Tenable announced significant enhancements to its Nessus vulnerability assessment solution, including new risk prioritisation and compliance features. This update integrates the Exploit Prediction Scoring System (EPSS) and the Common Vulnerability Scoring System (CVSS) v4, enabling organizations to more effectively prioritize vulnerabilities and maintain compliance amid evolving cyber threats.
As organisations grapple with increasing attack surfaces, relying solely on traditional risk-scoring systems often proves inadequate. The latest version of Nessus empowers users to leverage multiple scoring systems—EPSS, CVSS v4, and Tenable Vulnerability Priority Rating (VPR)—to pinpoint and address vulnerabilities that present the highest risk to their specific environments.
Tenable VPR utilises an advanced data science algorithm that combines proprietary vulnerability data with third-party and threat data to deliver a comprehensive risk assessment.
Shai Morag, Tenable's chief product officer, emphasised the importance of contextualising exposure data, noting that only 3% of vulnerabilities typically lead to significant incidents. The enhancements to Nessus aim to support informed decision-making regarding vulnerability management.
Key features of this release include:
EPSS and CVSS v4 support: Users can filter plugins by these scores for a more tailored prioritization strategy, ensuring alignment with organizational compliance requirements.
Nessus offline mode: Enhances offline vulnerability scanning capabilities in air-gapped environments, securing sensitive data without unwanted internet traffic.
Declarative agent versioning on-prem: Allows users to manage agent profiles in Nessus Manager, reducing operational disruptions and adhering to change control policies.