Adrian Johnson
TLDR:
- Tenable has announced new risk prioritization and compliance features for Nessus.
- Nessus now supports EPSS, CVSS v4 scoring systems to help with risk reduction and compliance.
Article Summary:
Exposure management company Tenable has introduced improved risk prioritization and compliance features for Tenable Nessus, a vulnerability assessment solution. The new features aim to enhance accuracy, coverage, and adoption of the platform. The update includes support for two new vulnerability scoring systems – Exploit Prediction Scoring System (EPSS) and Common Vulnerability Scoring System (CVSS) v4. These scoring systems help customers prioritize vulnerabilities effectively to reduce risks and ensure compliance.
Organizations face evolving threats and increasing attack surfaces, requiring multiple risk scoring systems to determine criticality. Tenable Nessus now incorporates EPSS, CVSS v4, and Tenable Vulnerability Priority Rating (VPR) to identify and address vulnerabilities that pose the greatest risk in a specific environment. The VPR uses a proprietary data science algorithm developed by Tenable Research to combine and analyze vulnerability data from various sources to measure risk efficiently.
Key features in this release include support for EPSS and CVSS v4, allowing users to filter plugins based on these scores for better prioritization. Another feature, Nessus Offline Mode, addresses challenges with offline vulnerability scans in air-gapped environments. The platform also includes Declarative Agent Versioning On-Prem, enabling users to manage agent profiles more effectively.
Tenable Nessus is available both as a standalone product and included in Tenable Security Center and Tenable Vulnerability Management solutions. These updates aim to empower organizations to make informed vulnerability prioritization strategies and enhance their overall cybersecurity posture.
