Get Started with Lumin

The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments. For more information, see the FedRAMP Product Offering.

You can use Tenable Lumin to quickly and accurately assess your Cyber Exposure risk and compare your health and remediation performance to other Tenable customers in your Salesforce industry and the larger population. Lumin correlates raw vulnerability data with asset business criticality and threat context data to support faster, more targeted analysis workflows than traditional vulnerability management tools.

Tenable recommends the following to get started with Lumin data and functionality.

License and Enable

Acquire a Lumin license and enable Lumin in Tenable.io.

  1. To add Lumin to your Tenable.io license, contact your Tenable representative.

  2. In your web browser, disable features that may prevent you from enabling Lumin:
    • Ad blocker extensions
    • Do Not Track (Mozilla Firefox, Google Chrome, Apple Safari, or Microsoft Internet Explorer)
    • Protected Mode (Microsoft Internet Explorer)

    Tip: You can re-enable these features after you fully enable Lumin.

  3. Log in to Tenable.io, as described in Log In to Tenable.io.

    The Lumin welcome window appears.

  4. Follow the wizard to fully enable Lumin.

    The Lumin dashboard appears.

Prepare

Generate data and learn about Lumin terminology.

Tenable.io Only Tenable.sc + Tenable.io Lumin
  1. Run an authenticated assessment scan in Tenable.io to generate vulnerability data.

    Note: You must run scans to start seeing data in Lumin views; Lumin displays scan result data generated after you licensed Lumin. For more information, see Lumin Data Timing.

    Note: Lumin does not support third-party integration data.

  2. Create tags in Tenable.io to add business context to your assets.
  3. Review the metrics terminology to understand Vulnerability Priority Rating (VPR) and Asset Criticality Rating (ACR) values and how they impact your Asset Exposure Score (AES), Assessment Maturity grade, and Cyber Exposure Score (CES).

  4. Allow sufficient time for your metrics to calculate. For more information, see Lumin Data Timing.
  1. Sync repositories to Lumin from Tenable.sc. All vulnerability data is synced immediately.

    Note: Lumin does not support third-party integration data.

  2. Create assets in Tenable.sc to add business context to your assets.
  3. Configure Tenable.sc to Lumin synchronization.

    Allow sufficient time for the synchronization to complete. For more information, see Lumin Data Timing.

  4. View your assets as business context tags in Tenable.io. For more information, see Manage Asset Tags.
  5. Review the metrics terminology to understand Vulnerability Priority Rating (VPR) and Asset Criticality Rating (ACR) values and how they impact your Asset Exposure Score (AES), Assessment Maturity grade, and Cyber Exposure Score (CES).
  6. Allow sufficient time for your metrics to calculate. For more information, see Lumin Data Timing.

Assess Your Exposure

Note: All Lumin data reflects all assets within the organization's Tenable.io instance.

Review your CES and perform vulnerability management analysis.

  1. Use the Lumin dashboard to understand your CES and access details pages.

    • Cyber Exposure Score widget — How does your overall risk compare to other Tenable customers in your Salesforce industry and the larger population?

    • Cyber Exposure Score Trend widget — How has the overall risk for your entire organization changed over time?
    • Assessment Maturity widget — How frequently and thoroughly are you scanning your assets?
    • Remediation Maturity widget — How quickly and thoroughly are you remediating vulnerabilities on your assets?
    • Reduce Cyber Exposure Score widget — What would the impact be if you addressed all of your top 20 recommended actions?
    • Asset Criticality Rating Breakdown widget — How critical are your assets?
    • Asset Scan Distribution widget — What types of scans have run on your assets?
    • Mitigations widget — What endpoint protection agents are running on your assets?
    • Cyber Exposure Score by Business Context/Tag widget — How do assets with different tags (unique business context) compare?

  2. To browse the most critical vulnerabilities on your network, sort your vulnerabilities by VPR.
  3. To browse the most critical assets on your network, sort your assets by ACR.

Customize Your ACR Values

Review the Tenable-provided ACR values and customize them to reflect the unique infrastructure or concerns of your organization.

  1. Use the Assets page to review the Tenable-provided ACR values for your assets.

    • Do any of your assets have ACR values that seem too high for the relative criticality of that asset?
    • Do any of your assets have ACR values that seem too low for the relative criticality of that asset?
  2. If necessary, manually customize your asset ACR values.

Lower Your CES and AES

You must address vulnerabilities on your network to lower your CES and AES.

  1. View lists of Tenable-recommended action items:

  2. Follow the recommendations and take steps to address the vulnerabilities on your network.

Mature

Mature your vulnerability management strategy.

  • Continue monitoring and addressing vulnerabilities to lower your CES and AES.
  • Continue exporting and sharing recommended actions (solutions) data with others in your organization to refine your vulnerability management strategy.