Tenable Vulnerability Management

Deploy Tenable Vulnerability Management

Deploy Tenable Vulnerability Management according to the steps outlined in the Tenable Vulnerability Management User Guide, or based on guidelines received directly from Tenable Professional Services.

Configure Tenable Vulnerability Management for Use in Tenable One

Once you have installed Tenable Vulnerability Management, consider the following best practices for configuring the product for use:

Tags

• Tags you create in Tenable Vulnerability Management are crucial in the Lumin Exposure View. These tags help you visualize your assets within the Lumin Exposure View. For example, you can separate your tags by tier, business unit, physical location, etc.

• Keep in mind: how you tag your assets in Tenable Vulnerability Management dictates how that asset data appears in Tenable One. In Lumin Exposure View, you can create custom exposure cards to assess the exposure of those assets.

• Any tags you create in Tenable Vulnerability Management automatically sync in Tenable One. You can view them in Tenable Inventory.

  Tip: You can also create tags directly in Tenable One.

• When you bring more data (for example, from Tenable Web App Scanning and Tenable Cloud Security) into Tenable One, you can tag assets from multiple data sources within a single tag.

Scanning

• When considering how data makes its way from Tenable Vulnerability Management into Attack Path Analysis, remember: the more (authenticated) data, the better! When you configure remote Tenable Vulnerability Management scans, be sure to enable the Override Normal Verbosity report setting. This ensures the Attack Path Analysis has the most data possible to work with when generating attack paths for your environment.

• The more you scan, the more often your data refreshes in Tenable One. The more frequently your data refreshes, the more relevant the data being presented. If you only scan once a month, be aware that by the end of the month, your data will likely be out of date.

• Review the Asset Criticality Rating of your most critical assets. Most organizations know about their critical assets (ACR = 10). From there, work backwards to identify the next most important assets and validate/adjust their ACR as necessary.

  Note: By default, Tenable will not assign an asset an ACR above an 8. You must manually edit an asset's ACR to set it to a 9 or 10.

Onboarding Milestones

Tenable suggests you complete the following milestones to ensure your success before proceeding with your Tenable One deployment process:

• Review and customize your assets' ACR.

• Create new tags either in Tenable Vulnerability Management or within Tenable Inventory to group your assets by how you want them to be reported on

• In Lumin Exposure View, gain critical business context by getting business-aligned cyber exposure score for critical business services, processes and functions, and track delivery against SLAs. Track overall VM risk to understand the risk contribution of assets to your overall Cyber Exposure Score, including by asset class, vendor, or by tags.

  • Review the Global exposure card to understand your holistic score. Click Per Exposure to understand what factors are driving your score, and by how much.

  • Review the Computing Resources exposure card.

  • Configure the exposure view settings to set your Remediation SLA and SLA Efficiency based on your company policy.

  • Create a custom exposure card based on business context (for example, Business units, Operating Systems, Asset Criticality, Physical Location, or Application).

• In Tenable Inventory, enhance asset intelligence by accessing deeper asset insights, including related attack paths, tags, exposure cards, users, relationships, and more. Improve risk scoring by gaining a more complete view of asset exposure, with an asset exposure score that assesses total asset risk and asset criticality.

  • Review your Tenable Vulnerability Management assets to understand the strategic nature of the interface. This should help set your expectations on what features to use within Tenable Inventory, and when.

  • Review the Tenable Queries that you can use, edit, and bookmark.

  • Familiarize yourself with the Global Search query builder and its objects and properties. Bookmark custom queries for later use.

    Tip: To get a quick view of what properties are available:

    • In the query builder, type has. A list of suggested asset properties appears.
    • Customize the list by adding a column. A list of available columns/properties appears.
  • Drill down into the asset details page to view asset properties and all associated context views.

  • (Optional) Create a tag that combines different asset classes.

• In Attack Path Analysis, optimize risk prioritization by exposing risky attack paths that traverse the attack surface, including web apps, IT, OT, IoT, identities, ASM, and prevent material impact. Streamline mitigation by identifying choke points to disrupt attack paths with mitigation guidance, and gain deep expertise with AI insights.

  • View the Attack Path Analysis Dashboard for a high-level view of your vulnerable assets such as the number of attack paths leading to these critical assets, the number of open findings and their severity, a matrix to view paths with different source node exposure score and ACR target value combinations, and a list of trending attack paths.

    • Review the Top Attack Path Matrix and click the Top Attack Paths tile to view more information about paths leading to your “Crown Jewels”, or assets with an ACR of 7 or above.

    You can adjust these if needed to ensure you’re viewing the most critical attack path data and findings.

  • On the Findings page, view all attack techniques that exist in one or more attack paths that lead to one or more critical assets by pairing your data with advanced graph analytics and the MITRE ATT&CK® Framework to create Findings, which allow you to understand and act on the unknowns that enable and amplify threat impact on your assets and information.

  • On the Discover page, generate attack path queries to view your assets as part of potential attack paths:

    • Generate an Attack Path using a Built-in Query

    • Generate an Asset Query using the Asset Query Builder

    • Generate an Attack Path Query using the Attack Path Query Builder

    Then, you can view and interact with the Attack Path Query and Asset Query data via the query result list and the interactive graph.

What to do next

Deploy Tenable Security Center.