SC Media recently conducted comprehensive product reviews of Tenable.io and Tenable Lumin, assessing them based on SC Labs’ standards of overall performance, ease of use, features, documentation, support and value for the money.
We’re proud to announce that SC Media awarded Tenable.io and Tenable Lumin their 5-star rating — the highest possible — after testing the products against approximately 50 individual criteria. Tenable received high marks in every category and the reviewer highlighted the value of Tenable going beyond CVSS-only scoring to include extensive contextual data.
From SC Media. ©2020 CyberRisk Alliance, LLC. All rights reserved. Used under license.
In addition to CVSS, Tenable correlates and analyzes other essential security data to determine the vulnerability priority rating (VPR) for each vulnerability, based on the full context surrounding those vulnerabilities. In addition, the asset criticality rating (ACR) determines the importance of each affected asset to the organization, so security teams can understand each vulnerability in terms of the specific risk they pose to their business.
SC Media’s review highlights numerous Tenable advantages, including:
- Dynamic discovery. “[Tenable.io and Tenable Lumin] continuously assess converged attack surfaces to communicate what assets exist in an environment and where such assets are located.”
- Full-context assessment. “Instead of using only CVSS-based scoring, Tenable combines Asset Criticality Rating (ACR) and Vulnerability Priority Rating (VPR) to reprioritize assets according to business risk and each flaw’s potential for exploitation.”
- Risk-based prioritization. “[The Tenable] solution specializes in risk prediction that then prioritizes and automates asset criticality on a broad scale.”
The reviewer also called out Tenable’s capabilities that help teams prioritize the vulnerabilities that matter most. Not only is this one of our key strengths, it’s really at the core of everything we do. We’re all about helping teams focus on the assets and vulnerabilities that matter most, so they can reduce the greatest amount of business risk with the least amount of effort. To that end, we employ machine learning models that automatically combine vulnerability data with threat and exploit intelligence, as well as asset criticality, to predict each vulnerability’s impact on the organization. With all of this, security teams know exactly which vulnerabilities pose the most risk, so they can focus on those first while deprioritizing the vulns that are unlikely to ever be exploited.
And finally, the piece the reviewer mentioned that is too frequently overlooked in a vulnerability management solution is reporting. It’s arguably one of the most important aspects, yet too many VM vendors don’t do it very well. Without rock-solid reporting capabilities, you have no way to effectively communicate the team’s efficiency – to gain and maintain management’s confidence in your abilities. This helps keep you out of firefighting mode so you can focus on the vulnerabilities that pose the most risk to the organization.
Read the review to learn more about SC Media’s assessment of Tenable.