Tenable upgrades Nessus risk assessment platform

Cybersecurity risk exposure management company Tenable has announced new risk prioritisation and compliance features for its Tenable Nessus vulnerability assessment platform.

The new capabilities include enhancements aimed at making it simpler to scan for vulnerabilities in air-gapped, offline environments. The platform now runs critical services only, removing unwanted traffic generated by functions that rely on an active internet connection. Meanwhile the new Declarative Agent Versioning On-Prem features allows users to create and manage agent profiles in the Nessus Manager for Tenable Security Center tool.

The new update also introduces the ability to sort and filter plugins by their score on the Exploit Prediction Scoring System and the Common Vulnerability Scoring System Version 4.0.

The platform allows users to prioritise risks based on the Tenable Vulnerability Priority Rating, which leverages an advanced data science algorithm developed by Tenable Research to analyse Tenable proprietary vulnerability data, third-party vulnerability data and threat data to better manage risk.

Tenable chief product officer Shai Morag said the company has optimised the platform to meet the evolving needs of customers.

“EPSS and CVSS are single variables in the risk equation — context around exposures delivers a deeper level of understanding around true risk,” he said. “Recent Tenable research found that only 3% of vulnerabilities most frequently result in impactful exposure. We’ve optimised Nessus to meet the evolving needs of our customers, empowering informed vulnerability prioritisation strategies to address these critical few.”

Image credit: iStock.com/Laurence Dutton