Tenable, the exposure management company, has transformed its renowned Tenable Vulnerability Priority Rating (VPR) to better target the risks posing the most serious threats. By harnessing the power of generative AI, enriched threat intelligence, and context-aware scoring, the enhanced VPR empowers organisations to swiftly understand vulnerability impacts and weaponisation, as well as provide precise remediation actions.
Originally, the broader Common Vulnerability Scoring System (CVSS) tagged 60% of vulnerabilities as either high or critical. However, upon launching VPR in 2019, Tenable drastically refined that focus to around 3%. With the cutting-edge AI improvements introduced recently, Tenable VPR now isolates the essential 1.6% vulnerabilities that possess real business risk implications. The advantage of these AI-driven updates is reflected in significant efficiency gains: from sharper explainability and contextual insights, faster mean-time-to-remediation, to optimized resource allocation and harmonized security agendas aligning with organizational goals.
Jorge Orchilles, Senior Director, Readiness and Proactive Security at Verizon, shared his experience, "Our biggest problem was noise. We had thousands of vulnerabilities, and no clear way to know which ones posed a genuine threat." He highlights, "Tenable VPR changed that by showing us what attackers are actually exploiting right now."
Eric Doerr, Chief Product Officer, Tenable, elaborated, "We’re taking our game-changing Tenable VPR to the next level with these AI-powered enhancements. Tenable VPR brings unmatched precision and depth of threat intelligence, context, and explainability to cyber operations."
Aside from refined risk prioritisation, the significant updates to Tenable VPR include:
- AI-powered insights and explainability: VPR insights supply instant clarity, aiding users in recognising the significance of an exposure. Along with understanding its weaponisation by threat actors, actionable guidelines for mitigation are furnished.
- Industry and regional context prioritisation: Enhanced filtering, querying, and metadata enable organisations to focus on vulnerabilities menacing their particular industry and region, ensuring essential exposures relevant to their operations are promptly addressed.
