Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

What You Need to Know About Vulnerability Management Best Practices

How can CISOs and their cybersecurity teams incorporate Tenable’s Predictive Prioritization capability and the Vulnerability Priority Rating into their vulnerability management strategy? The Tenable team offers some best practices.

Throughout the course of 2019, the Tenable team has been talking about the benefits of Predictive Prioritization — the process of re-prioritizing vulnerabilities based on the probability they will be leveraged in an attack. 

This new capability, introduced in February 2019, combines Tenable-collected vulnerability data with third-party vulnerability and threat intelligence and analyzes them together using an advanced data science algorithm developed by Tenable Research. The data analysis is used to develop a Vulnerability Priority Rating (VPR) for each vulnerability. 

Predictive Prioritization is now available in Tenable.sc and Tenable.io to help security teams focus on what matters most. But what are the best practices for implementing Predictive Prioritization and VPR?

During a recent webinar entitled “Putting Predictive Prioritization To Work,” Kevin Flynn, a senior product marketing manager at Tenable, joined senior security consultants Brian Baumgarten and John Vasquez to discuss Predictive Prioritization and VPR. They explored how CISOs, their security teams and even third-party vendors and service providers can incorporate these capabilities into their vulnerability management plans.

Setting Vulnerability Management KPIs

As with any good security project, one of the best ways to start is by establishing reasonable Key Performance Indicators (KPIs) to guide the security team and create realistic goals. Tenable recommends these five KPIs to get you started:

  1. Scan frequency: How often does your enterprise conduct assessments?
  2. Scan intensity: How many different scans are launched on a given scan day?
  3. Asset authentication: How does your enterprise measure assessment depth? 
  4. Asset coverage: What proportion of the licensed assets are scanned in a 90-day period?
  5. Vulnerability coverage: What proportion of total vulnerability plugins are used in a 90-day period?

Once these KPIs are established, here are three ways security teams can start applying Predictive Prioritization and VPR to their vulnerability management process.

  1. In the discovery phase, VPR can assist in classifying assets within the network by improving accuracy and helping to discover new IP addresses that have been added.
  2. When scanning, VPR can be automatically applied. As the security team scans the network more frequently, the threat intelligence improves because there’s more data to analyze in real-time. 
  3. During the patching process, VPR helps security teams provide much-needed context to the IT professionals responsible for patching, improving their ability to prioritize and allocate resources based on real-world risk.

Frequent scanning is crucial. “The more you scan frequently, the more you are going to know of the current potential,” Vasquez said. For example, Vasquez said, when the WannaCry ransomware attacks started in 2017, the malware was released several months before the incidents began in earnest. Better scanning might have helped security professionals identify the potential to do harm and could have prompted more urgent patching.   

Additionally, VPR scores can also be used to help structure service-level agreements (SLAs) with third-party service providers. For firms that outsource patching and remediation, VPR gives the service provider and client a way to prioritize and evaluate remediation efforts, improving outcomes and overall security posture. 

Vulnerability Priority Rating: Practical Results 

Flynn, Baumgarten and Vasquez shared two examples of how organizations can put VPR to use. 

First, VPR can assist in prioritizing fixes and patches to systems that are internet-facing, where unpatched applications can be exploited using common rootkits. Using VPR in combination with Tenable’s Nessus Network Monitor, security teams can create a dynamic asset list using filters as well as certain key terms, such as “Adobe” or other software frequently targeted in attacks. 

Second, if an attacker is able to penetrate the network through an internet-facing system in an attempt to escalate privileges and move laterally through the network, the VPR score can be used to identify which vulnerabilities might be exploited first. This enables teams to be more strategic about deploying patches to stop the attack.

Learn More:

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.