by Andrew Freeborn
August 29, 2016
Organizations have a need to be competitive and innovative to stay ahead of the industry. Technology can be used to help organizations facilitate a competitive edge amongst competitors. Innovations in technology, fused with business processes can also help partners of organizations to further their own success as well. In many cases, technology and processes shared among organizations occur over the internet. In order to do business across the internet, web services need to be available at least on one side of the partnership.
Web services can be simple or complex based on the needs of the organization. Business processes could require many interconnected web services across teams to accomplish a business objective. Complex web services may also involve many different technologies to support a process. As web services become more intricate, the risk of vulnerabilities increases.
When complex or outdated versions of web service technologies are accessible on the internet, attackers may find these vulnerable web service platforms and exploit them. Analysts need to know about the web services operating within the organization. The Web Services Summary dashboard available within Tenable SecurityCenter uses Tenable Nessus to detect vulnerable web services within the organization. Nessus is able to actively detect and report upon the findings within the network. Active scans performed with credentials can greatly increase the visibility of web service vulnerabilities on each host. Uncredentialed scans of the host and may not reveal in-depth detail of each detected web service capability or all of the installed software.
Analysts using this dashboard gain insight into vulnerabilities within well-known web service platforms from vendors such as Apache, IBM, Microsoft, and Oracle. The web service platforms referenced in this dashboard typically have regular security updates that remediate critical and exploitable vulnerabilities. The dashboard provides quick and accurate reference points for analysts to quickly see the impact of vulnerabilities on web services platforms across time.
This dashboard is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The dashboard requirements are:
- SecurityCenter 5.4
- Nessus 6.8.1
Tenable SecurityCenter provides continuous network monitoring, vulnerability identification, and security monitoring. SecurityCenter is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audit files. Tenable constantly analyzes information from our unique sensors, delivering continuous visibility and critical context, enabling decisive action that transforms your security program from reactive to proactive. Active scanning examines the web services on the systems, running processes and services, detection of vulnerable software applications, configuration settings, and additional vulnerabilities. With this information, analysts have greater insight to determine if supported and update to date web service platforms are operating within the organization. Tenable enables powerful, yet non-disruptive, continuous monitoring of the organization to ensure vulnerabilities are available to analysts.
This dashboard contains the following components:
- Web Services Summary - Web Services Criticals At a Glance: This table component provides analysts with a listing of the critical vulnerabilities for web service platforms in the organization
- Web Services Summary - Web Services Status At a Glance: This component gives a quick visual status report on patching efforts for web service applications
- Web Services Summary - Web Services Trend Last 90 Days: This component provides analysts with a trend line of vulnerabilities with web service platforms over the last 90 days
- Web Services Summary - Web Services Vulnerability Summary: This component displays various web service technologies by row, and enumerates any found vulnerabilities across the columns