Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

As Digital Transformation Surges, Enterprises Must Triage More than 100 Critical Vulnerabilities a Day, According to Tenable Research

November 7, 2018

Edge EMEA, London

Tenable®, Inc., the Cyber Exposure company, today announced its Vulnerability Intelligence Report from Tenable Research, which provides an overview of real-world current vulnerability trends and insights into how organizations assess and respond to the unrelenting barrage of new cyber risks. The research found that enterprises identify 870 unique vulnerabilities on their systems every day, on average. Of those, more than 100 vulnerabilities are rated as critical on the common vulnerability scoring system (CVSS) — an industry standard measurement. Prioritization based solely on CVSS ratings is failing the industry and leaves organizations unable to effectively and confidently focus on which vulnerabilities require immediate action.

The Vulnerability Intelligence Report’s findings confirm that managing vulnerabilities is a challenge of scale, volume and velocity. The Tenable Research team analyzed anonymized data from 900,000 vulnerability assessments across 2,100 enterprises. The team estimates that the industry is on track to disclose up to 19,000 new vulnerabilities in 2018, an increase of 27 percent over 2017. Yet in 2017, public exploits were available for seven percent of all vulnerabilities, meaning that 93 percent of all vulnerabilities posed only theoretical risk. For most vulnerabilities, a working exploit is never developed and of those, an even smaller subset is actively weaponized by threat actors, making it difficult to understand which vulnerabilities to remediate first, if at all.

This lack of rigorous prioritization means that organizations are struggling to assess and manage more vulnerabilities than ever and consequently, they are unable to make strategic technology decisions. For example, Adobe Flash will be unsupported from 2020 onward and is not commonly used in most enterprise environments. Yet Adobe Flash still lingers in enterprise environments and its vulnerabilities represent half of the 20 most prevalent application vulnerabilities in enterprise environments.

“When everything is urgent, triage fails. As an industry, we need to realize that effective reduction in cyber risk starts with effective prioritization of issues,” said Tom Parsons, senior director of product management, Tenable. “To keep up with the current volume and velocity of new vulnerabilities, organizations need actionable insight into where their greatest exposures lie; otherwise, remediation is no more than a guessing game. This means organizations need to focus on vulnerabilities that are being actively exploited by threat actors rather than those that could only theoretically be used.”

To address this deluge of vulnerabilities, Tenable today announced Predictive Prioritization, a first-of-its-kind innovation which will provide organizations with an unprecedented capability to prioritize those vulnerabilities which pose the greatest actual risk to the business. With Predictive Prioritization, Tenable is combining a variety of data sources and threat intelligence with advanced data science algorithms to determine the probability of a vulnerability being leveraged by threat actors. Predictive Prioritization will be generally available for both Tenable.io® and Tenable.sc™, (formerly SecurityCenter) in 2019. Read the full press release here.  

For more information, read the full research report, or join the Tenable Research team for a webinar on Nov. 8 at 1 PM ET to review the findings.

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

Contact Information:

Cayla Baker
[email protected]

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security