Executive Vulnerability Metrics

by Cody Dumont
April 24, 2014

Monitoring security just got easier with this dashboard and Nessus.  This dashboard provides an executive view into the active vulnerability detection and remediation of discovered vulnerabilities.   Using the Nessus vulnerability scanner, security professionals can discover vulnerabilities in networks. This dashboard helps security professionals to communicate metrics and status of vulnerabilities with executives.  

The dashboard and its components are available in the SecurityCenter Feed, an app store of dashboards, reports, and assets.  The dashboard requirements are:

  • SecurityCenter 4.8
  • Nessus 5.2.6 

This dashboard begins with four tables that show vulnerabilities in various states of remediation.  The top left component provides a vulnerability age summary, and the top right provides a remediation summary.  Both of these components show the count of vulnerabilities by the days of discovery or mitigation.  

 The following row of components display the number of discovered vulnerabilities by the date that a patch or vulnerability is published.  The table on the left provides a focus on the patch date and severities, while the table on the right provides a summary of vulnerability publication dates.  

Both tables provide columns for each severity, ranging from low to critical.  The low severities are displayed with a blue background and white text, and the medium severities are black on orange.  The high and critical severities are red and purple with white text.  

The third row contains two trend graphs displaying a trend over the past 25 days for Windows and *nix vulnerabilities.  The last two components are tables, one with a Windows user management summary, and the other with the top 10 most vulnerable systems. 

Overall, this dashboard provides executives with metrics to which they can oversee a risk mitigation program. 

The components included with this dashboard are:

  • Executive Summary - Vulnerability Age: This component contains a matrix displaying vulnerability age.
  • Executive Vulnerability Metrics - Patch Publication Age: This component provides a summary of vulnerabilities and patch release dates.  The dates are summarized with 7, 30, 90 and more than 90 days.
  • Executive Vulnerability Metrics - 25 Day Trend Windows Vulnerabilities: This component provides a 25-day trend of Microsoft vulnerabilities.  The graph provides separate colors to denote the severity.  The vulnerability trending is calculated with 24 hour data points.
  • Executive Vulnerability Metrics - Windows User Management: This table provides a list of informational vulnerabilities on Microsoft user accounts. 
  • Executive Vulnerability Metrics - Vulnerability Mitigation: This component contains a matrix displaying mitigated vulnerability ages. The columns identify new hosts (within the past 24 hours), and vulnerabilities from low to critical severities.
  • Executive Vulnerability Metrics - Vulnerability Publication Age: This component provides a summary of vulnerabilities and their release dates.  The dates are summarized with 7, 30, 90, and more than 90 days.
  • Executive Vulnerability Metrics - 25 Day Trend Linux Vulnerabilities: This component provides a 25-day trend of Linux vulnerabilities.  The graph provides separate colors to denote the severities.  The vulnerability trending is calculated with 24-hour data points.
  • Vulnerability Top Ten - Top 10 Most Vulnerable Hosts: This table displays the top 10 most vulnerable hosts on the network.