What is Tenable Lumin?
Tenable Lumin is a new, stand-alone product that enables organizations to effectively measure their Cyber Exposure and benchmark their performance internally against different groups as well as externally against industry peers. To accomplish this, Tenable combines data about the real-world threat vulnerabilities pose with asset criticality context to calculate a Cyber Exposure Score, transforming raw technical data into business insights.
How does Tenable Lumin work?
Tenable Lumin combines a number of data sources, such as vulnerability data, threat intelligence and asset criticality, to help security leaders quantify cyber risk and maximize cyber risk reduction. Tenable has the industry’s most extensive vulnerability intelligence and one of the industry’s largest data science organizations, which enables us to deliver comprehensive benchmarking capabilities to compare your cyber risk with peers and machine learning algorithms to provide accurate cyber risk calculations.
What is the Cyber Exposure Score (CES) and how is it derived?
The Cyber Exposure Score is an objective measure of cyber risk, derived through data science-based measurement of vulnerability data together with threat intelligence and asset criticality. The score is automatically generated through machine learning algorithms which combine the Tenable Vulnerability Priority Rating (VPR), for the likelihood of exploitability, with the Tenable Asset Criticality Rating (ACR), for the business criticality of the impacted asset. Organizations can also leverage scoring to trend improvement over time as a measure of security program effectiveness. It is a number between 0 and 1000, where 0 is least exposed and 1000 is most exposed. A Cyber Exposure Score can be applied to any group of assets, either a single asset, a subset or an entire organization. For more information on CES, please read this whitepaper.
What is the Asset Criticality Rating (ACR) and how is it derived?
The Asset Criticality Rating is an objective measure of the criticality of an asset to an organization. The rating is calculated via a machine learning algorithm and based on asset attributes derived from vulnerability scan results, such as whether the device is exposed to the Internet, the type of device and device functionality. The ratings are calculated automatically after each scan and are updated every 24 hours. ACR is a number between 0 and 10, where 0 is the lowest criticality level and 10 is the highest criticality level. For more information on ACR, please read this whitepaper.
What is the Assessment Maturity Score and how is it derived?
Assessment Maturity is a single metric that quantifies how an organization is scanning their environment. It provides this insight by computing two underlying components:
- Scan Frequency How frequently organizations scan each asset in their network
- Scan Depth How deeply or thoroughly they scan each asset for vulnerabilities
Organisations are assigned a grade for their Scan Frequency, Scan Depth and overall Assessment Maturity scores along with comparisons to their industry peers and the overall population. Via such grading, organizations can compare their efforts to others and improve their processes accordingly.
How are benchmarking scores derived?
Benchmarking in Tenable Lumin is based on the most extensive vulnerability data and intelligence in the industry. Tenable processes over 1.5 billion instances of vulnerabilities per week and analyzes exposure trends and cyber hygiene maturity from more than 4.5 petabytes of data to create the benchmarking knowledge base.
Can I customize the factors that influence my Cyber Exposure Score (CES)?
Yes, you are able to manually adjust the Asset Criticality Rating of your assets, which will automatically recalculate your CES based on your customized input. In the future, we will introduce product enhancements that will allow you to customize additional CES factors.
How is Tenable Lumin different from Tenable.io and Tenable.sc?
Tenable Lumin is a separate application that helps you translate raw vulnerability data into business insights by objectively measuring your Cyber Exposure to help guide your strategic decision making. Lumin works in conjunction with both Tenable.io and Tenable.sc to incorporate asset and vulnerability data to quantify and analyze your cyber risk.
What vulnerability management products are supported today in Tenable Lumin?
Tenable Lumin is supported by both Tenable.io and Tenable.sc.
What is the Tenable Lumin pricing model?
Tenable Lumin pricing is based on the total assets count of the Tenable.io container and/or Tenable.sc deployment. Example pricing is available on request.
Will Tenable Lumin be available in both cloud and on-prem deployments?
Tenable Lumin will only be available as a cloud-based, software-as-a-service (SaaS) solution.