Vulnerability Intelligence by Category (Explore)

As the influx of vulnerabilities continues to overwhelm risk managers, there is a pressing need for focused analysis and distribution of risk mitigation actions. Tenable Vulnerability Intelligence analyzes more than 50 trillion data points and provides a quick understanding of vulnerabilities and the impacted assets. The intelligence information comes from several sources such as the research related to Vulnerability Priority Rating (VPR), Common Vulnerability Scoring System (CVSSv3), and Exploit Prediction Scoring System (EPSS) scores. This report provides the ability to quickly distill the intelligence data, enables organizations to make informed decisions and respond to threats swiftly.

Vulnerability Intelligence curated categories that blend known risk indicators with insights from the Tenable Research Team to surface the most crucial vulnerabilities. The categories are:

• Emerging Threats - Vulnerabilities being actively monitored by Tenable in three areas: Vulnerabilities Being Monitored, Vulnerabilities of Interest, and Vulnerabilities of Concern.
• CISA Known Exploited - Vulnerabilities that appear in the CISA Known Exploited Vulnerabilities Catalog. 
• In the News - Vulnerabilities being widely reported in the press with notable coverage over the past 30 days.
• Recently Actively Exploited - Vulnerabilities with notable coverage in the press over the past 30 days, and for which Tenable has evidence of active exploitation.
• Ransomware - Vulnerabilities used in current or historical ransomware attacks, as determined from evidence gathered by the Tenable Research team.
• Persistently Exploited - Vulnerabilities being leveraged by threat actors over an extended period of time in targeted attacks, ransomware, or malware campaigns. 
• Top 50 VPR - The top 50 vulnerabilities by Vulnerability Priority Rating (VPR).
   

This report also leverages Exploit Prediction Scoring System (EPSS) scores. FIRST.org defines EPSS as a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. EPSS score is a number representing the percentage of likelihood that a vulnerability will be exploited. The number ranges from 1 to 100 with up to three decimal places, for example, 50.5. Many widgets on the dashboard combine the EPSS, VPR and Vulnerability Intelligence categories into a single query allowing for risk managers to gain context into the surfaced vulnerabilities. 

The report provides a holistic approach leveraging vulnerability intelligence, EPSS, VPR, and other more traditional attributes such as publication date, and last observation. The combined view empowers the organization to discover threats, by streamlining analysis without a manual process. As the new threats emerge the risk managers are better able to create plans based on reliable analysis and communicate clearly to leadership allowing for risk mitigation planning to become more effective. 

Tenable provides several solutions for organizations to better understand vulnerability management. Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Vulnerability Management (formerly Tenable.io) discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. The requirements for this dashboard are: Tenable Vulnerability Management.

Chapters

• CISA Known Exploitable - The CISA Known Exploitable chapter displays vulnerabilities that appear in the CISA Known Exploited Vulnerabilities Catalog. 
• Emerging Threats - The Emerging Threats chapter displays vulnerabilities that are being actively monitored by Tenable in three areas: Vulnerabilities Being Monitored, Vulnerabilities of Interest, and Vulnerabilities of Concern.
• In The News - The In The News chapter displays vulnerabilities that are vulnerabilities being widely reported in the press with notable coverage over the past 30 days.
• Persistently Exploited - The Persistently Exploited chapter displays vulnerabilities that have notable coverage in the press over the past 30 days, and for which Tenable has evidence of active exploitation. 
• Ransomware - The Ransomware chapter displays vulnerabilities that are used in current or historical ransomware attacks, as determined from evidence gathered by the Tenable Research team. 
• Recent Active Exploitation - The Recent Active Exploitation chapter displays vulnerabilities that are being leveraged by threat actors over an extended period of time in targeted attacks, ransomware, or malware campaigns. These vulnerabilities are manually curated by the Tenable Research team.
• Top 50 VPR - The Top 50 VPR chapter displays vulnerabilities that are the top 50 vulnerabilities by Vulnerability Priority Rating (VPR). 
• Risk Exposures by Vulnerability Publish Date - This chapter provides a summary count of finding with an assigned vulnerability intelligence category and a VPR score of 7 or higher and the vulnerability publication date.