Get Started with Lumin

You can use Tenable Lumin to quickly and accurately assess your Cyber Exposure risk and compare your health and remediation performance to other Tenable customers in your Salesforce industry and the larger population. Lumin correlates raw vulnerability data with asset business criticality and threat context data to support faster, more targeted analysis workflows than traditional vulnerability management tools.

Tenable recommends the following to get started with Lumin data and functionality.

License and Enable

Acquire a Lumin license and enable Lumin in Tenable.io.

  1. To add Lumin to your Tenable.io license, contact your Tenable representative.

  2. In your web browser, disable features that may prevent you from enabling Lumin:
    • Ad blocker extensions
    • Do Not Track (Mozilla Firefox, Google Chrome, Apple Safari, or Microsoft Internet Explorer)
    • Protected Mode (Microsoft Internet Explorer)

    Tip: You can re-enable these features after you fully enable Lumin.

  3. Log in to Tenable.io, as described in Log In to Tenable.io.

    The Lumin welcome window appears.

  4. Follow the wizard to fully enable Lumin.

    The Lumin dashboard appears.

Prepare

Generate data and learn about Lumin terminology.

Tenable.io Only Tenable.sc + Tenable.io Lumin
  1. Run scans in Tenable.io to generate vulnerability data.

    Note: You must run scans to start seeing data in Lumin views; Lumin displays scan result data generated after you licensed Lumin. For more information, see Lumin Data Timing.

  2. Create tags in Tenable.io to add business context to your assets.
  3. Review the metrics terminology to understand Vulnerability Priority Rating (VPR) and Asset Criticality Rating (ACR) values and how they impact your Asset Exposure Score (AES), Assessment Maturity grade, and Cyber Exposure Score (CES).
  1. Run scans in Tenable.sc to generate vulnerability data.

  2. Create assets in Tenable.sc to add business context to your assets.
  3. Configure Tenable.sc to Lumin synchronization.

    Allow sufficient time for the synchronization to complete. For more information, see Lumin Data Timing.

  4. View your assets as business context tags in Tenable.io. For more information, see Manage Asset Tags.
  5. Review the metrics terminology to understand Vulnerability Priority Rating (VPR) and Asset Criticality Rating (ACR) values and how they impact your Asset Exposure Score (AES), Assessment Maturity grade, and Cyber Exposure Score (CES).

Assess Your Exposure

Note: All Lumin data (except your CES and Assessment Maturity grade) reflects only the assets shared with your user account. For more information, see Access Groups.

Review your CES and perform vulnerability management analysis.

  1. Use the Lumin dashboard to understand your CES and access details pages.

    • Cyber Exposure Score widget — How does your overall risk compare to other Tenable customers in your Salesforce industry and the larger population?

    • Cyber Exposure Score Trend widget — How has your overall risk changed over time?
    • Assessment Maturity widget — How frequently and thoroughly are you scanning your assets?
    • Asset Criticality Rating Breakdown widget — How critical are your assets?
    • Reduce Cyber Exposure Score widget — What would the impact be if you addressed all of your top 20 recommended actions?
    • Cyber Exposure Score by Business Context widget — Which of your assets, grouped by business context tag, have the highest and lowest risk?

  2. To browse the most critical vulnerabilities on your network, sort your vulnerabilities by VPR.
  3. To browse the most critical assets on your network, sort your assets by ACR.

Customize Your ACR Values

Review the Tenable-provided ACR values and customize them to reflect the unique infrastructure or concerns of your organization.

  1. Use the Assets page to review the Tenable-provided ACR values for your assets.

    • Do any of your assets have ACR values that seem too high for the relative criticality of that asset?
    • Do any of your assets have ACR values that seem too low for the relative criticality of that asset?
  2. If necessary, manually customize your asset ACR values.

Lower Your CES and AES

You must address vulnerabilities on your network to lower your CES and AES.

  1. View lists of Tenable-recommended action items:

  2. Follow the recommendations and take steps to address the vulnerabilities on your network.

Mature

Mature your vulnerability management strategy.

  • Continue monitoring and addressing vulnerabilities to lower your CES and AES.
  • Continue exporting and sharing recommended actions (solutions) data with others in your organization to refine your vulnerability management strategy.