Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

What You Need to Know About Vulnerability Management Best Practices

How can CISOs and their cybersecurity teams incorporate Tenable’s Predictive Prioritization capability and the Vulnerability Priority Rating into their vulnerability management strategy? The Tenable team offers some best practices.

Throughout the course of 2019, the Tenable team has been talking about the benefits of Predictive Prioritization — the process of re-prioritizing vulnerabilities based on the probability they will be leveraged in an attack. 

This new capability, introduced in February 2019, combines Tenable-collected vulnerability data with third-party vulnerability and threat intelligence and analyzes them together using an advanced data science algorithm developed by Tenable Research. The data analysis is used to develop a Vulnerability Priority Rating (VPR) for each vulnerability. 

Predictive Prioritization is now available in Tenable.sc and Tenable.io to help security teams focus on what matters most. But what are the best practices for implementing Predictive Prioritization and VPR?

During a recent webinar entitled “Putting Predictive Prioritization To Work,” Kevin Flynn, a senior product marketing manager at Tenable, joined senior security consultants Brian Baumgarten and John Vasquez to discuss Predictive Prioritization and VPR. They explored how CISOs, their security teams and even third-party vendors and service providers can incorporate these capabilities into their vulnerability management plans.

Setting Vulnerability Management KPIs

As with any good security project, one of the best ways to start is by establishing reasonable Key Performance Indicators (KPIs) to guide the security team and create realistic goals. Tenable recommends these five KPIs to get you started:

  1. Scan frequency: How often does your enterprise conduct assessments?
  2. Scan intensity: How many different scans are launched on a given scan day?
  3. Asset authentication: How does your enterprise measure assessment depth? 
  4. Asset coverage: What proportion of the licensed assets are scanned in a 90-day period?
  5. Vulnerability coverage: What proportion of total vulnerability plugins are used in a 90-day period?

Once these KPIs are established, here are three ways security teams can start applying Predictive Prioritization and VPR to their vulnerability management process.

  1. In the discovery phase, VPR can assist in classifying assets within the network by improving accuracy and helping to discover new IP addresses that have been added.
  2. When scanning, VPR can be automatically applied. As the security team scans the network more frequently, the threat intelligence improves because there’s more data to analyze in real-time. 
  3. During the patching process, VPR helps security teams provide much-needed context to the IT professionals responsible for patching, improving their ability to prioritize and allocate resources based on real-world risk.

Frequent scanning is crucial. “The more you scan frequently, the more you are going to know of the current potential,” Vasquez said. For example, Vasquez said, when the WannaCry ransomware attacks started in 2017, the malware was released several months before the incidents began in earnest. Better scanning might have helped security professionals identify the potential to do harm and could have prompted more urgent patching.   

Additionally, VPR scores can also be used to help structure service-level agreements (SLAs) with third-party service providers. For firms that outsource patching and remediation, VPR gives the service provider and client a way to prioritize and evaluate remediation efforts, improving outcomes and overall security posture. 

Vulnerability Priority Rating: Practical Results 

Flynn, Baumgarten and Vasquez shared two examples of how organizations can put VPR to use. 

First, VPR can assist in prioritizing fixes and patches to systems that are internet-facing, where unpatched applications can be exploited using common rootkits. Using VPR in combination with Tenable’s Nessus Network Monitor, security teams can create a dynamic asset list using filters as well as certain key terms, such as “Adobe” or other software frequently targeted in attacks. 

Second, if an attacker is able to penetrate the network through an internet-facing system in an attempt to escalate privileges and move laterally through the network, the VPR score can be used to identify which vulnerabilities might be exploited first. This enables teams to be more strategic about deploying patches to stop the attack.

Learn More:

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training