Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

How secure is the business? Meet your Cyber Exposure Score

Calculate, communicate and compare your cyber exposure while managing risk with Tenable Lumin.

For the first time ever, you can visualize and explore your Cyber Exposure, track risk reduction over time, and benchmark against your peers.

Use Tenable Lumin, an advanced visualization, analytics and measurement solution, to understand and reduce your Cyber Exposure. Lumin transforms vulnerability data into meaningful insights to help you manage cyber risk across your entire organization.

Try Lumin
Tenable Lumin


Advanced analysis and risk-based exposure scoring weighs asset value and criticality, vulnerabilities, threat context and assessment maturity – providing clear guidance about what to focus on.



Visualizations of the entire attack surface allow anyone – from analyst to executive – to quickly understand and communicate your organization’s Cyber Exposure.



Exposure quantification and benchmarking allow you to compare your effectiveness for internal operations and against peers. Identify areas of focus and optimize security investments.

Gain Business Insights Into Your Organization’s Overall Cyber Risk

Lumin Dashboard
Advanced risk-based Cyber Exposure analysis and scoring weighs vulnerabilities, threat data and asset business criticality, providing clear guidance on where to focus remediation efforts.
Gain insights through a single, comprehensive view of the modern attack surface (including traditional IT, public and private clouds, web applications and containers and IoT and OT).
See how your organization’s cyber risk is changing over time. Manage risk based on quantifiable metrics aligned to the business.
Track cyber risk reduction over time and compare your cybersecurity effectiveness to industry and geographic peers.

of organizations report a disadvantage in responding to vulnerabilities due to their use of manual processes.*

Source: Measuring & Managing the Cyber Risks to Business Operations. Ponemon Institute, December 2018
"Lumin allows us to get a better view of how we compare against our peers and allows us to focus on true risk in our environments. With data constantly flowing in from many sources, Lumin gives us a clear picture of where we began, where we are today, and what to focus on tomorrow." Evan London, Senior Consultant, IT Security at Virtustream

of organizations report that traditional KPIs or metrics for evaluating business risks cannot be used to understand cyber risks.*

Source: Measuring & Managing the Cyber Risks to Business Operations. Ponemon Institute, December 2018
"Lumin has enabled us to save time by stopping the “committee approach” to reducing cyber risk and to focus more time on actual remediation. Knowing how to reduce our cyber exposure score the most by remediating specific assets helps the security department communicate with other departments on exactly what needs to be done." Tyler Warren, Director, IT Security at Prologis

Answer Critical Questions Through Your Cyber Exposure Command Center

With Tenable Lumin, for the first time organizations can answer four critical questions:

  • Where are we exposed? Where are we exposed?
  • Where should we prioritize based on risk? Where should we prioritize based on risk?
  • How are we reducing exposure over time? How are we reducing exposure over time?
  • How do we compare? How do we compare?

Only Tenable Lumin provides the insight needed to manage and reduce Cyber Exposure across the modern attack surface.

Powered By Machine Learning And Predictive Analytics

4.5 PB






Related Resources

Tenable Lumin Data Sheet

The Cyber Exposure Score: How Secure Is the Business?

Cyber Risk Benchmarking: What the Business Needs to Know

Ready To Manage And Reduce Your Cyber Exposure Across Your Entire Organization?

Try Lumin

Tenable Lumin Frequently Asked Questions

What is Tenable Lumin?
Tenable Lumin is a new, stand-alone product that enables organizations to effectively measure their Cyber Exposure and benchmark their performance internally against different groups as well as externally against industry peers. To accomplish this, Tenable combines data about the real-world threat vulnerabilities pose with asset criticality context to calculate a Cyber Exposure Score, transforming raw technical data into business insights.
How does Tenable Lumin work?
Tenable Lumin combines a number of data sources, such as vulnerability data, threat intelligence and asset criticality, to help security leaders quantify cyber risk and maximize cyber risk reduction. Tenable has the industry’s most extensive vulnerability intelligence and one of the industry’s largest data science organizations, which enables us to deliver comprehensive benchmarking capabilities to compare your cyber risk with peers and machine learning algorithms to provide accurate cyber risk calculations.
What is the Cyber Exposure Score (CES) and how is it derived?
The Cyber Exposure Score is an objective measure of cyber risk, derived through data science-based measurement of vulnerability data together with threat intelligence and asset criticality. The score is automatically generated through machine learning algorithms which combine the Tenable Vulnerability Priority Rating (VPR), for the likelihood of exploitability, with the Tenable Asset Criticality Rating (ACR), for the business criticality of the impacted asset. Organizations can also leverage scoring to trend improvement over time as a measure of security program effectiveness. It is a number between 0 and 1000, where 0 is least exposed and 1000 is most exposed. A Cyber Exposure Score can be applied to any group of assets, either a single asset, a subset or an entire organization. For more information on CES, please read this whitepaper.
What is the Asset Criticality Rating (ACR) and how is it derived?
The Asset Criticality Rating is an objective measure of the criticality of an asset to an organization. The rating is calculated via a machine learning algorithm and based on asset attributes derived from vulnerability scan results, such as whether the device is exposed to the Internet, the type of device and device functionality. The ratings are calculated automatically after each scan and are updated every 24 hours. ACR is a number between 0 and 10, where 0 is the lowest criticality level and 10 is the highest criticality level. For more information on ACR, please read this whitepaper.
What is the Assessment Maturity Score and how is it derived?

Assessment Maturity is a single metric that quantifies how an organization is scanning their environment. It provides this insight by computing two underlying components:

  1. Scan Frequency How frequently organizations scan each asset in their network
  2. Scan Depth How deeply or thoroughly they scan each asset for vulnerabilities

Organisations are assigned a grade for their Scan Frequency, Scan Depth and overall Assessment Maturity scores along with comparisons to their industry peers and the overall population. Via such grading, organizations can compare their efforts to others and improve their processes accordingly.

How are benchmarking scores derived?
Benchmarking in Tenable Lumin is based on the most extensive vulnerability data and intelligence in the industry. Tenable processes over 1.5 billion instances of vulnerabilities per week and analyzes exposure trends and cyber hygiene maturity from more than 4.5 petabytes of data to create the benchmarking knowledge base.
Can I customize the factors that influence my Cyber Exposure Score (CES)?
Yes, you are able to manually adjust the Asset Criticality Rating of your assets, which will automatically recalculate your CES based on your customized input. In the future, we will introduce product enhancements that will allow you to customize additional CES factors.
How is Tenable Lumin different from Tenable.io and Tenable.sc?
Tenable Lumin is a separate application that helps you translate raw vulnerability data into business insights by objectively measuring your Cyber Exposure to help guide your strategic decision making. Lumin works in conjunction with both Tenable.io and Tenable.sc to incorporate asset and vulnerability data to quantify and analyze your cyber risk.
What vulnerability management products are supported today in Tenable Lumin?
Tenable Lumin is supported by both Tenable.io and Tenable.sc.
What is the Tenable Lumin pricing model?
Tenable Lumin pricing is based on the total assets count of the Tenable.io container and/or Tenable.sc deployment. Example pricing is available on request.
Will Tenable Lumin be available in both cloud and on-prem deployments?
Tenable Lumin will only be available as a cloud-based, software-as-a-service (SaaS) solution.