SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Tenable Nessus introduces new risk prioritisation features

Thu, 5th Sep 2024

Tenable has announced the introduction of new risk prioritisation and compliance features to its Tenable Nessus solution, focusing on enhancing vulnerability management for its customers. By integrating the Exploit Prediction Scoring System (EPSS) and the updated Common Vulnerability Scoring System (CVSS) v4 into their platform, Tenable aims to improve the efficiency of vulnerability prioritisation and ensure compliance.

With the constant evolution of threats and expanding attack surfaces, many organisations have struggled to rely solely on multiple risk scoring systems, which often fall short as effective risk qualifiers. The new features in Tenable Nessus utilise the latest industry-adopted vulnerability scoring systems, including EPSS and CVSS v4, in conjunction with Tenable's Vulnerability Priority Rating (VPR), to identify and address vulnerabilities posing the highest risks specific to each environment. These enhancements are built on a sophisticated data science algorithm developed by Tenable Research, combining proprietary and third-party vulnerability data with threat data for comprehensive risk analysis.

"EPSS and CVSS are single variables in the risk equation – context around exposures delivers a deeper level of understanding of true risk," said Shai Morag, chief product officer, Tenable. "Recent Tenable Research found that only 3% of vulnerabilities most frequently result in impactful exposure. We've optimised Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritisation strategies to address these critical few."

The key features included in the recent update of Tenable Nessus are:

- **EPSS and CVSS v4 Support**: This feature allows users to view and filter plugins by EPSS and CVSS v4 scores, enhancing the prioritisation strategy. It ensures compliance with organisational policies that mandate the use of EPSS or CVSS as primary scoring systems.

- **Nessus Offline Mode**: This feature caters to the requirement for conducting vulnerability scans in air-gapped environments. Nessus Offline Mode builds on current offline scanning capabilities by running critical services only and eliminating unwanted traffic from functions requiring an active internet connection. This change aims to secure sensitive data within isolated environments.

- **Declarative Agent Versioning On-Prem**: This feature permits users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment to reduce operational disruptions and adhere to enterprise change control policies.

The enhanced risk prioritisation and compliance features in Tenable Nessus are designed to help customers achieve better security outcomes by focusing their resources on vulnerabilities that pose the greatest threat. By integrating these advanced scoring systems, Tenable seeks to provide a more contextual understanding of risk, thereby supporting more targeted and efficient remediation efforts.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X