Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Outstanding Patch Tracking Dashboard

Editor's note: Our dashboards have been updated in the time since this blog was originally published. Please see this page for the latest guidance on Outstanding Remediation Tracking.

The IT Operations teams in most organizations run in monthly cycles from “Patch Tuesday” to “Patch Tuesday.” The cycle never seems to end, and in many cases the vulnerabilities from one cycle bleed into the next, and this insurmountable problem seems to grow at an exponential rate. This continuous cycle often leads operational managers to make difficult choices – and in some cases – uncomfortable meetings, where they try to explain the presence of vulnerabilities. The Vulnerability Management (VM) application in Tenable.io enables operations managers to easily see how progress is made toward patch deployment goals.

Outstanding patch statistics

When reporting to management about the status of patch deployments, you always benefit from being able to quantify the current status in easily explainable terms. The Outstanding Patch Tracking dashboard provides easy to understand metrics that can be communicated to anyone in the organization. The top two components use the plugin (66334) Patch Report to show the status of how many systems are missing patches by the patch count and by the operating system. When reviewing the series by patch count, you can get an overall understanding of how effective patch management is, meaning if your systems have more than 90 patches missing, then your organization is not applying patches in an effective manner. On the other hand, if you only have systems with missing patches between 0 - 30 patches, you would be within a 30 patch cycle. The adjacent bar chart provides a list of hosts per operating system, which have been reviewed for missing patches. The Patch Report plugin is only triggered on a credentialed scan, so this chart also gives you an idea if all your systems are being scanned with valid credentials.

Outstanding Patch Tracking dashboard: plugin 66334 Patch Report Data

Microsoft Security Bulletins

After gaining a good understanding of the metrics, you must be able to communicate the risk and how vulnerable systems are by the outstanding patches. The Tracking Microsoft Security Bulletins - Current Missing Patches component displays the total count of missing patches related to Microsoft Security Bulletins. The security bulletins are named by the year and the order in which a bulletin was released. For example MS17-001 was Microsoft’s first security bulletin released in 2017 (Plugin ID: 96390 Plugin Name: MS17-001: Security Update for Microsoft Edge). This example illustrates the effectiveness of your patch management program. By combining several Microsoft Bulletin prefixes together, you can easily track the year the vulnerability was patched. An effective patch management system will not have patches in years prior to the current year.

Outstanding Patch Tracking dashboard: Tracking Microsoft Security Bulletins

This matrix includes six columns; the first provides a count of affected systems and the middle four columns provide a count based on the respective severity levels. The final column provides a count of the vulnerabilities which are exploitable. The color for this final column will change based on the percentage thresholds, the colors are: >=90 Red, >= 75 Orange, >= 50 Yellow, >= 25 Green, >= 1 Blue, Default Blue. This change in colors helps you to understand the level of risk: the colors closer to red indicate a greater risk.

Missing patches by plugin family

While reporting on Microsoft vulnerabilities is good, there are other operating systems you should be concerned with. The Remediations Tracking - Current Missing Patches component tracks vulnerabilities based on plugin families. Tenable.io is capable of analyzing many types of software and hardware. As a result, there are many plugin families covering different types of software and hardware grouped by a common theme, such as Debian Local Security Checks. There are currently over 60 plugin families supported by Tenable.io. The plugins within each family detect and evaluate information based on different criteria for each operating system. For example, for vulnerabilities found in Apache, there could be several plugins across many plugin families. Taking this approach helps you easily communicate the risk exposure by operating systems other than Microsoft.

Outstanding Patch Tracking dashboard: tracking vulnerabilities by plugin families

This matrix uses a similar approach as the previous matrix, by providing a count of affected systems; the middle four columns provide a count based on the respective severity levels, and the last column shows exploitable percentages. However, in this matrix, the exploitable percentage remains purple regardless of the percentage value.

Outstanding patch analytics

As a practitioner and manager, I use the data in the Outstanding Patch Tracking dashboard on a daily basis. Monitoring the different views helps to prepare for conversations with my team and management. When communicating with my team and IT operations, this information helps to communicate risk and where remediation efforts are most needed. Additionally, I can have open discussions about problems in the vulnerability collection process. For example, when reviewing the bar chart, I can talk with the operations team about operating systems that I know are present on the network, but seem to be missing from the dashboard; or we can discuss quantities of each of the operating systems as needed.

Another interesting thing happened recently in a meeting with my team: the bar chart indicated that there were both “Windows 7 Professional” and “Windows 7 Professional N”. The “N” version of Windows 7 is a more international version of Windows, and it is often found in countries that are part of the European Economic Area, Croatia, and Switzerland. The OS allows for users to choose their own media player and software required to manage and play CDs, DVDs, and other digital media files. From this conversation, we started to have a larger conversation about where these systems came from if they should be present within our environment.

When discussing risk with the upper echelons of management and the security operations team, this dashboard provides me the current status of vulnerability data. With this information, I am able to speak about risk incurred from delaying patch deployments, and can provide insight on the exploitability if our organization were attacked. These numbers also provide foundational information needed to calculate projected costs per vulnerability if compromised. These types of analyses help executives understand the risk to the organization and may help to fund expensive mitigation strategies.

Wrapping up

As you work to address your risk mitigation tasks and track progress, the Tenable.io Outstanding Patch Tracking dashboard provides key analytics. Whether you are communicating up the chain, to peers, or to your team, this dashboard provides a thorough look at your outstanding risk.

Interesting in learning more about Tenable.io?

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training