Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Data Leakage Monitoring Dashboard

by David Schwalenberg
February 18, 2015

Data Leakage Monitoring Dashboard Screenshot

Data leakage happens when private data ends up in places it should not be, either by accident or by malicious intent. Data leakage is especially concerning for those entities that deal with financial information, credit cards, and personally identifiable information (PII). Data leakage can lead to loss of sensitive information, identity theft, and financial loss.

This dashboard brings together many sources of information to allow an organization to monitor its network for data leakage, as well as detect vulnerabilities and activity on the network that could lead to data leakage. The Passive Vulnerability Scanner (PVS) analyzes data in motion and can identify sensitive data, such as credit card numbers, as well as general types of documentation sharing. Logged events from Data Loss Prevention (DLP) systems can be forwarded to the Log Correlation Engine (LCE). Nessus scans can identify vulnerabilities that could lead to data leakage. The information presented in this dashboard can assist the organization as it seeks to reduce its chances of data leakage by securing systems (e.g., critical servers and point-of-sale systems) and by monitoring for suspicious activity.

The dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Monitoring.

The dashboard requirements are:

  • SecurityCenter 4.8.2
  • Nessus 6.1.1
  • PVS 4.0.3
  • LCE 4.4.1

Tenable's SecurityCenter Continuous View (CV) is the market-defining continuous network monitoring platform. SecurityCenter CV includes active vulnerability detection with Nessus and passive vulnerability detection with Tenable’s Passive Vulnerability Scanner (PVS), as well as log correlation with Tenable’s Log Correlation Engine (LCE). Using SecurityCenter CV, an organization will obtain the most comprehensive and integrated view of its network.

Listed below are the included components:

  • Data Leakage Monitoring - 25-Day Trend - This chart presents a 25-day data trend of both passive detections of data leakage and logged data leakage events. The passive detections are vulnerabilities reported by PVS in the 'Data Leakage' plugin family. The logged events are reported by LCE under the ‘data-leak’ event type. This component can be used to determine if any data leakage activity has occurred over the last 25 days.
  • Data Leakage Monitoring - Vulnerabilities that Could Lead to Data Leakage - This component presents indicators by keyword for actively and passively detected vulnerabilities that could lead to data leakage. Vulnerabilities at all severity levels except Informational are included. The keywords cover disclosures, cryptographic issues, man-in-the-middle vulnerabilities, and weak authentication concerns. A purple indicator means that one or more vulnerabilities contain the keyword. Clicking on the indicator will bring up the analysis screen to display details on the vulnerabilities. In the analysis screen, setting the tool to IP Summary will display the systems on which the vulnerabilities are present. This component can be used to investigate vulnerabilities that could lead to data leakage.
  • Data Leakage Monitoring - Activity with Potential for Data Leakage - This component presents indicators for activity detected on the network that has the potential for data leakage. The indicators are based on events logged in the last 72 hours and on actively and passively detected vulnerabilities. Indicators are included for such things as cloud interaction, outbound traffic to external IP addresses, peer-to-peer file sharing vulnerabilities, and USB usage. A purple indicator highlights a vulnerability/event detection. Clicking on a highlighted indicator will bring up the analysis screen to display details on the vulnerabilities/events. In the analysis screen, setting the tool to IP Summary will display the systems on which the vulnerabilities/events are present. This component can be used to investigate the potential for data leakage.
  • Data Leakage Monitoring - Indicators - This component presents warning indicators to draw attention to types of data that may have been leaked and methods whereby data may be leaking. These indicators make use of both passive detections and events logged within the last 72 hours. A purple indicator highlights a vulnerability/event detection. In two cases (Credit Card Number and Social Security Number), there are two indicators: one to highlight data leakage detected passively and one to highlight data leakage detected through logged events. Clicking on a highlighted indicator will bring up the analysis screen to display details on the vulnerabilities/events. In the analysis screen, setting the tool to IP Summary will display the systems on which the vulnerabilities/events are present. This component can be used to further investigate any data leakage.
  • Data Leakage Monitoring - Top 10 Subnets with the Most Passive Detections - This table presents the top 10 Class C subnets with the most passive detections of data leakage. These passive detections are vulnerabilities reported by PVS in the 'Data Leakage' plugin family. The list is ordered so that the subnet with the worst data leakage is at the top. A count of detections and a bar graph indicating the severity of the detections are given for each subnet.
  • Data Leakage Monitoring - Top 10 Systems with the Most Passive Detections - This table presents the top 10 systems with the most passive detections of data leakage. These passive detections are vulnerabilities reported by PVS in the 'Data Leakage' plugin family. The list is ordered so that the system with the worst data leakage is at the top. A count of detections and a bar graph indicating the severity of the detections are given for each system.
  • Data Leakage Monitoring - Top 10 Ports Most Associated with Passive Detections - This table presents the top 10 ports associated with the most passive detections of data leakage. These passive detections are vulnerabilities reported by PVS in the 'Data Leakage' plugin family. The list is ordered so that the port associated with the worst data leakage is at the top. A count of detections and a bar graph indicating the severity of the detections are given for each port.
  • Data Leakage Monitoring - Top 10 Most Prevalent Passive Detections - This table presents the top 10 most prevalent passive detections of data leakage. These passive detections are vulnerabilities reported by PVS in the 'Data Leakage' plugin family. A count of detections is given for each vulnerability; the list is ordered so that the vulnerability with the greatest number of detections is at the top. The severity of the vulnerability and a count of hosts on which the vulnerability was observed are also given for each vulnerability.
  • Data Leakage Monitoring - Top 10 Most Prevalent Events (Last 72 Hours) - This table presents the most prevalent logged data leakage events in the last 72 hours. The logged events are reported by LCE under the ‘data-leak’ event type, and include events forwarded via syslog from PVS. A count of occurrences is given for each logged event; the list is ordered so that the event that occurred most often is at the top. A trend graph is also given for each event.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training