Network security company Tenable Inc. is adding new machine learning-enabled capabilities to its platform to help customers to highlight the most potentially damaging vulnerabilities in the software and systems they use.

Tenable sells what it calls a “cyber exposure platform” that’s used to scan an organization’s entire digital asset base to assess the security risk that each element poses. It offers both cloud and on-premises versions of its software.

The new capabilities are enabled by its new Predictive Prioritization tool, which uses machine learning to identify the 3 percent of vulnerabilities that are most likely to be exploited within the next 28 days, the company said.

That’s important because although vulnerabilities in software are common, only a small fraction of them are “actively weaponized” for attacks, Tenable said. Organizations need to know about these if they’re to measure and manage the risk these vulnerabilities pose.

In a blog post, Kevin Flynn, Tenable’s senior manager of product marketing, said the company had identified 16,500 new vulnerabilities in software in 2018.

“The ‘good’ news is that only 7 percent of these vulnerabilities had a public exploit available and an even smaller subset is ever weaponized by threat actors,” Flynn said. “The Tenable data science team estimates only 3 percent of vulnerabilities will be exploited. The ‘bad’ news is that it hasn’t been easy to figure out which of the 3 percent you need to worry about.”

That’s where Predictive Prioritization comes in. Tenable said it helps organizations figure out which threats they need to worry about by analyzing vulnerability data and comparing it with “threat intelligence” from 150 data sources, using machine learning. It then predicts the likelihood a vulnerability might be exploited within the next 28 days.

“Predictive Prioritization is used to calculate a Vulnerability Priority Rating (VPR), which automatically indicates the remediation priority for each vulnerability,” Flynn said. “For example, a vulnerability currently being exploited on a widely deployed service would have a significantly higher VPR than a vulnerability for which no working exploit has been observed. VPR is a dynamic value and changes with the threat landscape. Updated daily, it allows you to take advantage of the latest threat intelligence as you prioritize your remediation efforts.”

Nathan Dyer, Tenable’s senior product marketing manager, appeared as a guest on SiliconANGLE’s mobile livestreaming studio theCUBE during the AWS Marketplace and Service Catalog Experience Hub event in Las Vegas last year. He discussed in greater detail how Tenable’s security platform helps to identify and prioritize risk:

The popularity of Tenable’s cyber exposure platform is such that the company was confident enough to launch its initial public offering last July, raising $250 million in the process.

Tenable said the Predictive Prioritization feature is being made generally available now in its Tenable.sc on-premises platform. The feature will come to Tenable.io, the cloud version of its software, later this year.

Image: TheDigitalArtist/Pixabay