Tenable Lumin: Translating Vulnerability Management Into the Language of Business

Team Tenable

With Tenable Lumin, we’re giving customers a bridge between the language of vulnerability management and the language of business. 

In our work here at Tenable, we often hear from our CISO customers about the dual challenges they face: how to help business executives and the board understand their organization’s cyber risk; and how to help their IT colleagues prioritize patching to address the vulnerabilities representing the greatest risk to the organization.

CISOs are, essentially, expected to be multilingual. They need to transition seamlessly from the business language of the C-suite to the technical, process-led language of their IT colleagues. The challenge? Most of the data they’re able to access from common vulnerability management tools is available only in their native tongue: the language of vulnerabilities. 

Indeed, a survey of more than 2,400 cybersecurity and IT leaders conducted by Ponemon Institute reveals that 58 percent of respondents say traditional KPIs or metrics for evaluating business risks cannot be used to understand cyber risks. Further, less than a third of respondents (30 percent) report they can adequately prioritize their efforts.

At Tenable, we’re committed to helping CISOs and cybersecurity professionals communicate effectively across their organizations. And, with Tenable Lumin, we’re giving you a bridge between the language of vulnerability management and the language of business. 

Tenable.io customers can use Lumin today to transform raw technical data into business insights by combining inputs such as threat intelligence, vulnerability data and asset criticality into a single platform to accurately measure and benchmark cyber risk. This risk-based approach to cybersecurity enables CISOs and their teams to prioritize remediation efforts, effectively communicate cyber risk to internal stakeholders and make data-driven decisions to reduce risk. 

Tenable Lumin enables organizations to effectively measure and benchmark their cyber exposure internally and externally against peer organizations. To accomplish this, vulnerability data is correlated with other risk indicators, such as threat intelligence and asset criticality, to automatically score, trend and benchmark an organization’s cyber risk. Lumin transforms technical data into business insights for better strategic decisions.

CISOs can use Tenable Lumin to quickly and accurately assess the organization’s cyber exposure risk and compare their health and remediation performance to that of other enterprises.

Lumin uses a variety of metrics to help users understand the following: 

  • where they are exposed;
  • where to prioritize remediation;
  • how the organization is reducing risk; and
  • how these efforts compare to others'.

With Tenable Lumin, users receive a Cyber Exposure Score for their own organization, an average score for peers within the same industry as well as the general population. This allows users to compare their organization to others and provides additional context around the score. The higher the score, the higher the risk. 

Users can use Tenable Lumin to access the data most relevant for a particular audience. For example:

  • The Cyber Exposure Score trend view provides trending data about the organization’s score over time. Users can also see whether their peers and the greater population are improving over time.
  • The Cyber Exposure Score by business context view allows users to map a group of assets to a Cyber Exposure Score.

Gathering current, accurate data is critical to assessing your risk. Learn more about what’s available in the Tenable Lumin dashboard here:

Gaining Fresh Insights Into Your Cyber Risk with Tenable Lumin

Lumin uses several metrics to help you assess your cyber risk:

  • Vulnerability Priority Rating (VPR)
  • Asset Criticality Rating (ACR)
  • Cyber Exposure Score 

Here’s what each score reveals:

  • Vulnerability Priority Rating. A dynamic companion to the static data provided by the vulnerability’s CVSS score and severity, the VPR is generated dynamically per vulnerability. Tenable’s algorithms update the VPR to reflect the current threat landscapes. Values range from .1 to 10. A higher value represents higher likelihood of exploit. 
  • Asset Criticality Rating. Tenable assigns an ACR to each asset on your network to represent the asset’s relative risk as an integer from 1 to 10. A higher ACR value indicates higher risk. Tenable assesses scan output and measures asset risk based on the following: exposure due to the location on your network and proximity to the internet, device type and device capabilities.
  • Cyber Exposure Score. The score is automatically generated through machine learning algorithms which combine the Tenable Vulnerability Priority Rating (VPR), for the likelihood of exploitability, with the Tenable Asset Criticality Rating (ACR), for the business criticality of the impacted asset. This score represents the organization’s overall cyber exposure risk as an integer between 0 and 1,000, based on asset exposure score values for assets scanned in the past 90 days. A higher CES value indicate higher risk.

Learn more about Tenable Lumin metrics here:

Additional resources

Read more >

Published on Oct 1, 2019

People also viewed

Business Cost Analyst - Cloud Infrastructure

San Jose California United States E Santa Clara St., San Jose, California, United States, 95113 Engineering Engineering
Your Role:Tenable is seeking a Business Cost Analyst of Cloud Infrastructure with strong MS Excel experience to assess, analyze and compile current costs and potentially determine initiatives to reduce and improve our cloud infrastructure cost for...

Professional Services Engagement Manager

Singapore Singapore Singapore North Bridge Road, Parkview Square, Singapore, 188788 Professional Services Professional Services
Your Role:The Professional Services Engagement Manager assists in the professional services business development and oversees the delivery of projects. The Professional Services Engagement Manager’s roles include tactical project management oversi...

UX Designer

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Engineering Engineering
Your Role:Tenable is looking for an extraordinary Senior UX Designer to join our team. Our group is chartered with creating the next generation of security products while at the same time pioneering unprecedented user experience in the digital sec...

Commercial Territory Manager - West

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Sales Sales
Your Role:The Commercial Territory Manager will meet and exceed quarterly sales quota by developing new opportunities within specific geographical territory.  Researching and identifying potential accounts; outbound cold calling to soliciting new ...

Senior Software Engineer (Java & Kotlin)

San Jose California United States E Santa Clara St., San Jose, California, United States, 95113 Engineering Engineering
Your Role:Tenable is looking for a Senior Software Engineer to join the Lumin product development team. As a Sr. Software Engineer you will drive projects end-to-end, collaborate on product requirements with Product Managers, architect and impleme...

Public Sector Channel Manager - Distribution

Reston Virginia United States Reston, Virginia, United States Channel Sales Sales
Your Role:The Public Sector Channel Manager-Distribution is responsible for establishing and managing relationships with the Distribution Partner(s).  The CM-Disty will act as a sales liaison between distributor and Tenable Channel Manager personn...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.