Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CSF: Vulnerabilities

by David Schwalenberg
February 26, 2016

CSF: Vulnerabilities Dashboard Screenshot

Vulnerable devices and applications on an organization's network pose a great risk to the organization. Vulnerabilities such as outdated software, susceptibility to buffer overflows, risky enabled services, etc. are weaknesses in the network that could be exploited. These vulnerabilities could allow attackers to compromise the network and steal or destroy data. A robust vulnerability scanning and risk assessment process combined with a sound vulnerability management and remediation program can go far to protect an organization. This dashboard aligns with the NIST Cybersecurity Framework (CSF) subcategories that deal with identifying and managing vulnerabilities: ID.RA-1, ID.RA-2, ID.RA-6, ID.RM-2, PR.IP-12, DE.CM-8, and RS.MI-3.

The CSF provides guidance based on existing standards, guidelines, and practices, which can be tailored to specific organizational needs. Multiple subcategories within the CSF functions address the complete management of vulnerabilities, from identification to remediation. This dashboard provides a high-level overview of an organization's vulnerability management program and can assist the organization in identifying vulnerabilities, prioritizing remediations, and tracking remediation progress.

Analysts can also use this dashboard to easily drill down into the data presented by the dashboard components. This enables the analyst to gain more detailed information about the vulnerabilities found on the network, such as which vulnerabilities are the most dangerous. The analyst can also determine information that will benefit vulnerability mitigation. This information might include on which hosts a vulnerability is found and what remediations would most benefit a particular group of machines. Knowing these details can enable better and more efficient vulnerability management, patching, and mitigation within the organization.

This dashboard can assist an organization in monitoring and improving its vulnerability management program. Analysts can use this dashboard to further investigate vulnerabilities so they can be better prepared to handle remediation efforts. This will in turn help the organization better protect itself from exploitation of network vulnerabilities, and potential intrusions, attacks, and data loss.

This dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The dashboard requirements are:

  • Tenable.sc 5.2.0
  • Nessus 8.5.1
  • NNM 5.9.0
  • LCE 6.0.0

Many other vulnerability-focused dashboards are also available in the Threat Detection & Vulnerability Assessments feed category. These dashboards can assist an analyst in further investigating vulnerabilities and tracking remediations. Some suggested dashboards are Vulnerability Top Ten, Web Vulnerabilities, Browser Vulnerabilities, Understanding Risk, and Mitigation Summary. Dashboards dealing with exploitations of specific vulnerabilities (such as Shellshock and Logjam) can be found in the Security Industry Trends Feed category.

Tenable's Tenable.sc Continuous View (CV) is the market-defining continuous network monitoring solution. Tenable.sc CV includes active vulnerability detection with Nessus and passive vulnerability detection with Tenable’s Nessus Network Monitor (NNM), as well as log correlation with Tenable’s Log Correlation Engine (LCE). Using Tenable.sc CV, an organization will obtain the most comprehensive and integrated view of its network vulnerabilities.

The following components are included in this dashboard:

  • Vulnerability Summary - 3-Month Trend of Vulnerabilities: This component is a 3-month summary chart tracking unmitigated vulnerabilities of low, medium, high, and critical severity. Each series shows a trend of vulnerabilities that have not been mitigated. Analysts can use this component to monitor the effectiveness and impact of remediation efforts on vulnerabilities.
  • Vulnerability Top Ten - Top 10 Most Vulnerable Hosts: This component shows the top ten hosts with exploitable vulnerabilities of high or critical severity. Editing the filters in the component and changing the tool from IP Summary to Class C Summary or Port Summary can give information on exploitable vulnerabilities per subnet or per port, respectively.
  • Understanding Risk - Remediation Opportunities: This table displays the top remediations for the network. For each remediation, the risk reduction for the network if the remediation is implemented is shown, along with the number of hosts affected. The table is sorted so that the highest risk reduction is at the top. Implementing the remediations will decrease the overall vulnerability of the network. Adding filters to the component, such as filtering on only critical severity vulnerabilities or filtering on a specific asset group, can narrow the focus of the component, giving remediation opportunities in specific areas. Adding filters to the component, such as filtering on only critical severity vulnerabilities or filtering on a specific asset group, can narrow the focus of the component, giving remediation opportunities in specific areas.
  • Track Mitigation Progress - Vulnerability Summary by Severity: This component assists in tracking vulnerability mitigations. The matrix presents vulnerability summary information by severity. In the matrix, the row with red is critical severity vulnerability information, the row with orange is high severity, the row with yellow is medium severity, and the row with green is low severity. The Mitigated column displays the total number of mitigated vulnerabilities. The Unmitigated column displays the total number of vulnerabilities that have not yet been mitigated. The Exploitable column displays the percentage of those unmitigated vulnerabilities that are known to be exploitable. The Patch Available column displays the percentage of the unmitigated, exploitable vulnerabilities that have had a patch available for more than 30 days. Ideally, both of these percentages should be 0%, because all exploitable vulnerabilities and all vulnerabilities with patches available should have been mitigated already. The Exploitable Hosts column displays the number of hosts on the network that have unmitigated, exploitable vulnerabilities. In addition, clicking on any highlighted indicator in the matrix will bring up the analysis screen to display details for the stated vulnerabilities and allow further investigation. For example, clicking on the Critical severity, Patch Available >30d percentage indicator will display a list of all critical severity vulnerabilities that have had a patch available for more than a month - ideally, all of these vulnerabilities will have been patched already and the list will be empty. In the vulnerability analysis screen, setting the tool to IP Summary will display the systems on which the vulnerabilities are present. Setting the tool to Vulnerability Details will display the full details for each vulnerability, including a description, the solution to fix the vulnerability, and in some cases, links to more information.
  • Vulnerability Summary - Exploitable Vulnerabilities: This matrix displays warning indicators for exploitable vulnerabilities actively and passively detected on the network, including Windows vulnerabilities, web vulnerabilities, open source application vulnerabilities, and vulnerabilities by keywords such as "Java" and "unsupported". Vulnerabilities that can be exploited by Metasploit are very dangerous and must be remediated as soon as possible. Exploitable vulnerabilities that have been marked as accepted risks or recast to Informational within Tenable.sc are also noted. Clicking on a highlighted indicator will bring up the vulnerability analysis screen to display details for the vulnerabilities and allow further investigation. In the analysis screen, setting the tool to IP Summary will display the systems on which the vulnerabilities are present. Setting the tool to Vulnerability Details will display the full details for each vulnerability, including a description, the solution to fix the vulnerability, and in some cases, links to more information.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training