Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Lumin: Translating Vulnerability Management Into the Language of Business

With Tenable Lumin, we’re giving customers a bridge between the language of vulnerability management and the language of business. 

In our work here at Tenable, we often hear from our CISO customers about the dual challenges they face: how to help business executives and the board understand their organization’s cyber risk; and how to help their IT colleagues prioritize patching to address the vulnerabilities representing the greatest risk to the organization.

CISOs are, essentially, expected to be multilingual. They need to transition seamlessly from the business language of the C-suite to the technical, process-led language of their IT colleagues. The challenge? Most of the data they’re able to access from common vulnerability management tools is available only in their native tongue: the language of vulnerabilities. 

Indeed, a survey of more than 2,400 cybersecurity and IT leaders conducted by Ponemon Institute reveals that 58 percent of respondents say traditional KPIs or metrics for evaluating business risks cannot be used to understand cyber risks. Further, less than a third of respondents (30 percent) report they can adequately prioritize their efforts.

At Tenable, we’re committed to helping CISOs and cybersecurity professionals communicate effectively across their organizations. And, with Tenable Lumin, we’re giving you a bridge between the language of vulnerability management and the language of business. 

Tenable.io customers can use Lumin today to transform raw technical data into business insights by combining inputs such as threat intelligence, vulnerability data and asset criticality into a single platform to accurately measure and benchmark cyber risk. This risk-based approach to cybersecurity enables CISOs and their teams to prioritize remediation efforts, effectively communicate cyber risk to internal stakeholders and make data-driven decisions to reduce risk. 

Tenable Lumin enables organizations to effectively measure and benchmark their cyber exposure internally and externally against peer organizations. To accomplish this, vulnerability data is correlated with other risk indicators, such as threat intelligence and asset criticality, to automatically score, trend and benchmark an organization’s cyber risk. Lumin transforms technical data into business insights for better strategic decisions.

CISOs can use Tenable Lumin to quickly and accurately assess the organization’s cyber exposure risk and compare their health and remediation performance to that of other enterprises.

Lumin uses a variety of metrics to help users understand the following: 

  • where they are exposed;
  • where to prioritize remediation;
  • how the organization is reducing risk; and
  • how these efforts compare to others'.

With Tenable Lumin, users receive a Cyber Exposure Score for their own organization, an average score for peers within the same industry as well as the general population. This allows users to compare their organization to others and provides additional context around the score. The higher the score, the higher the risk. 

Users can use Tenable Lumin to access the data most relevant for a particular audience. For example:

  • The Cyber Exposure Score trend view provides trending data about the organization’s score over time. Users can also see whether their peers and the greater population are improving over time.
  • The Cyber Exposure Score by business context view allows users to map a group of assets to a Cyber Exposure Score.

Gathering current, accurate data is critical to assessing your risk. Learn more about what’s available in the Tenable Lumin dashboard here:

Gaining Fresh Insights Into Your Cyber Risk with Tenable Lumin

Lumin uses several metrics to help you assess your cyber risk:

  • Vulnerability Priority Rating (VPR)
  • Asset Criticality Rating (ACR)
  • Cyber Exposure Score 

Here’s what each score reveals:

  • Vulnerability Priority Rating. A dynamic companion to the static data provided by the vulnerability’s CVSS score and severity, the VPR is generated dynamically per vulnerability. Tenable’s algorithms update the VPR to reflect the current threat landscapes. Values range from .1 to 10. A higher value represents higher likelihood of exploit. 
  • Asset Criticality Rating. Tenable assigns an ACR to each asset on your network to represent the asset’s relative risk as an integer from 1 to 10. A higher ACR value indicates higher risk. Tenable assesses scan output and measures asset risk based on the following: exposure due to the location on your network and proximity to the internet, device type and device capabilities.
  • Cyber Exposure Score. The score is automatically generated through machine learning algorithms which combine the Tenable Vulnerability Priority Rating (VPR), for the likelihood of exploitability, with the Tenable Asset Criticality Rating (ACR), for the business criticality of the impacted asset. This score represents the organization’s overall cyber exposure risk as an integer between 0 and 1,000, based on asset exposure score values for assets scanned in the past 90 days. A higher CES value indicate higher risk.

Learn more about Tenable Lumin metrics here:

Additional resources

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.