Tenable Adds Ability to Prioritize Vulnerabilities by Threat Level
Tenable this week at the Black Hat USA 2024 conference added an ability to identify the vulnerabilities in an IT environment that should be remediated first based on the actual threat they represent.
Gavin Millard, vice president of product management for vulnerability management at Tenable, said the Vulnerability Intelligence and Exposure Response capabilities being added to its platform analyze data collected from external and internal sources to identify which vulnerabilities can be accessed and whether an actual exploit that targets them exists.
Armed with those insights, it then becomes easier for cybersecurity teams to work collaboratively with application developers to prioritize which patches need to be created and deployed, he added.
Tensions often arise between cybersecurity teams and developers because many of the vulnerabilities discovered are either not facing the internet or are not actually present in a production environment. Only a small percentage of the more than 240,000 vulnerabilities that have been disclosed over the years are actually being attacked, said Millard.
Developers typically only allocate less than 10% of their time to building patches so it’s critical to focus those efforts are vulnerabilities that are being exploited, rather than a vulnerability that might be easier to fix but isn’t especially relevant, he added.
As part of its efforts to surface those threats, Tenable has also created seven curated exposure risk categories where vulnerabilities and exposures are listed, for example, by how active they are, usage by ransomware campaigns and emerging threats. Natural language search tools also make it simpler for cybersecurity teams to research specific threats.
Additionally, Tenable provides access to reporting tools that provide greater visibility and accountability for remediation efforts, including any potential bottlenecks that have emerged.
Vulnerabilities are, of course, the bane of cybersecurity existence. However, if cybersecurity teams treat all vulnerabilities equally, they lose credibility with the application development teams they depend on to fix them.
However, it’s also true that as the most widely exploited vulnerabilities are remediated it’s only a matter of time before cybercriminals develop additional exploits. In the age of artificial intelligence (AI), cybersecurity teams should also anticipate it has become easier for cybercriminals to develop those exploits. As such, while it’s important to prioritize remediation efforts ignoring some vulnerabilities altogether could one day have dire consequences. The goal is to stop breaches before they occur as the tactics and techniques used by cybercriminals continue to evolve, said Millard.
Hopefully, AI technologies will soon make it a lot easier to not only build and deploy patches but also provide summarizations of threat levels in ways that are easier for anyone to understand.
In the meantime, cybersecurity teams need to insinuate themselves into the existing DevSecOps workflows that many organizations are using to build and maintain software. The challenge, of course, is getting application developers to focus some of their time and energy that is naturally devoted to building the next great feature versus applying fixed to an application project that from their perspective was completed months, sometimes even years, ago.