What is Tenable Lumin?
Tenable Lumin is a new, stand-alone product that enables organizations to effectively measure their Cyber Exposure and benchmark their performance internally against different groups as well as externally against industry peers. To accomplish this, Tenable combines data about the real-world threat vulnerabilities pose with asset criticality context to calculate a Cyber Exposure Score, transforming raw technical data into business insights.
How does Tenable Lumin work?
Tenable Lumin combines a number of data sources, such as vulnerability data, threat intelligence and asset criticality, to help security leaders quantify cyber risk and maximize cyber risk reduction. Tenable has the industry’s most extensive vulnerability intelligence and one of the industry’s largest data science organizations, which enables us to deliver comprehensive benchmarking capabilities to compare your cyber risk with peers and machine learning algorithms to provide accurate cyber risk calculations.
What is the Cyber Exposure Score (CES) and how is it derived?
The Cyber Exposure Score is an objective measure of cyber risk, derived through data science-based measurement of vulnerability data together with threat intelligence and asset criticality. The score is automatically generated through machine learning algorithms which combine the Tenable Vulnerability Priority Rating (VPR), for the likelihood of exploitability, with the Tenable Asset Criticality Rating (ACR), for the business criticality of the impacted asset. Organizations can also leverage scoring to trend improvement over time as a measure of security program effectiveness. It is a number between 0 and 1000, where 0 is least exposed and 1000 is most exposed. A Cyber Exposure Score can be applied to any group of assets, either a single asset, a subset or an entire organization.
What is the Asset Criticality Rating (ACR) and how is it derived?
The Asset Criticality Rating is an objective measure of the criticality of an asset to an organization. The rating is calculated via a machine learning algorithm and based on asset attributes derived from vulnerability scan results, such as whether the device is exposed to the Internet, the type of device and device functionality. The ratings are calculated automatically after each scan and are updated every 24 hours. ACR is a number between 0 and 10, where 0 is the lowest criticality level and 10 is the highest criticality level.
How are benchmarking scores derived?
Benchmarking in Tenable Lumin is based on the most extensive vulnerability data and intelligence in the industry. Tenable processes over 1.5 billion instances of vulnerabilities per week and analyzes exposure trends and cyber hygiene maturity from more than 4.5 petabytes of data to create the benchmarking knowledge base.
Can I customize the factors that influence my Cyber Exposure Score (CES)?
Yes, you are able to manually adjust the Asset Criticality Rating of your assets, which will automatically recalculate your CES based on your customized input. In the future, we will introduce product enhancements that will allow you to customize additional CES factors.
How is Tenable Lumin different from Tenable.io and Tenable.sc?
Tenable Lumin is a separate application that helps you translate raw vulnerability data into business insights by objectively measuring your Cyber Exposure to help guide your strategic decision making. Lumin works in conjunction with Tenable.io (and Tenable.sc later in 2019) to incorporate asset and vulnerability data to quantify and analyze your cyber risk.
What vulnerability management products are supported today in Tenable Lumin?
Tenable Lumin supports Tenable.io today with support for Tenable.sc planned for later in 2019.
What is the Tenable Lumin pricing model?
Tenable Lumin pricing is extremely easy to calculate because it is based on a set percentage of your Tenable.io licensing costs.
Will Tenable Lumin be available in both cloud and on-prem deployments?
Tenable Lumin will only be available as a cloud-based, software-as-a-service (SaaS) solution.