Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Research Reveals Nearly Half of Organizations Use Strategic Vulnerability Assessment as Foundation of Cyber Defense

August 8, 2018


Study of 2,100 organizations reveals global divide in how organizations assess cyber risk

Tenable®, Inc., the Cyber Exposure company, released The Cyber Defender Strategies Report today that uses data science against real-world telemetry data to analyze how 2,100 organizations are assessing their exposure to vulnerabilities, a critical component to improving overall cybersecurity posture. The report shows that nearly 48 percent of organizations globally have embraced strategic vulnerability assessment -- defined as mature or moderately mature programs that include targeted and tailored scanning and prioritizing computing resources based on business criticality -- as a foundational element of their cyber defense and a critical step toward reducing risk. Of those organizations, however, only five percent display the highest degree of maturity, with comprehensive asset coverage as a cornerstone of their programs. On the other end of the spectrum, 33 percent of organizations take a minimalistic approach to vulnerability assessments, doing the bare minimum as required by compliance mandates and increasing the risk of a business-impacting cyber event.

Tenable’s last report, “Quantifying the Attacker’s First-Mover Advantage,” revealed that attackers generally have a median seven-day window of opportunity to exploit a known vulnerability, before defenders have even determined they are vulnerable. The resulting seven-day gap is directly related to how enterprises are conducting vulnerability assessments -- the more strategic and mature the approach, the smaller the gap is likely to be and the lesser the risk to the business.

“In the not too distant future, there will be two types of organizations -- those who rise to the challenge of reducing cyber risk and those who fail to adapt to a constantly evolving and accelerating threat landscape in modern computing environments,” said Tom Parsons, senior director of product management, Tenable. “This research is a call to action for our industry to get serious about giving the advantage back to cyber defenders, starting with the rigorous and disciplined assessment of vulnerabilities as the basis for mature vulnerability management and ultimately, Cyber Exposure.”

Tenable Research analyzed telemetry data for over three months from organizations in more than 60 different countries using data science to identify distinct security maturity styles and strategic insights which can help organizations manage, measure and ultimately reduce cyber risk. The objective was to analyze and ultimately help to improve how defenders are responding.

Key findings include:

There are four distinct strategies of vulnerability assessment:

  • The Minimalist executes bare minimum vulnerability assessments as required by compliance mandates. Thirty-three percent of organizations fall into this category, running limited assessments on only selected assets. That represents a lot of enterprises which are exposed to risk and still have some work to do, with critical decisions to make on which KPIs to improve first.
  • The Surveyor conducts frequent broad-scope vulnerability assessments, but with little authentication and customization of scan templates. Nineteen percent of organizations follow the Surveying style, placing them at a low to medium maturity.
  • The Investigator executes vulnerability assessments with a high maturity, but only assesses selective assets. Forty-three percent follow the Investigative style, indicating a solid strategy based on a good scan cadence, targeted scan templates, broad asset authentication and prioritization. Considering the challenges involved in managing vulnerabilities, securing buy-in from management, cooperating with disparate business units such as IT operations, maintaining staff and skills, and the complexities of scale, this is a great achievement and provides a solid foundation upon which to mature further.
  • The Diligent represents the highest level of maturity, achieving near-continuous visibility into where an asset is secure or exposed and to what extent through high assessment frequency. Only five percent of organizations fall into this category, displaying comprehensive asset coverage, targeted, customized assessments and tailoring scans as required by use case.
  • Across all levels of maturity, organizations benefit from avoiding a scattershot approach to vulnerability assessment and instead making strategic decisions and employing more mature tactics such as frequent, authenticated scans to improve the efficacy of vulnerability assessment programs.

For more information on the research, read the Tenable Research blog post here, https://www.tenable.com/blog/how-mature-are-your-cyber-defender-strategies.

Visit Tenable at Black Hat USA 2018 in Las Vegas (booth 404).

About Tenable
Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include 53 percent of the Fortune 500, 29 percent of the Global 2000 and large government agencies. Learn more at tenable.com.

Contact Information:
Cayla Baker
[email protected]
443-545-2102, ext. 1544

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

選擇 Tenable.io

免費試用 30 天

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。 立即註冊。

立即購買 Tenable.io

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

65 項資產



免費試用 Nessus Professional

免費試用 7 天

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買 Nessus Professional

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買多年期授權,節省更多。新增 365 天全年無休 24 小時全天候可使用電話、社群及對談的進階支援。完整詳情請見此處。

試用 Tenable.io Web Application Scanning

免費試用 30 天

享受我們專為現代應用程式而設計,屬於 Tenable.io 平台一部分的最新 Web 應用程式掃描產品的所有功能。不需耗費大量人力或中斷重要 Web 應用程式,即可高度準確且安全地掃描您整個線上產品系列中是否含有任何弱點。 立即註冊。

購買 Tenable.io Web Application Scanning

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

5 個 FQDN



試用 Tenable.io Container Security

免費試用 30 天

享受整合至弱點管理平台中的唯一容器安全產品的完整功能。監控容器映像中是否有弱點、惡意軟體及政策違規的情形。與持續整合和持續部署 (CI/CD) 系統整合,以支援 DevOps 作法、加強安全性並支援企業政策合規性。

購買 Tenable.io Container Security

Tenable.io Container Security 整合了建置程序,能提供包含弱點、惡意軟體和政策違規等容器影像安全性的能見度,讓您無縫並安全地啟用 DevOps 流程。

取得 Tenable.sc 產品示範

請填寫以下表格並附上您的聯絡資訊,我們的業務代表將盡快與您聯絡,以安排產品示範。您也可以附上簡短註解 (字元上限為 255 個)。請注意,標示星號 (*) 的欄位是必填欄位。

試用 Tenable Lumin

免費試用 30 天

透過 Tenable Lumin,能夠以視覺方式呈現 Cyber Exposure 並加以探索,長期追蹤風險降低狀況,以及對照同業進行指標分析。

購買 Tenable Lumin

聯絡業務代表,瞭解 Lumin 如何協助您獲得整個企業的深入洞見,並管理網路風險。

申請 Tenable.ot 產品示範



持續偵測與回應 Active Directory 攻擊。 無需代理程式、無需特殊權限。提供内部部署和雲端兩種選擇。