Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Critical and Exploitable Vulnerabilities Report

by Ethan Pedoeim
November 1, 2016

Critical and Exploitable Vulnerabilities Report Screen Shot

Identifying, prioritizing, and patching existing vulnerabilities on a network can be a difficult task for any analyst to manage effectively. By determining which vulnerabilities are most severe, analysts can properly prioritize vulnerability remediation in order to best protect systems on the network. This report presents a comprehensive look at the critical and exploitable vulnerabilities discovered on the network, which can be useful in reducing the overall attack surface and keeping critical data secured within an organization.

Tenable SecurityCenter Continuous View (CV) collects a vast amount of data on existing vulnerabilities discovered on the organization's network. Detailed analysis and understanding of risk for each vulnerability can be time consuming. The analyst should understand the impact of each vulnerability in order to understand the threat posed by the vulnerability.

SecurityCenter CV defines the severity of a vulnerability using the Common Vulnerability Scoring System (CVSS) base score. The CVSS is a method to define and characterize the severity of a vulnerability. Vulnerabilities are scored on a scale of 1 to 10, with a CVSS base score of 10 considered to be the most severe. SecurityCenter CV specifies vulnerabilities with a CVSS base score of 10 as “critical.” In addition to specifying the severity of a vulnerability, SecurityCenter CV checks industry sources to determine if a publically-known exploit for the vulnerability exists. These critical and exploitable vulnerabilities create gaps in the network’s integrity which attackers can take advantage of to gain access to the network. Once inside the network, an attacker can perform malicious attacks, steal sensitive data, and cause significant damage to critical systems. By identifying the most severe vulnerabilities, analysts and security teams can better focus patch management efforts and better protect the network.

The Critical and Exploitable Vulnerabilities report provides information on critical and exploitable vulnerabilities that have been detected on the network. The report utilizes data such as the CVSS base score and information from exploit frameworks including Metasploit, Core Impact, Canvas, Elliot, and ExploitHub to determine which vulnerabilities are critical and exploitable. The report presents a cumulative view of the data to provide an analyst with a comprehensive understanding of the discovered critical and exploitable vulnerabilities. Using various visual aids, the report displays the data in an easy to understand manner. Furthermore, the report presents potential remediation actions that an analyst can use as a starting point for a remediation plan. The information from this report will enable analysts to discover, prioritize, and remediate critical and exploitable vulnerabilities in a timely manner.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards and assets. The report can be easily located in the SecurityCenter Feed under the category Executive. The report requirements are:

  • SecurityCenter 5.4.1
  • Nessus 6.8.1

Tenable SecurityCenter Continuous View (CV) is the market-defining continuous network monitoring solution, and can assist in securing an organization’s internal network and effectively responding to incidents. SecurityCenter is continuously updated with information about advanced threats and zero-day vulnerabilities, allowing it to evolve as the threats evolve. Active scanning periodically examines systems to determine vulnerabilities and compliance concerns, which enables security teams to more effectively tailor remediation efforts. Passive listening provides real-time monitoring to collect information about hosts connected to the network, including detected vulnerabilities. Tenable’s extensive network monitoring capabilities enables a powerful, yet non-disruptive, continuous monitoring of the organization to ensure the latest vulnerability information is provided to analysts.

Chapters

Executive Summary - The Executive Summary chapter presents a series of tables and charts to provide an overview of both critical and exploitable vulnerabilities. The elements presented allow analysts to visualize how critical vulnerability detections in the network have changed over time, as well as a focus on recent vulnerability activity. In addition, the elements provide a comparison of critical vulnerabilities with exploits to critical vulnerabilities with no known exploits. Differentiating the two allows analysts to further prioritize the remediation of the critical vulnerabilities, as the critical vulnerabilities with exploits can pose a more immediate threat.

Exploitable Vulnerability Summary - The Exploitable Vulnerability Summary chapter displays a summary of the top exploitable critical vulnerabilities. The components in this chapter clarify which systems and hosts on the network are more exploitable and provide suggestions on how to begin securing them. Information presented in this chapter can alert organizations to vulnerabilities within the network that have known exploits associated with them.

Critical Vulnerability Summary - The Critical Vulnerability Summary chapter displays a summary of the top critical vulnerabilities. The components in this chapter clarify which systems and hosts on the network are most vulnerable and provide suggestions on how to begin securing them. Using this chapter, organizations will be able to identify which vulnerabilities can cause the most damage to the network if left unattended.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training