by Cody Dumont
November 12, 2024
Tracking the time to fix or mitigate threats is a Key Performance Indicator (KPI) monitored by many organizations. Tenable Vulnerability Management leverages the 'Time Taken to Fix' attribute on findings for this very purpose. The Time Taken to Fix field tracks how long taken to apply patches or fix vulnerabilities identified when scanned. When this value is set, the state is set to fixed. Organizations with a robust patch deployment system can often deploy patches very close to the discovery date. This report provides several chapters identifying vulnerabilities detected using Tenable Agent's Continuous Assessment which have been mitigated.
As the risk managers define the risk mitigation Service Level Agreements (SLAs), the term remediation is used interchangeably with applying software patches to the asset. In some cases, patching may be all that’s required. Something important to note is that typically, applying a patch is just one part of what’s required to remediate a vulnerability. The asset may also require removal or rebuilding the operating system, specific software components may need to be upgraded, or there could be a configuration error that needs to be corrected.
Unpatched assets expose organizations to vulnerabilities that could be exploited. As new assets are identified; Tenable Agents are deployed, and Continuous Assessment is enabled, Tenable Vulnerability Management begins to track vulnerabilities based on software inventory and other agent based assessment features. The frequency of vulnerability scanning is greatly increased to near real time. The rapid increased frequency of vulnerability scanning helps to identify and address weakness in systems, applications, and networks before they can be exploited. Tenable agents maintain continuous visibility into risks, have little resource consumption, streamline workflows, and minimize time between detection and remediation. Each chapter provides a summary of fixed vulnerabilities based on the day the mitigation was recorded, followed by a summary list of fixed vulnerabilities and assets.
Tenable provides several solutions for organizations to better understand vulnerability management. Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Vulnerability Management (formerly Tenable.io) discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. The requirements for this report are: Tenable Vulnerability Management.
Chapters
- Vulnerabilities Fixed in 1 Day using Continuous Assessment
- Vulnerabilities Fixed in 1 to 5 Days using Continuous Assessment
- Vulnerabilities Fixed in 5 to 10 Days using Continuous Assessment
- Vulnerabilities Fixed in 10 to 20 Days using Continuous Assessment
- Vulnerabilities Fixed in more than 20 Days using Continuous Assessment