Struggling with vulnerability prioritization? You're not alone. On average, cybersecurity teams must address 870 vulnerabilities across 960 assets every day. When every threat is a high priority, none of them are. It’s not enough to know threats exist — you need to know what to fix first.
Focus on what
matters first
Struggling with vulnerability prioritization? You're not alone. 16,500 new vulnerabilities were disclosed in 2018 - and the Common Vulnerability Scoring System (CVSS) categorized the majority as high or critical. But the number of vulnerabilities being exploited is only a small fraction of the total. It's not enough to know what threats exists - you need to know what
to fix first.
Focus on what matters first
Find out how
Achieve up to 97% reduction in high risk and critical vulnerabilities
Vulnerability Priority Rating
with Tenable Predictive Prioritization.
View Product Demo
Overview
Vulnerabilities
Details
Overview
Overview
With Predictive Prioritization, VPR is calculated nightly for over 109,000 vulnerabiliities. Machine learning algorithms work to find patterns, giving you insight into the threats on the horizon.
Explore key features
Get a Demo
Request a demo of Predictive Prioritization in Tenable.sc
VPR Widget
Next
VPR scores are provided in the main dashboard, so you can easily understand actual cyber risks. Here, we have 88 Critical vulnerabilities that should be investigated immediately, and another 623 High risk vulnerabilities to address next.
Next
Notice how the number of Critical and High risk vulnerabilities differ between VPR and CVSS. Because CVSS calculates theoretical risk instead of actual risk, the number of Critical and High risk vulnerabilities is dramatically higher.
Compare to CVSS
Tenable.io allows you to quickly investigate your vulnerabiliites. Clicking the VPR widget provides a detailed summary of all Critical vulnerabilities.
Explore key features
Next
Sorting vulnerabilities by VPR shows you the most dangerous vulnerabilities to address immediately.
Sort VPRs
Next
See the differences between the CVSS score on the left and the corresponding VPR on the right. Many vulnerabilities have very different risk ratings. In this environment, many of the highest Critical vulnerabilities are only rated as High risk, according to CVSS.
VPR vs CVSS
Vulnerabilities
Tenable.io provides detailed information about each of your vulnerabiilities, along with the assets affected. In this example, we found a particularly dangerous Linux Kernel vulnerability, dubbed Dirty COW, impacting many assets.
Explore key features
Next
Understand important vulnerability details, including number of assets affected, VPR, solution for remediation and key drivers that were significant factors in calculating the VPR.
Detailed Vulnerability Summary
Details
Next
Threat Recency shows the number of days since the last threat event was observed. Notice that Dirty COW remains an active threat today.
Threat Recency
Next
Exploit Code Maturity is based on the availability of exploit code of various databases and frameworks. Dirty COW exploits are widely known and published.
Exploit Code Maturity
Next
The Age of Vuln is the number of days since the vulnerability was published on the U.S. National Vulnerability Database. This vulnerability is rather old, going back to 2016.
Age of Vuln
Next
Product Coverage refers to the number of unique assets affected by this vulnerability. CentOS is a popular Linux distribution used industry-wide.
Product Coverage
As a result of these key drivers, the VPR is 9.8 compared to a CVSS score of 7.8. Using Predictive Prioritization, you'd place this Dirty COW vulnerability at the top of your remediation queue (along with other vulnerabilities that have been or will likely be exploited).
Vulnerability Priority Rating (VPR)
Vulnerabilities
Close
Close
Details
Close
The output of Predictive Prioritization is the Vulnerability Priority Rating (VPR). VPR indicates remediation priority of each vulnerability based on the threat landscape. Each vulnerability receives a rating from 0 to 10, helping you evaluate your vulnerabilities and make decisions with confidence.
+
%
A growing threat
%
91
A big problem
+
97
%
Reduction in vulnerabilities to be remediated with the same impact to the attack surface
Predictive
Priortization
+
91
Research
Insights
Data science based analysis of over 109,000 vulnerabilities to differentiate between the real and the theoretical risks vulnerabilities pose.
Insight into which vulnerabilities are actively being exploited by both targeted and opportunistic
threat actors
Threat
Intelligence
The criticalirty, ease of exploit and attack vectors associated with the flaw
Vulnerability
Rating
97
%
reduction in the number of vulnerabilities requiring immediate remediation.
Data science based analysis of over 130,000 vulnerabilities to differentiate between the real and the theoretical risks vulnerabilities pose.
Predictive
Prioritization
Research Insights
Insight into which vulnerabilities are actively being exploited by both targeted and opportunistic threat actors.
Threat Intelligence
The criticality, ease of exploit and attack vectors associated with the flaw.
Vulnerability Rating
Overview
Vulnerabilities
Details
Overview
With Predictive Prioritization, VPR is calculated nightly for over 130,000 vulnerabilities. Machine learning algorithms work to find patterns, giving you insight into the threats on the horizon.
Explore key features
Next
Here you can see the vulnerabilities that should be patched first. In this example we see that there are 432 instances of the MS16-120 vulnerability on 37 hosts. If we apply that patch we can reduce risk by 10%.
What to Patch
Next
Close
Overview
Tenable.sc allows you to quickly investigate your vulnerabilities. Opening the VPR analysis provides a detailed summary of all Critical vulnerabilities.
Explore key features
Next
Sorting vulnerabilities by VPR shows you the most dangerous vulnerabilities to address immediately.
Sort VPRs
Next
See the differences between the CVSS score on the left and the corresponding VPR on the right. Many vulnerabilities have very different risk ratings. In this environment, many of the highest Critical vulnerabilities are only rated as High risk, according to CVSS.
VPR vs CVSS
See Vulnerability Details
Close
Vulnerabilities
Tenable.sc provides detailed information about each of your vulnerabilities, along with the assets affected. In this example, we found a particularly dangerous Windows vulnerability impacting
several assets.
Explore key features
Next
Understand important vulnerability details, including number of assets affected, VPR, solution for remediation and key drivers that were significant factors in calculating the VPR.
Detailed Vulnerability Summary
Next
Threat Recency shows the number of days since the last threat event was observed. Notice this vulnerability has been active within the last week.
Threat Recency
Next
Exploit Code Maturity is based on the availability of exploit code of various databases and frameworks. These vulnerability exploits are widely known and published.
Exploit Code Maturity
Next
The Age of Vuln is the number of days since the vulnerability was published on the U.S. National Vulnerability Database. This vulnerability has been around for 6 months to a year.
Age of Vuln
Next
Product coverage refers to the relative number (low, medium, high or very high) of the unique products affected by the vulnerability." We might also need to change this in the T.io interactive demo.
Product Coverage
As a result of these key drivers the VPR score is 9.4. Using Prediction Prioritization, you’d place this vulnerability at the top of your remediation queue (along with other vulnerabilities that have been or will likely be exploited).
Vulnerability Priority Rating (VPR)
Close
Details
View Vulnerability Priority Rating Summary
Predictive Prioritization combines research insights, threat intelligence and vulnerability rating to reduce the number of vulnerabilities requiring immediate remediation by 97%.
How it works
See how Predictive Prioritization Works
Next
See the differences between the CVSS score on the left and the corresponding VPR scores on the top. Many vulnerabilities have very different risk ratings. In this environment, may of the highest Critical vulnerabilities are only rated as High risk, according to CVSS.
VPR Compare to CVSS
Explore Vulnerabilities
Here we can track the amount of Critical vulnerabilities discovered and mitigated within a given time period. We see in the last month 32 critical vulnerabilities have been discovered, yet only 14 have been remediated.
Track Your Progress
Explore Vulnerabilities
See Vulnerability Details
Get Started Now
