoring System

Tenable Nessus introduces new risk prioritisation features

Thu, 5th Sep 2024
Author image
By Imee Dequito, Editor

Tenable has announced the introduction of new risk prioritisation and compliance features to its Tenable Nessus solution, focusing on enhancing vulnerability management for its customers. By integrating the Exploit Prediction Scoring System (EPSS) and the updated Common Vulnerability Scoring System (CVSS) v4 into their platform, Tenable aims to improve the efficiency of vulnerability prioritisation and ensure compliance.

With the constant evolution of threats and expanding attack surfaces, many organisations have struggled to rely solely on multiple risk scoring systems, which often fall short as effective risk qualifiers. The new features in Tenable Nessus utilise the latest industry-adopted vulnerability scoring systems, including EPSS and CVSS v4, in conjunction with Tenable's Vulnerability Priority Rating (VPR), to identify and address vulnerabilities posing the highest risks specific to each environment. These enhancements are built on a sophisticated data science algorithm developed by Tenable Research, combining proprietary and third-party vulnerability data with threat data for comprehensive risk analysis.

“EPSS and CVSS are single variables in the risk equation – context around exposures delivers a deeper level of understanding of true risk,” said Shai Morag, chief product officer, Tenable. “Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimised Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritisation strategies to address these critical few."

The key features included in the recent update of Tenable Nessus are:

- **EPSS and CVSS v4 Support**: This feature allows users to view and filter plugins by EPSS and CVSS v4 scores, enhancing the prioritisation strategy. It ensures compliance with organisational policies that mandate the use of EPSS or CVSS as primary scoring systems.

- **Nessus Offline Mode**: This feature caters to the requirement for conducting vulnerability scans in air-gapped environments. Nessus Offline Mode builds on current offline scanning capabilities by running critical services only and eliminating unwanted traffic from functions requiring an active internet connection. This change aims to secure sensitive data within isolated environments.

- **Declarative Agent Versioning On-Prem**: This feature permits users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment to reduce operational disruptions and adhere to enterprise change control policies.

The enhanced risk prioritisation and compliance features in Tenable Nessus are designed to help customers achieve better security outcomes by focusing their resources on vulnerabilities that pose the greatest threat. By integrating these advanced scoring systems, Tenable seeks to provide a more contextual understanding of risk, thereby supporting more targeted and efficient remediation efforts.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Radware reports web DDoS attack activity
Hiding in plain sight – How attackers conceal malware in everyday web resources
Oracle boosts Guardian Life's finance operations with AI ERP
Report: genAI rapidly advancing in cybersecurity operations
Pure Global launches innovative MedTech resource centre
Top stories
Titans of Tech - Kip Compton of Fastly
Cloudera unveils six new AMPs to accelerate AI adoption
Cohesity & CrowdStrike expand partnership for advanced cybersecurity
The one BYOD security solution every enterprise needs (but isn’t using)
Salesforce unveils Agentforce: autonomous AI for productivity