Tenable Inc. this week introduced a new SaaS product that the company calls the first cyber exposure benchmarking...
The Lumin cyber exposure offering, which is part of the cloud-based Tenable.io vulnerability management platform, aims to give organizations an accurate way to visualize and measure their "cyber exposure" to the latest threats and vulnerabilities. Dave Cole, chief product officer at Tenable, said Tenable.io Lumin was designed to better assess customers' exposure by accruing data from all their enterprise assets, including cloud services and internet of things (IoT) devices, and delivering a complete picture of their attack surface.
Cole said a "steady parade of vulnerabilities, particularly open source vulnerabilities" have made it increasingly difficult for enterprises to accurately and effectively assess their risk level and shrink their attack surfaces. This was partly because, he said, cloud and IoT assets were treated as different siloes.
"Cyber exposure is a new realm of vulnerability management," Cole said. "Lumin starts with pulling all of the data on your assets into one place. We give cloud and IoT assets equal footing instead of keeping them separate from the rest of the network."
The Lumin cyber exposure platform provides customers a single view of all corporate IT assets and their vulnerabilities. With that data, the platform calculates the organization's cyber exposure levels to various vulnerabilities. In addition, CISOs can compare, for instance, remediation times for critical vulnerabilities against benchmarking data accrued and analyzed by Tenable product telemetry and human analysts within the Tenable Research team.
The platform also provides risk-based scoring for weighing vulnerabilities, as well as each individual asset's business value so that enterprise security teams can better prioritize their remediation efforts. The Lumin cyber exposure platform comes with third-party API support for vulnerability data from vendors such as Qualys and Amazon Web Services (AWS). The platform imports, integrates and consolidates the third-party data along with data from Tenable's own Nessus vulnerability scanner.
Tenable said it plans to expand API support to additional vendors this year. Cole said integrating third-party data, even from competing vendors, was crucial for the platform. "The enemy isn't Qualys," he said. "The enemies are all the spreadsheets that are causing customers pain."
The Tenable.io Lumin cyber exposure platform will be available for beta testing this quarter and will be generally available in the second half of this year. Cole said Tenable will add new capabilities to the platform following its release.