Tenableยฎ, the exposure management company, today announced new risk prioritisation and compliance features forย Tenable Nessus, the #1 vulnerability assessment solution in accuracy, coverage and adoption. Nessus supports new and updated vulnerability scoring systems โ Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4 โ to help customers implement more effective prioritisation for risk reduction and maintain compliance.
Due to evolving threats and expanding attack surfaces, organisations rely on multiple risk scoring systems, which are not effective risk qualifiers on their own to determine criticality. With Tenable Nessus, customers can take advantage of the latest industry-adopted vulnerability scoring systems โ EPSS and CVSS v4 โ and Tenable Vulnerability Priority Rating (VPR) to identify and take action on the vulnerabilities that pose the greatest risk specific to their environment. Leveraging an advanced data science algorithm developed by Tenable Research, Tenable VPR combines and analyses Tenable proprietary vulnerability data, third-party vulnerability data and threat data to effectively and efficiently measure risk.
โEPSS and CVSS are single variables in the risk equation โ context around exposures delivers a deeper level of understanding around true risk,โ said Shai Morag, chief product officer, Tenable. โRecent Tenable Research found thatย only 3% of vulnerabilitiesย most frequently result in impactful exposure. Weโve optimised Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritisation strategies to address these critical few.โ
Key features in this release include:
- EPSS and CVSS v4 Supportย enables users to see and filter plugins by EPSS and CVSS v4 score, further informing prioritisation strategy. This feature enables security teams to remain compliant with organisational policies that require the use of EPSS or CVSS as the primary scoring system.
- Nessus Offline Modeย addresses challenges with conducting vulnerability scans offline in air-gapped environments. Building upon existing offline scanning capabilities, Nessus runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection, thereby ensuring the security of sensitive data within a secure environment.
- Declarative Agent Versioning On-Premย enables users to create and manage agent profiles in Nessus Manager for Tenable Security Center. Users can specify a product version for an agent deployed in an environment, thereby reducing disruptions in day-to-day operations and enabling users to adhere to enterprise change control policies.
Learn more about vulnerability and risk scoring by checking out theย Inaugural Study of EPSS Data and Performanceย developed by Cyentia Institute and the Forum of Incident Response and Security Teams (FIRST).
Join the upcoming Tenable webinar titled, From Data to Defense: Harnessing Predictive Scoring to Strengthen Your Cybersecurity on September 12, 2024 at 2:00 pm ET, by registeringย here.
Tenable Nessus is available as a standalone product and is included inย Tenable Security Centerย andย Tenable Vulnerability Management. More information on Tenable Nessus is available at:ย https://www.tenable.com/products/nessus