by Josef Weiss
November 2, 2016
Media player applications are applications running on a host that allow for playing of multimedia files, such as movies and music. These applications include well-known programs such as Apple QuickTime, Adobe Director, RealNetworks RealPlayer, and many others, are often widely available on many different platforms. While some organizations utilize media players for digital signage, most are used on users’ computers for their own personal use. Local IT Administrators may not control patching of third-party digital signage devices and individual installations of media player applications. Many of these applications are considered third party, and are not managed by organizational patch management solutions. This can allow for media players to become outdated and contain vulnerabilities that can be exploited.
This dashboard enumerates known media player applications, displaying vulnerability data to assist analysts in enforcing and verifying IT management policies. The dashboard displays information for enforcing and verifying IT management policies relating to media player applications, such as vulnerability, configuration, and remediation policies. Analysts are provided with vulnerability data, which can be easily used to assist in reducing media player application vulnerabilities.
The components in this dashboard leverage data gathered by active vulnerability scanning with Tenable Nessus and passive vulnerability detection with Tenable Passive Vulnerability Scanner (PVS). The data collected is filtered to provide insight into the vulnerabilities related to database software in the environment. Vulnerabilities are tracked by time, severity, and exploitability in order to provide a more complete view of the security status of the network. Security teams can use all of the components in this dashboard to assist in identifying, monitoring, and remediating vulnerabilities within database software that may expose their organization to risk.
The dashboard uses the Common Platform Enumeration (CPE) filter to identify many of the software programs used in enterprise networks. According to NIST, the CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. Tenable assigns CPEs to plugins where appropriate. This allows for analysts to search for common CPE prefixes such as cpe:/a:apple:quicktime, cpe:/a:adobe:director, and others. Associating CPE strings with vulnerabilities allows the analysts a greater view into separating operating system vulnerabilities from application vulnerabilities, and adds to the level of vulnerability detail provided to the organization.
This dashboard is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments.
The dashboard requirements are:
- SecurityCenter 5.3.1
- Nessus 6.8.1
Tenable Network Security transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect the organization. SecurityCenter is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audit files. Active scanning examines running processes and services, including remote access services, and detects vulnerable software applications, configuration settings, and additional vulnerabilities. Monitoring the network to ensure that all systems are secured against vulnerabilities is essential to ongoing security efforts. With more than one million users and more than 20,000 enterprise customers worldwide, organizations trust Tenable for proven security innovation. Tenable’s customers range from Fortune Global 500 companies, to the Department of Defense, to mid-sized and small businesses in all sectors, including finance, government, healthcare, higher education, retail, and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com.'p>
The corresponding report can be found here:
Media Player Summary ReportComponent Description
The following components have been developed to provide a quick visual representation of the number of systems certain applications are installed on, the number of vulnerabilities, ratio of vulnerable systems, and percentage of systems that are currently exploitable. Vulnerability Trend displays application vulnerabilities over the last 90 days. By default, trend data is only stored for 30 days, and must be set to 90 days in SecurityCenter. Vulnerability observed dates are set to the last 3 days within the trend as well. The two remaining components provide a fast; at-a-glance summary that displays how the organization stands in a quick perspective, continuing the format of quick visual data presentation without having to drill down to get into it. All fields are clickable for a deep dive analysis into the presented data.
- Media Player Summary - Media Player Vulnerability Summary - This component displays various media player applications by row, and enumerates any found vulnerabilities across the columns. Presented is the number of systems on which the applications has been located, the number of identified vulnerabilities, the ratio of vulnerable systems, and the count of how many are exploitable.
- Media Player Summary - Media Player Status At a Glance - This component gives a quick visual status report on patching efforts for media player applications. The number of critical, high, and medium vulnerabilities is displayed across three columns, as well as the number of days they have been detected. Represented are known vulnerabilities that have existed for over 30 days, the last 30 days, or the last 7 days.
- Media Player Summary - Media Player Trend Last 90 Days -This component tracks a trend of the number of vulnerabilities by the installed media player applications over the last 90 days. By default, trend data is only stored for 30 days, and must be set to 90 days in SecurityCenter. Vulnerability observed dates are set to the last 3 days within the trend as well.
- Media Player Summary - Media Player Criticals at a Glance - This component displays the most critical media player vulnerabilities in a text format for a fast, readable reference without having to do a deep dive.