by Carole Fennelly
October 31, 2022
Organizations must know the status of critical assets to ensure they are appropriately monitored and protected based on each asset’s business risk rating. The Asset Management Overview dashboard provides summary information about assets in the environment. This information can be leveraged by risk and security managers to ensure the organization’s security program is aligned with current business goals.
Assets must be protected in accordance with the business value to the organization. Assets contain data or provide services to the organization and are assigned risk ratings by the business owner of the asset. Security managers need to communicate asset status to business owners to ensure that assets are appropriately monitored based on their importance to the business. Operational teams need to ensure technical measures are in place and to protect assets from exploitation.
The Asset Management Overview dashboard provides executive management a summary of asset information at a glance, while enabling security analysts to drill down into technical details by clicking on the widgets.
Information is provided on asset statistics, types, vulnerabilities, services and operating systems. Security managers can use this information to determine if the security program needs to be adjusted based on current asset status. Operational teams can leverage information provided in this dashboard to determine if assets are monitored appropriately.
Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable.io discovers and analyzes assets continuously to provide an accurate and unified view of an organization’s security posture. The requirements for this dashboard are: Tenable.io Asset Data from Tenable.io Vulnerability Management, Tenable Web Application Security (WAS), Tenable.cs, Tenable Lumin, Attack Surface Management.
Widgets
Asset Discovery Statistics – This widget displays statistics for Tenable.io licensed assets that were first observed less than 7 days ago and less than 30 days ago. The Tenable.io licensed asset limit determines the number of assets that can be scanned for vulnerabilities. The first section displays the total number of licensed assets. The middle column displays the total number of newly discovered assets that are not counted against the license. The last column displays the number of licensed assets that were successfully authenticated with credentials and scanned. More license count details can be viewed on the License page in Settings in Tenable.io. The requirements for this widget are: Tenable.io Asset Data from Tenable.io Vulnerability Management, Tenable Web Application Security (WAS), Tenable.cs, Tenable Lumin.
Licensed Asset by Type – This widget identifies licensed asset types in the organization's environment. Licensed asset types include hosts, web applications, domain records, containers, and cloud instances. The requirements for this widget are: Tenable.io Asset Data from Tenable.io Vulnerability Management, Tenable Web Application Security (WAS), Tenable.cs, Tenable Lumin, Attack Surface Management.
Most Common Operating Systems – This widget displays a percentage of the different operating systems found within the environment. This information assists managers with task and remediation planning. The Top 10 most common operating systems are displayed in the chart, but this value can be edited based on local requirements. Managers can use this information to determine the mitigation effort required based on asset volume when creating remediation tasks. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).
Assets by Asset Type – This widget identifies assets types in the organization's environment. Asset types include hosts, web applications, domain records, containers, and cloud instances. Organizations can reduce potential security risks, and support compliance efforts by identifying the types of assets that are present in the environment. The requirements for this widget are: Tenable.io Asset Data from Tenable.io Vulnerability Management, Tenable Web Application Security (WAS), Tenable.cs, Tenable Lumin, Attack Surface Management.
Hosts with Web Application Scanning (WAS) Vulnerabilities – This widget displays hosts that have been identified with WAS vulnerabilities. The host name and number of WAS vulnerabilities is shown. Tenable.io WAS is a Dynamic Application Security Testing (DAST) application. A DAST crawls a running web application through the front end to create a site map with all the pages, links and forms for testing. Once the DAST creates a site map, it interrogates the site through the front end to identify any vulnerabilities in the application custom code or known vulnerabilities in the third-party components that comprise the bulk of the application. Tenable.io WAS identifies OWASP Top 10 vulnerabilities such as cross-site scripting (XSS) and SQL injection in custom web application code and vulnerable versions of third-party components. Both categories of vulnerabilities are essential to ensure comprehensive vulnerability coverage in modern web applications. The requirement for this widget is: Tenable Web Application Security (WAS).
Assets with Docker Application – This widget displays hosts that have been identified with a Docker Service installed. Docker is an open-source project that automates the deployment of applications inside software containers. This widget displays data from informational plugins related to Docker, such as: service detection, version detection, and container information. This widget does not report Docker vulnerability information above the informational level. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).