Tenable Is Named a Leader in Vulnerability Risk Management by Independent Research Firm

“Tenable sets the tone for proactive security,” according to the Forrester Wave™: Vulnerability Risk Management, Q3 2023

Tenable was among 11 significant vendors evaluated by Forrester against 28 vulnerability risk management criteria and was found to be a Leader with the top score for both the current offering and strategy categories. The report, which shows how each provider measures up, can be used by cybersecurity and risk professionals to select the vendor that best meets their needs. Tenable received the highest possible score (5.0) across 14 different criteria, including vision, roadmap, innovation and partner ecosystem.

As thrilled as we are with the report’s evaluation of our current offering and strategic vision, we’re equally excited by the analyst firm’s perspective on how the practice of vulnerability management is evolving.

“Vulnerability management is growing up,” according to The Forrester Wave™: Vulnerability Risk Management, Q3 2023. “Less than a decade ago, the norm was for enterprises to slap a vulnerability scanner in their environment, find a bunch of problems, then point fingers when nothing got fixed and/or common vulnerabilities and exposure (CVE) led to a breach. In 2018, Forrester urged a risk-based approach for vulnerability ‘risk’ management so that the unrealistic volume of remediations could be properly prioritized and organizations could stop leaning on common vulnerability scoring system (CVSS) scores (meant to determine a technical severity). Since then, organizations have observed the havoc critical unpatched vulnerabilities like Log4Shell and MOVEit can create. They’ve also expanded their technological footprint (from employees’ homes to the cloud) while new types of threats and vulnerabilities continue to emerge. The definition of vulnerability now includes weaknesses beyond just CVE-defined vulnerabilities, such as identity issues and misconfigurations. To respond to these trends, VRM vendors are detailing how assets relate to one another in an environment and how to prioritize and operationalize remediation efforts.”

“Tenable is a great fit for firms that want a single book of record for all vulnerability and exposure remediation prioritizations that drive their proactive security program.”

—The Forrester Wave™: Vulnerability Risk Management, Q3 2023

This evolution is also evident in Forrester’s scoring methodology of Vulnerability Risk Management offerings. From Tenable’s perspective, there were three important themes that comprised the Current Offering category:

1. Expanded scope. Support for new asset types and exposures were important criteria for this latest report. To earn highest scores, offerings must assess the widest array of non-CVE related exposures and provide valuable information regarding several types of assets. It’s also important that prioritization formulas, remediation workflows and analyst experience be consistent across different assets in order to break down silos and improve efficiency.
2. Greater context. Context is a major focus of this report to help organizations take a risk-based approach to prioritization. Threat intelligence, exploitability, business contextualization, asset criticality and attack path modeling are all important factors to help security teams identify and address the most pressing issues first based on actual cyber risk.
3. Third-party integrations. Whether it’s through governance, risk and compliance (GRC) tools, IT service management (ITSM) and ticketing systems. or other security operations center (SOC) solutions, integrating VRM solutions with your existing IT and security systems is a critical capability to accelerate vulnerability response, streamline reporting and enrich platforms to help you be more proactive in addressing cyber risk. Integrations need to be highly customizable and support a wide range of commonly used platforms to support security requirements.

At Tenable, we believe that securing today’s complex and dynamic IT environments requires bringing together vulnerability management, web application security, cloud security, identity security, attack path analysis and external attack surface management to help organizations understand the full breadth and depth of their exposures. We see vulnerability management and other proactive, preventive cybersecurity tools coming together in a new paradigm we call exposure management.

According to the report, “Tenable sets the tone for proactive security. Tenable has focused on preventing successful attacks since its Nessus days in the early 2000s. Today’s goal remains the same with a vision of proactively securing growing and dynamic attack surfaces with its Tenable One platform, one of the first to embrace the exposure management categorization. With roadmap items focusing on setting up connectors to ingest third-party sources, its platform aims to further consolidate all cyber risks, asset types, and exposures across the enterprise. Its focus on delivering AI capabilities will further help analysts of all skill levels explore and understand capabilities in their attack path modeling and cyber risk insights. Tenable’ s name recognition and early-to-market platform approach of consolidating preventative events supports its superior, persistent vision, which aligns well with the current direction of the market.”

We designed the Tenable One Exposure Management Platform, launched in October 2022, to help cybersecurity teams focus their efforts to prevent likely attacks and accurately communicate cyber risk to support optimal business performance. The addition of ExposureAI, launched in August 2023, enables cybersecurity teams to use generative AI capabilities to boost their preventive cybersecurity by accelerating how they search, analyze and make decisions to reduce risk. We harnessed the Tenable Research repository of contextual exposure data to provide a wealth of information, enabling organizations to gain valuable insights into potential vulnerabilities, threats and misconfigurations. Delivering the best AI-based capabilities requires having the best data, and Tenable has the largest repository of contextual exposure data in the world. Specifically, ExposureAI leverages 1 trillion unique exposures, assets and security findings encompassing:

• 60 billion exposure events
• 800 million different security configurations
• 1 billion assets

This massive data platform that fuels the ExposureAI engine is called the Tenable Exposure Graph, our Snowflake-powered data lake.

According to the Forrester report, “Tenable is a great fit for firms that want a single book of record for all vulnerability and exposure remediation prioritizations that drive their proactive security program.”

Learn more

• Download The Forrester Wave™: Vulnerability Risk Management, Q3 2023