by Josef Weiss
May 29, 2014
Organizations that embrace Cyber Exposure are learning a new discipline on how to manage and measure their cyber risk across traditional assets and non-traditional assets such as container security, cloud services and web applications. As an organization learns about Cyber Exposure they are better empowered to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. the CISO often asks the operations team and security administrators these common questions:
What systems need attention now?
What systems can be safely ignored for the time being?
CISO’s have the responsibility to translate a mountain of security data to understand the risk exposure of the organization. This dashboard displays the summary status of a FireEye device and includes indicators based on the FireEye audit findings. Organizations that utilize FireEye platforms to protect themselves against advanced cyber threats will benefit from this dashboard.
This Dashboard and all associated components require the following the audit file, and successful post scan audit file results. [TNS_BestPractice_FireEye.audit]
Using FireEye audit checks, this dashboard highlights the pass/fail results of the checks, allowing a security analyst to review the configuration and status of the device without requiring device management privileges.
the dashboard contains 12 components. the components are arranged to provide a visual trend of pass/fail results via a trend graph, and visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the following audit file subsections:
· AAA Checks
· IPMI Checks
· System Protection Checks
· Greylist Checks
· Security Audit Checks
· Identification and Authentication Checks
· SNMP Checks
· Encryption Checks
· Malware Detection Checks
· Web MPS Checks
· Security Management Checks
Component indicators illuminate 'red' when issues are identified that require further action to be taken. This overall view provides risk managers and system administrators with a list of items which require an immediate focus, and provides leadership with easy to understand pass/fail audit findings.
While assisting the CISO, the dashboard also is beneficial to the security team and system administrators to understand possible gaps in threat prevention which require additional focus. When using this report, the security team can easily identify and focus on specific problem areas that have been identified as a failure, or presented by a red indication on the matrix. System administrators can take the same information to help set the priority to corrective actions and mitigation strategies. Overall this dashboard is beneficial to several groups within the organization to better reduce cyber risk.
Cyber Exposure will help the CISO drive a new level of dialogue with the business. By being able to know which areas of your business are secure or exposed, and then the CISO can effectively measure the organizations Cyber Risk. For example, how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions. Tenable.io is the first solution is Cyber Exposure and provides the key risk metrics businesses need to measure risk exposures.
Components
FireEye Audit Status - 90 Day Trend - This component trends over a period of 90 days the Pass/Fail indications of the FireEye audits, as well as the sum of the two indications.
FireEye Audit Status - AAA Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the AAA Checks subsection.
FireEye Audit Status - IPMI Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the IPMI Checks subsection.
FireEye Audit Status - System Protection Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the System Protection Checks subsection.
FireEye Audit Status - Greylist Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the Greylist Checks subsection.
FireEye Audit Status - Security Audit Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the Security Audit Checks subsection.
FireEye Audit Status - Identification and Authentication Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the Information and Authentication Checks subsection.
FireEye Audit Status - SNMP Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the SNMP Checks subsection.
FireEye Audit Status - Encryption Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the Encryption Checks subsection.
FireEye Audit Status - Malware Detection Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the Malware Detection Checks subsection.
FireEye Audit Status - Web MPS Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the Web MPS Checks subsection.
FireEye Audit Status - Security Management Checks (Pass/Fail) - This component provides visual pass/fail indications for results from the FireEye compliance audit, specifically for checks within the Security Management Checks subsection.