Latest news with #VulnerabilityPriorityRating
Techday NZ
27-07-2025
- Business
- Techday NZ
Tenable adds AI to VPR for sharper, real-time risk detection
Tenable has announced enhancements to its Vulnerability Priority Rating (VPR), focusing on precise risk identification and remediation for security teams. The updated VPR, now driven by generative artificial intelligence, provides organisations with contextual threat intelligence and real-time prioritisation to highlight vulnerabilities that pose the most significant risk to business operations. The changes aim to address longstanding challenges in vulnerability management. Sharper risk focus The company's VPR was first introduced in 2019 as a counterpoint to the broad scoring provided by the Common Vulnerability Scoring System (CVSS). While CVSS designates approximately 60% of vulnerabilities as high or critical, the original VPR narrowed the focus to just 3%. With the latest enhancements, Tenable reports that only 1.6% of vulnerabilities are now marked as representing genuine business risk, supported by real-time data and improved analytics. Jorge Orchilles, Senior Director, Readiness and Proactive Security at Verizon, described the practical impact that targeted vulnerability data has had on operational efficacy. "Our biggest problem was noise. We had thousands of vulnerabilities, and no clear way to know which ones posed a genuine threat," said Orchilles. "Tenable VPR changed that by showing us what attackers are actually exploiting right now. It lets us focus our resources on the handful of issues that truly matter, which has made a real, measurable difference in how quickly we can get critical patches out." AI-driven insights and explainability The enhancements are underpinned by generative AI, which produces tailored threat summaries and remediation advice. VPR's AI-powered insights are designed to help users quickly interpret why a particular vulnerability matters, its weaponisation by threat actors, and what actions are immediately necessary to mitigate risk. The technology delivers instant clarity to enable faster remediation and more strategic use of resources. Eric Doerr, Chief Product Officer at Tenable, outlined the strategic value of these new capabilities for organisations managing cyber risk. "We're taking our game-changing Tenable VPR to the next level with these AI-powered enhancements," said Doerr. "Tenable VPR brings an unmatched precision and depth of threat intelligence, context and explainability to cyber operations. With these critical insights at their fingertips, organisations can clearly visualise why an exposure matters, where they are vulnerable and how to close their priority risks." Industry and regional context A key feature of the updated VPR is its ability to apply industry- and region-specific threat context. Enhanced filtering, querying and use of metadata enable organisations to refine vulnerability prioritisation by relevance to their sector or area of operation. This approach ensures that security teams can address the exposures most relevant to their business environment, rather than relying on generic risk scores. According to the company, these changes are expected to support reduced mean-time-to-remediation and more strategic alignment between cybersecurity efforts and broader organisational goals. By providing more precise, context-rich data, Tenable aims to help organisations allocate security resources where they have the greatest impact. The latest iteration of Tenable's VPR builds on its previous reputation for prioritising threats and reducing the noise associated with vulnerability management. Through the addition of AI-driven explainability and tailored risk measures, the update is intended to allow cybersecurity and risk management teams to respond faster and more effectively to emerging threats. Follow us on: Share on:
Techday NZ
24-07-2025
- Business
- Techday NZ
Tenable boosts vulnerability priority rating with advanced AI
Tenable has announced advancements to its Vulnerability Priority Rating (VPR), incorporating AI-powered capabilities for heightened precision in identifying and addressing critical cybersecurity risks. The updated Tenable VPR aims to help organisations clarify which vulnerabilities require urgent attention, leveraging generative AI, advanced threat intelligence, and context-aware scoring. By doing so, the solution seeks to facilitate an understanding of vulnerability impact, exploitation potential, and the steps necessary for remediation. Cutting through the noise A significant challenge for businesses is the high volume of reported vulnerabilities, making it difficult to determine which issues pose a genuine threat. According to the company, while the Common Vulnerability Scoring System (CVSS) previously classified around 60% of vulnerabilities as high or critical, the original VPR introduced in 2019 narrowed this number to 3%. With its latest AI enhancements, Tenable claims the VPR now focuses on just 1.6% of vulnerabilities that represent a material business risk. These improvements are designed to enable quicker remediation times, more efficient use of security resources, and alignment of security operations with key organisational priorities. Customer experience "Our biggest problem was noise. We had thousands of vulnerabilities, and no clear way to know which ones posed a genuine threat," said Jorge Orchilles, Senior Director, Readiness and Proactive Security at Verizon. "Tenable VPR changed that by showing us what attackers are actually exploiting right now. It lets us focus our resources on the handful of issues that truly matter, which has made a real, measurable difference in how quickly we can get critical patches out." Deeper insight and explainability The enhancements to VPR are underpinned by new AI-powered insights and explainability features. The company states that these improvements deliver instant clarity by providing users with detailed reasoning regarding the seriousness of a particular exposure, information on how threat actors have weaponised vulnerabilities, and actionable recommendations for mitigation. AI-generated threat summaries further aid users in understanding real-world risks and identifying appropriate next steps. Eric Doerr, Chief Product Officer at Tenable, commented, "We're taking our game-changing Tenable VPR to the next level with these AI-powered enhancements. Tenable VPR brings an unmatched precision and depth of threat intelligence, context and explainability to cyber operations. With these critical insights at their fingertips, organizations can clearly visualize why an exposure matters, where they are vulnerable and how to close their priority risks." Industry and regional context Tenable VPR now also includes enhanced filtering, querying, and metadata capabilities. These allow organisations to tailor their vulnerability management approach based on the threats most relevant to their specific industry sector and geographic location. The intent is to ensure that the vulnerabilities which present the greatest threat to a particular business are addressed first, improving risk posture in a targeted way. These features aim to assist organisations in tackling cyber threats more effectively by enabling clarity and prioritisation in patching and remediation efforts. The update is designed to give security teams more confidence in their decision-making processes and help them use time and resources more efficiently when addressing potential exposures. With these advancements, Tenable continues its focus on exposure management for organisations seeking to protect their assets from ongoing cyber risks. The company reports serving around 44,000 customers worldwide.
TECHx
12-05-2025
- Business
- TECHx
Why Exposure Management Is The Cyber Fix We Desperately Need
Home » GISEC » GISEC 2025 » Why Exposure Management Is The Cyber Fix We Desperately Need Walid Natour, Senior Manager of Security Engineering at Tenable, underscores the importance of proactive cybersecurity through Tenable One Exposure Management Platform. Speaking to TECHx at GISEC , he highlights how exposure management is helping organizations gain complete visibility across their attack surface, prioritize threats, and secure both IT and OT environments before attackers can strike. TECHx: To start with, could you please introduce yourself and your role at Tenable? I lead the pre-sales team for the region at Tenable. I've been with Tenable for nearly eight years, and during this time, we've been helping customers across the region understand their cybersecurity challenges. We have a dedicated team covering multiple countries, working to strengthen cyber resilience. TECHx: What is Tenable's focus this year at GISEC? What new technologies or solutions are you showcasing? GISEC is a flagship event for us, and we're always excited to be here. It's a great platform to reconnect with our partners and customers. This year, our key focus is Tenable One Exposure Management Platform a proactive approach to cybersecurity that enables organizations to identify threats across their entire attack surface. It helps uncover misconfigurations, identity issues, and vulnerabilities, then guides customers on how to remediate and improve their security posture. We're also highlighting our capabilities in cloud security and how we consolidate everything into a unified platform. TECHx: In your view, what are the most critical threats organizations are currently facing? How is Tenable helping address them? One of the main challenges is visibility. With digital transformation and hybrid infrastructure, organizations are adopting diverse technologies, often without a comprehensive view of their entire asset inventory whether on-premises or in the cloud. The attack surface is expanding, giving cyber attackers more entry points. Tenable helps organizations achieve comprehensive visibility, enrich it with business context, and identify how to prioritize and remediate vulnerabilities effectively. TECHx: AI is a hot topic at GISEC, with nearly every vendor showcasing AI-driven solutions. How is Tenable leveraging AI in cybersecurity? Tenable has been integrating AI and machine learning into our solutions since 2019, starting with our Vulnerability Priority Rating (VPR), which helps organizations prioritize remediation based on risk. Since then, we've advanced our AI capabilities to include asset criticality prediction, vulnerability predictions, and data normalization. Through our data lake, we connect weaknesses across assets, whether they're related to identity, misconfigurations, or vulnerabilities, and highlight the weakest attack paths. This empowers organizations to take smarter, proactive action to protect their environments. TECHx: Looking ahead to 2025, what cyber threats should organizations be most prepared for? We're still seeing ransomware and phishing as common attack vectors. However, threats targeting critical infrastructure, Operational Technology (OT), and cloud environments are on the rise. Organizations need to shift from a purely reactive approach to a preventive strategy. At Tenable, we focus on proactive exposure management helping customers identify and address weaknesses before attackers exploit them. TECHx: Can you explain the growing importance of OT security? OT has been around for a long time, but it was traditionally isolated from IT and designed for specific operational tasks not security. Today, with the convergence of IT and OT, these environments are interconnected. A weakness in OT can lead to lateral movement into the broader network, affecting IT and critical business systems. This convergence is why CISOs are now responsible for both IT and OT security, and there's a clear need for unified tools and strategies to manage both effectively. TECHx: How important are events like GISEC for your business, and what value do they bring to the industry? GISEC is an essential platform for the cybersecurity community. It brings together stakeholders from various sectors and disciplines to exchange ideas, discuss challenges, and explore new technologies. For Tenable, it's an opportunity to showcase innovations, strengthen relationships with partners, and engage directly with customers to understand evolving needs. TECHx: Since you mentioned partners what is Tenable's strategy for working with partners in this region? Tenable is a 100% channel organization, meaning we transact exclusively through partners. We work closely with our channel ecosystem to ensure they're equipped with the right tools, training, and support to effectively serve customers. Our partners play a crucial role in delivering value, and we maintain a strong alignment across sales, technology, and service delivery.
