by Cesar Navas
October 29, 2015
Executives should understand the risks an organization faces from IT related vulnerabilities. This collection provides a graphical overview that summarizes the status of the vulnerability management program. Active, exploitable and previously mitigated vulnerabilities are defined across a series of components for quick review. The timeframe represented is the previous 7 days.
The vulnerability data, presented by this dashboard, is collected from active scanning with Nessus, passive monitoring with the Nessus Network Monitor (NNM), and by analyzing event data with the Log Correlation Engine (LCE). This dashboard provides an executive summary of a weekly status of the current vulnerability management program. A series of tables, charts and graphs provide a detailed view into the vulnerabilities discovered and previously mitigated within the last 7 days. An overview of the vulnerability management program is provided by 18 components, which are easy to understand by managers, CISO's and other executives.
The layout of this dashboard allows executives to track daily changes within the vulnerability management program. The format is designed to expedite analysis of vulnerability data by summarizing vulnerability information at a high level, enabling executives to have a visual representation of the status of the organization’s vulnerability management program. The data points are designed to track daily changes, allowing for monitoring, detection, and remediation activity. A key benefit of the dashboard is its ability to identify and track vulnerabilities across the organization without requiring executives to spend valuable time deciphering large amounts of detailed vulnerability results.
This dashboard is available in the Tenable.sc Feed, an app store of dashboards, reports, and assets. The dashboard can be easily located in the Feed under the category “Executive”.
The dashboard requirements are:
- Tenable.sc 4.8.2
- Nessus 8.5.1
- LCE 6.0.0
- NNM 5.9.1
Listed below are the included components:
- Executive 7 Day - Current Vulnerability Type Matrix - This component provides a summary of the vulnerabilities discovered within the past 7 days and by the vulnerability type and severity level.
- Executive 7 Day - Current Vulnerability Summary by Severity - This component displays a severity summary of vulnerabilities discovered over the past 7 days.
- Executive 7 Day - Current Vulnerability Trending by Severity - This component displays a trend analysis of vulnerabilities discovered over the past 7 days.
- Executive 7 Day - Current Vulnerability Trending by Type - This component trend analysis displays vulnerabilities discovered in the past 7 days, and by vulnerability type.
- Executive 7 Day - Current Vulnerability Asset Summary - This component shows vulnerability analysis by asset list, displaying a bar for medium, high, and critical severities of each asset.
- Executive 7 Day - Current Asset Vulnerability Breakdown - This component displays the newly discovered vulnerability count of the top 10 assets.
- Executive 7 Day - Exploitable Vulnerability Type Matrix - The component shows a summary of the exploitable vulnerabilities that have been discovered over the past 7 days. To allow for better understanding of risk, the data is separated by exploit frameworks, Metasploit, Core Impact, CANVAS, and malware that are tracked by Tenable Research.
- Executive 7 Day - Exploitable Vulnerability Summary by Severity - This component displays a severity summary of exploitable vulnerabilities discovered over the past 7 days.
- Executive 7 Day - Exploitable Vulnerability Trending by Severity - This component displays a trend analysis of exploitable vulnerabilities discovered over the past 7 days.
- Executive 7 Day - Exploitable Vulnerability Trending by Type - This component trend analysis displays exploitable vulnerabilities discovered in the past 7 days, and by vulnerability type.
- Executive 7 Day - Exploitable Vulnerability Asset Summary - This component shows an exploitable vulnerability analysis by asset list, displaying a bar for medium, high, and critical severities for each asset.
- Executive 7 Day - Exploitable Asset Vulnerability Breakdown - This component displays the newly discovered exploitable vulnerability count of the top 10 assets. The counts are vulnerabilities that have been discovered over the past 7 days.
- Executive 7 Day - Mitigated Vulnerability Type Matrix - The component shows a summary of the remediated vulnerabilities that have been discovered over the past 7 days. To allow for better understanding of risk, the data is separated by exploit frameworks, Metasploit, Core Impact, CANVAS, and malware that are tracked by Tenable Research.
- Executive 7 Day - Mitigated Vulnerability Summary by Severity - This component displays a severity summary of remediated vulnerabilities discovered over the past 7 days.
- Executive 7 Day - Previously Mitigated Vulnerability Trend - This component displays a trend analysis of previously remediated vulnerabilities discovered over the past 7 days.
- Executive 7 Day - Previously Mitigated Vulnerability Trending by Type - This component trend analysis displays previously mitigated vulnerabilities discovered of the past 7 days, and by vulnerability type.
- Executive 7 Day - Mitigated Vulnerability Asset Summary - This component shows a mitigated vulnerability analysis by asset list, displaying a bar for medium, high, and critical severities for each asset.
- Executive 7 Day - Mitigated Asset Vulnerability Breakdown - This component displays the newly discovered exploitable vulnerability count of the top 10 assets.