SEC Risk Alert

by David Schwalenberg
June 11, 2014

On April 15, 2014, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert describing its Cybersecurity Initiative. This Risk Alert states:

"OCIE’s cybersecurity initiative is designed to assess cybersecurity preparedness in the securities industry and to obtain information about the industry’s recent experiences with certain types of cyber threats. As part of this initiative, OCIE will conduct examinations of more than 50 registered broker-dealers and registered investment advisers focused on the following: the entity’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats."

This dashboard presents network information that can assist organizations in evaluating and improving their cybersecurity preparedness.

For more information on how SecurityCenter Continuous View can assist a firm in maintaining accurate inventories, maintaining knowledge of normal operations, managing vulnerabilities, detecting unauthorized activity, malware, and data loss, and measuring compliance, see Tenable's SEC Risk Alert Reference Guide.

The dashboard and its components are available in the SecurityCenter Feed, an app store of dashboards, reports, and assets.  The dashboard requirements are:

  • SecurityCenter 4.8
  • Nessus 5.2.6
  • LCE 4.2.2
  • PVS 4.0.2
  • LCE Client - Tenable NetFlow Monitor

Listed below are the included components:

  • Vulnerability Top Ten - Top 10 Remediations - This table displays the top 10 remediations for the network. For each remediation, the risk reduction for the network if the remediation is implemented is shown, along with the number of hosts affected. The list is sorted so that the highest risk reduction is at the top of the list. Implementing the remediations will decrease the vulnerability of the network.
  • Vulnerability Top Ten - Top 10 Exploitable Vulnerabilities - This table displays the top 10 exploitable vulnerabilities on the network. The list is sorted so that the most critical vulnerability is at the top of the list. For each vulnerability, the severity and the number of hosts affected is shown.
  • Vulnerability Top Ten - Top 10 Most Vulnerable Hosts - This table displays the 10 hosts on the network that have the greatest number of exploitable critical and high severity vulnerabilities. The list is sorted so that the most vulnerable host is at the top of the list. For each host, a bar graph of its critical and high severity vulnerabilities are shown.
  • Vulnerabilities Discovered (Last 30 Days) - This component displays vulnerability tracking information for the last 30 days. Information on Critical, High, and Medium severity vulnerabilities discovered in the past 30 days is presented, including the number of vulnerabilities that have been mitigated, number of vulnerabilities still unmitigated, number of unmitigated vulnerabilities that are exploitable, and the percentage of unmitigated vulnerabilities that are exploitable. This information can assist in assessing how well cybersecurity vulnerabilities are being managed.
  • Daily Host Alerts Trend (Last 5 Days) - This component presents a line graph of Daily_Host_Alert events by time for the last 5 days.
  • Netflow by Port (Last 72 Hours) - This chart displays the top 10 TCP ports with the highest session counts. This information can assist in understanding and monitoring the dataflows and services active on the network. Note that this component requires the Tenable NetFlow Monitor (TFM) LCE client.
  • Top 100 Users Generating Events (Last 72 Hours) - This table displays the top 100 users generating events on the network, with trending. This information can assist in monitoring the users accessing the network.
  • Malware Detections - This matrix displays various indications of malware and malicious cybersecurity events on the network. Red indicators signify that activity of high severity has occurred.
  • Network Changes - This matrix displays various indications of network changes over the last 72 hours. Green indicators signify that a change has occurred, and further investigation may be warranted to determine if the change was authorized.
  • Potential Suspicious Activity - This matrix displays various indications of network activity over the last 72 hours that departs from the baseline or may otherwise be suspicious. Spikes in event rates can indicate new applications, new types of network usage, and in some cases, abuse. Green indicators signify that the activity has occurred, and further investigation may be warranted to determine if the activity is authorized.
  • Potential Data Loss - This matrix displays various indications of potential for data leakage and loss. Red indicators signify that activity of high severity has occurred. Green indicators signify that activity that has the potential for data loss has occurred and further investigation may be warranted.
  • Compliance Summary - Check Result Ratio - This component provides a ratio view of systems that have been checked for a variety of compliance standards. The ratio bar provides a visual of the number of compliance checks that have either passed, failed, or that require some manual verification.