Vendor claims machine learning-powered rating system will help users focus on most pressing threats
Network security firm Tenable this week added to its flagship platform new vulnerability prioritization capabilities designed to help organizations zero in on top threats and better manage risk.
The Lowdown: The new Predictive Prioritization offering combines Tenable vulnerability data with third-party vulnerability data and threat intelligence from 150 sources. Using what the vendor claims is “a proprietary machine learning algorithm,” the technology aims to predict the likelihood that a vulnerability will be exploited in the next 28 days.
The Details: Predictive Prioritization is available now in Tenable.sc 5.9, the company’s on-premises vulnerability management offering. The technology is expected to be available in the vendor’s cloud-based Tenable.io product later this year.
The Impact: According to the National Vulnerability Database, 16,500 new vulnerabilities were disclosed in 2018 alone, but only a small fraction of those were ever exploited for actual attacks, Tenable officials point out. The goal with Predictive Prioritization is to cull that list down to the roughly 3 percent of vulnerabilities that pose an imminent danger to organizations so security teams can make better risk mitigation and management decisions.
Background: Founded in 2002, Tenable is a channel-centric organization with roughly 400 resellers and MSPs in its three-tier partner program. According to filings made when the company underwent an IPO last summer, Tenable generates close to 86 percent of its revenue through indirect channel sales.
The Buzz: “The Tenable data science team estimates only 3 percent of vulnerabilities will be exploited,” wrote Tenable Senior Product Marketing Manager Kevin Flynn in a blog post announcing the Predictive Priority launch. “The bad news is that it hasn’t been easy to figure out which of the 3 percent you need to worry about.”
“Predictive Prioritization…will change the way companies run their vulnerability management programs by giving them a new level of insight on where to focus based on threats to the business,” said Renaud Deraison, co-founder and CTO at Tenable in Columbia, Maryland. “[It] will help organizations answer foundational questions about where they’re exposed and what vulnerabilities to prioritize for remediation based on the threat landscape.”