Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

CCC 2: Remove Vulnerabilities and Misconfigurations

by Cody Dumont
June 23, 2015

Monitoring systems for vulnerabilities and misconfigurations is full time job and requires the CISO to pay particular attention to several key indicators.  This ARC provides the CISO with several of the key indicators to include vulnerability over 30 day old and configuration audits. 

When monitoring the mitigation of vulnerabilities, the CISO monitors the implementation of a regular scanning program using a continuous network monitoring philosophy. The scanning technology should include sensors to detect publicly identified vulnerabilities, missing patches for operating systems and applications, and misconfigured applications. Once all vulnerabilities and misconfigurations are identified, the organization should have a repeatable process to remediate/patch/remove the weaknesses.

This ARC strategically crosses several different operational teams and provides the CISO a quick overview of how the organization is approaching security.  The policy statements in this ARC cover the operations team by monitoring the status of patch deployments, and the audit teams by measuring the overall security policy check pass ratio.  Monitoring for system audit success and tracking patch deployment steps reflects the security team’s progress. 

This ARC is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The ARC can be easily located in the feed by selecting category executive. The ARC requirements are:

  • Tenable.sc 5.0
  • Nessus 8.5.1
  • LCE 6.0.0
  • NNM 5.9.0

This ARC uses all aspects of continuous network monitoring, including scanning, sniffing, and log correlation.  Using each of these technologies allows Tenable to provide a unique combination of detection, reporting, and pattern recognition utilizing industry recognized algorithms and models.  Tenable.sc Continuous View (CV) integrates with many technologies such as patch management, mobile device management, malware defenses, network infrastructure, cloud services, and other log analysis platforms to provide a holistic approach to threat detection and risk analysis.

The policy statement for this ARC are:

Greater than 95 % of systems with configuration audit successfully performed in past 90 days: This policy identifies systems that have been scanned using credentials and will show Compliant in green if more that 95% percent of systems have been scanned successfully.  The policy checks for all systems that have been detected using Nessus or NNM.  The benefit of the policy is that it helps to measure the coverage of NNM and Nessus, thus making sure each system is scanned and sniffed.

Greater than 75% of configuration audits are compliant with security policies: This policy monitors all the configuration audit checks and will show Compliant in green when over 75% of the checks are compliant with security policies.  The configuration audits are checked using the Nessus audit files located in the Customer support portal.  These audit files should be edited to meet corporate policies.

Less than 15% of systems with high or critical severity vulnerability with a patch released over 30 days ago: The policy monitor all vulnerabilities discovered using passive and active methods.  If a patch was published more that 30 days ago, the organization is not applying patches in the industry accepted time line.  The organization can adjust the date time line, however in doing so the organization is increasing their risk exposure.  This policy will show Compliant in green when less than 15% of systems have patches missing for more that 30 days for critical or high severities.

All detected software and hardware is currently supported by the vendor: This policy statement identifies all systems running unsupported hardware or software.  The filters search for the word "unsupported" in the plugin name.  If any systems are identified, the policy will fail.  Therefore, reporting is green only when all systems are running supported software and hardware.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training