Executive Patch Mitigation Report

by Cody Dumont
October 30, 2013

The report provides an executive summary of the risk mitigation efforts related to patch management.  The report provides an analysis of the "Time to Mitigate" and "Time Since Mitigation".  

This report shows a historic patch risk mitigation summary over different periods of time.  Using the native ability within SecurityCenter, this report brings together a collection of components that delivers the patch rate status and the patch date status.  

The chapters in this report provide management a great deal of information at a glance, including a comparison of items such as overall patch rates to that of items with CVSS scores of 10.  The report facilitates a comparative analysis of Linux patching vs. Windows patching over 30 day and 60 day cycle periods.  The sections of the report provide a view of patch cycles via charts, graphs, and a series of tables.

The report is available in the SecurityCenter 4.7 Report app feed, an app store of dashboards, reports and assets.  The report requirements are:

  • SecurityCenter 4.7
  • Nessus 5.2.1

Chapters

Vulnerabilities Over Time - The chapter provides a summary view of vulnerabilities over the past 90 days.  Using a line chart, area chart, and a table, the risk mitigation via patch management can be analyzed.  By gaining an understanding of the history of the patch management efforts, the security manager is better able to understand where focus needs to be applied to better mitigate overall risk.

Days Since Mitigation - This chapter shows a historic analysis of patch dates or the "Days Since Mitigation".  "Days Since Mitigation" allows the user to filter results based on when the vulnerability was mitigated or when a patch was applied.  The chapter contains 3 sections with differing dates ranges, thus showing the security manager a detailed trend analysis of when patches were applied.

Days to Mitigate - This chapter shows a historic analysis of patch rate or the "Days to Mitigation".  "Days to Mitigation" allows the user to track the number of days since a vulnerability was moved to the mitigated database. The chapter contains three sections with differing dates ranges, thus showing the security manager a detailed trend analysis of time taken to apply patches.