Tenable Lumin: Translating Vulnerability Management Into the Language of Business

Team Tenable

With Tenable Lumin, we’re giving customers a bridge between the language of vulnerability management and the language of business. 

In our work here at Tenable, we often hear from our CISO customers about the dual challenges they face: how to help business executives and the board understand their organization’s cyber risk; and how to help their IT colleagues prioritize patching to address the vulnerabilities representing the greatest risk to the organization.

CISOs are, essentially, expected to be multilingual. They need to transition seamlessly from the business language of the C-suite to the technical, process-led language of their IT colleagues. The challenge? Most of the data they’re able to access from common vulnerability management tools is available only in their native tongue: the language of vulnerabilities. 

Indeed, a survey of more than 2,400 cybersecurity and IT leaders conducted by Ponemon Institute reveals that 58 percent of respondents say traditional KPIs or metrics for evaluating business risks cannot be used to understand cyber risks. Further, less than a third of respondents (30 percent) report they can adequately prioritize their efforts.

At Tenable, we’re committed to helping CISOs and cybersecurity professionals communicate effectively across their organizations. And, with Tenable Lumin, we’re giving you a bridge between the language of vulnerability management and the language of business. 

Tenable.io customers can use Lumin today to transform raw technical data into business insights by combining inputs such as threat intelligence, vulnerability data and asset criticality into a single platform to accurately measure and benchmark cyber risk. This risk-based approach to cybersecurity enables CISOs and their teams to prioritize remediation efforts, effectively communicate cyber risk to internal stakeholders and make data-driven decisions to reduce risk. 

Tenable Lumin enables organizations to effectively measure and benchmark their cyber exposure internally and externally against peer organizations. To accomplish this, vulnerability data is correlated with other risk indicators, such as threat intelligence and asset criticality, to automatically score, trend and benchmark an organization’s cyber risk. Lumin transforms technical data into business insights for better strategic decisions.

CISOs can use Tenable Lumin to quickly and accurately assess the organization’s cyber exposure risk and compare their health and remediation performance to that of other enterprises.

Lumin uses a variety of metrics to help users understand the following: 

  • where they are exposed;
  • where to prioritize remediation;
  • how the organization is reducing risk; and
  • how these efforts compare to others'.

With Tenable Lumin, users receive a Cyber Exposure Score for their own organization, an average score for peers within the same industry as well as the general population. This allows users to compare their organization to others and provides additional context around the score. The higher the score, the higher the risk. 

Users can use Tenable Lumin to access the data most relevant for a particular audience. For example:

  • The Cyber Exposure Score trend view provides trending data about the organization’s score over time. Users can also see whether their peers and the greater population are improving over time.
  • The Cyber Exposure Score by business context view allows users to map a group of assets to a Cyber Exposure Score.

Gathering current, accurate data is critical to assessing your risk. Learn more about what’s available in the Tenable Lumin dashboard here:

Gaining Fresh Insights Into Your Cyber Risk with Tenable Lumin

Lumin uses several metrics to help you assess your cyber risk:

  • Vulnerability Priority Rating (VPR)
  • Asset Criticality Rating (ACR)
  • Cyber Exposure Score 

Here’s what each score reveals:

  • Vulnerability Priority Rating. A dynamic companion to the static data provided by the vulnerability’s CVSS score and severity, the VPR is generated dynamically per vulnerability. Tenable’s algorithms update the VPR to reflect the current threat landscapes. Values range from .1 to 10. A higher value represents higher likelihood of exploit. 
  • Asset Criticality Rating. Tenable assigns an ACR to each asset on your network to represent the asset’s relative risk as an integer from 1 to 10. A higher ACR value indicates higher risk. Tenable assesses scan output and measures asset risk based on the following: exposure due to the location on your network and proximity to the internet, device type and device capabilities.
  • Cyber Exposure Score. The score is automatically generated through machine learning algorithms which combine the Tenable Vulnerability Priority Rating (VPR), for the likelihood of exploitability, with the Tenable Asset Criticality Rating (ACR), for the business criticality of the impacted asset. This score represents the organization’s overall cyber exposure risk as an integer between 0 and 1,000, based on asset exposure score values for assets scanned in the past 90 days. A higher CES value indicate higher risk.

Learn more about Tenable Lumin metrics here:

Additional resources

Read more >

Published on Oct 1, 2019

People also viewed

Senior Financial Analyst - Corporate Development

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Finance Finance
Your Role:Become a core member of Tenable’s internal corporate development team and assist with business, financial and valuation modeling for mergers, acquisitions and other strategic investments and initiatives.  Assist with evaluating elements ...

Cloud Security Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Technology Internships
Your Role: The Cloud Security Intern will help Tenable secure their use of cloud systems across the company.  The intern will develop, implement and monitor security solutions for the cloud that assess risk, keeps Tenable data safe and bake in sec...

Salesforce Administrator

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Business Platforms Business Platforms
Your Role:Tenable Network Security is looking for a Salesforce.com Administrator to join our internal business platforms team. The qualified candidate will engage in the administration of Tenable’s  Salesforce.com instance, play a key role in the ...

Technical Support Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Technical Support Internships
Your Role: The Technical Support Intern provides consistent, world-class security, network, and product support for specific Tenable products. In serving as the primary liaison between the company and customer, the Technical Support Intern resolve...

Research Intern - Plugin Automation

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Research Internships
Your Role: Tenable Research is looking for a Software Engineer Intern for the Plugin Automation team.  The position will involve developing frameworks for automated content creation, and processes for validating and publishing the content that is ...

Sales Development Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Lead Generation Sales
Your Role:Tenable is looking for an experienced SDR Manager that will report to the Senior Director of Worldwide Sales Development and is responsible for ensuring the success of the Americas Tenable Sales Development team’s goals, as well as contr...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.