by Cody Dumont
October 11, 2017
Organizations that embrace Cyber Exposure are learning a new discipline on how to manage and measure their cyber risk across traditional assets and non-traditional assets such as container security, cloud services and web applications. As the organization learns about Cyber Exposure they are better empowered to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. The CISO often asks the operations team and security administrators these common questions:
- What systems need attention now?
- What systems can be safely ignored for the time being?
CISO’s have the responsibility to translate a mountain of security data to understand the risk exposure of the organization. This report helps by providing four tables that provide the top 10 most vulnerable systems as determined by different metrics. Each table displays the vulnerability summary for each asset and is sorted using total vulnerabilities. The tables take samples of the currently accessed assets by first examining the exploitable hosts, followed by web services and lastly with two tables focusing on vulnerabilities common desktops. This overall view provides risk managers and system administrators with a list of systems that require an immediate focus, and provides leadership with easy to understand and evaluate Top 10 lists.
While assisting the CISO, the report also is beneficial to the security team and system administrators to help them understand possible gaps in patch cycles and coverage in mitigation strategies. The security team can add target groups to the report template and report to different asset managers on the risk to their specific areas of concern. System administrators can take the same reports as actionable items to help set the priority of corrective actions and mitigation strategies. Overall, this report is beneficial to several groups within the organization to better reduce cyber risk.
Cyber Exposure will help the CISO drive a new level of dialogue with the business. By knowing which areas of the business are secure or exposed, the CISO can effectively measure the organization's Cyber Risk. The CISCO can use the metrics provided by Tenable.io to determine how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions. Tenable.io is the first Cyber Exposure solution and provides key risk metrics that organizations need to measure risk exposure.
Tables
The Top Assets with Exploitable Vulnerabilities table presents an overview of the top assets with exploitable vulnerabilities. Information is gathered from Tenable.io, and is sorted by total vulnerabilities so that the most vulnerable asset is presented at the top. For each asset, the IP address, DNS name, total count, and a vulnerability bar are displayed.
The Top Assets Running Vulnerable Web Servers table includes a summary of the top assets running vulnerable web servers. Vulnerabilities are detected both actively and passively. Data is filtered using the Web Servers plugin family, and is sorted so that most vulnerable web server is at the top. For each asset, the IP address, DNS name, total count, and a vulnerability bar are displayed.
The Top Assets with Java Vulnerabilities table presents an overview of the top assets that have actively or passively detected Java vulnerabilities. Data is filtered using the keyword “java” to find plugins that detect Java vulnerabilities. Information is sorted so that most vulnerable asset is at the top, and includes IP address, DNS name, total count, and a vulnerability bar for each asset.
The Top Assets with Adobe Vulnerabilities table displays the top assets on the network that have detected Adobe vulnerabilities. The list is sorted so that the host with the worst Adobe vulnerabilities is at the top. A count of vulnerabilities and a bar graph indicating the severity of the vulnerabilities are given for each asset. Use this table to determine the assets with the most Adobe vulnerabilities on the network. In the component filter, the Plugin Name is set to the 'adobe' keyword to find plugins that detect Adobe vulnerabilities.