by Sharon Everson
September 8, 2015
Vulnerability management is a key responsibility of any security team. By understanding the vulnerabilities a network faces, security teams can tailor mitigation and hardening strategies to be more effective. Nessus provides vulnerability scan information while the Nessus Network Monitor (NNM) continuously monitors network traffic for potential vulnerabilities. Tenable.sc Continuous View (CV) has the ability to monitor vulnerability information detected by Nessus and NNM.
The components in the Vulnerability Trend dashboard present trend data about new detected vulnerabilities on the network. This includes information such as 25-day trends of new vulnerabilities by severity, exploitability, CVSS score, and external network connections. Each of these trend charts calculates their data points every 24 hours to provide the most accurate data possible. Also displayed are matrices that track vulnerabilities by time range, operating system, severity, and exploitability. These components can help an organization understand the vulnerability status of their network and provide insight into areas that may require additional attention.
The Vulnerability Trend dashboard monitors detected vulnerabilities on an organization’s network. By increasing visibility into the vulnerability status of their network, security teams can focus mitigation strategies accordingly. The trend data informs security teams where to focus their efforts in order to better defend their network. By monitoring the change in detected vulnerabilities, security teams can adjust their efforts as needed in order to mitigate the greatest vulnerabilities.
This dashboard also provides a view of which exploit frameworks pose the greatest threat to the network. This information can provide insight into determining where and how to tailor mitigation efforts against these risks. This information is filtered based on the detected vulnerability having an exploit available in order to focus on the most significant threats. The trend data also provides a view on the effectiveness of mitigation efforts over time. Together, these components can be used to determine whether security efforts are working effectively and where improvements can be made.
The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments.
The dashboard requirements are:
- Tenable.sc 4.8.2
- NNM 5.9.0
- Nessus 8.6.0
- This dashboard requires “Full Text Search” to be enabled for each analyzed repository.
Tenable.sc CV provides continuous network monitoring, vulnerability identification, risk reduction, and compliance monitoring. By integrating with Nessus and NNM, Tenable.sc CV provides the most comprehensive view of vulnerability data.
Listed below are the included components:
- Vulnerability Trend - Severity Matrix: This component displays counts of vulnerabilities observed in the past 24 hours, 7 days, and 30 days. The columns display vulnerability counts by severity level and a percentage bar shows the ratio of exploitable vulnerabilities. This component provides insight into whether detected vulnerabilities are exploitable as well as whether mitigation efforts are effective over time.
- Vulnerability Trend - Vulnerabilities by Operating System: This matrix presents counts of vulnerabilities by operating system. The rows filter on CPE and can be easily customized for any platforms in the network. The columns display vulnerability counts by severity and a percentage bar shows the ratio of exploitable vulnerabilities. This information is useful in understanding which operating systems present the greatest threat to network security so that hardening efforts can be focused as necessary.
- Vulnerability Trend - New Vulnerabilities by Severity - Past 25 Days: This area chart illustrates the trend of vulnerabilities by severity level over the past 25 days. The data presented is based on vulnerabilities observed in a 24-hour span and these counts are updated daily. This trend data is useful in describing the vulnerability status of the network as well as whether security has been increasing or decreasing over time.
- Vulnerability Trend - New Exploitable Vulnerabilities - Past 25 Days: This area chart shows the trend of exploitable vulnerabilities over the past 25 days. Trends for seven exploit frameworks are displayed, along with an overall exploitable trend. The data presented is based on vulnerabilities observed in a 24-hour span. This component helps analysts to understand which exploit frameworks their network is most susceptible to in addition to whether hardening efforts against various frameworks are effective over time.
- Vulnerability Trend - New Vulnerabilities by CVSS Score - Past 25 Days: This area chart illustrates the trend of vulnerabilities by CVSS score over the past 25 days. The score ranges for medium, high, and critical severity vulnerabilities are displayed. This trend data provides another lens for describing the vulnerability status of the network as well as whether security has been increasing or decreasing over time.
- Vulnerability Trend - New Internet-Facing Vulnerabilities - Past 25 Days: This area chart depicts newly detected vulnerabilities on devices that have external network connections. This detection is based on the "external access" tag in the plugin output that is generated when external network connections to an internal device are detected. These trends are displayed by severity over the past 25 days. The component helps depict the vulnerability status of devices that may be particularly susceptible to attack due to their external network connections.