Tenable.io and Tenable Lumin combine to measure and manage cyber risk across attack surfaces. Together, they translate data into actionable metrics that help analysts focus resources, prioritize risks and ultimately minimize risk impact. They also continuously assess converged attack surfaces to communicate what assets exist on an environment and where such assets are located.

This solution integrates seamlessly with Nessus for optimal scanning. The scanning process is so simple that setting up scans is intuitive and straightforward, even without previous Nessus experience. We had a basic scan running in a matter of minutes. Tenable eases the process of configuring and fine-tuning scans by issuing asset criticality tags out of the box.

Instead of using only CVSS-based scoring, Tenable combines Asset Criticality Rating (ACR) and Vulnerability Priority Rating (VPR) to reprioritize assets according to business risk and each flaw’s potential for exploitation. The ACR further simplifies the prioritization process by using algorithms to score asset criticality automatically. This algorithm considers business purpose, device type, connectivity, capabilities, location and third-party data. The VPR leverages machine learning and threat intelligence to predict the vulnerabilities most susceptible to attack.

The dashboards place vulnerabilities with the highest criticalities front and center and then position less critical incidents on the periphery, guiding the focus of analysts toward those assets that require immediate attention. Analysts can easily customize these dashboards using the widget library and custom filters and searches. The vulnerability priority rating filter is a valuable feature that shows an overview of vulnerabilities analysts can filter through to search for specific criteria. The main dashboard gives a snapshot view of cyber exposure across the entire organization.

Unlike some of the other solutions we evaluated this month, Tenable.io and Tenable Lumin does provide classic paper reporting. Various dashboard views and filters help users create these graphical, customizable and exportable reports. Users may also choose from multiple, pre-defined reports.

The platform quantifies cyber risk and optimizes vulnerability management by leveraging threat intelligence gathered through extensive research for coverage, accuracy and to address zero-day attacks. This solution specializes in risk prediction that then prioritizes and automates asset criticality on a broad scale.

Pricing is based on the number of assets assessed by the solution and starts at $3,412.50 per year for 65 assets. This price includes 24/7 phone, email and website support. Organizations also have access to a knowledge base Additional support options are available for a fee.

Tested by Matthew Hreben