Exploitable by Malware

by Cody Dumont
August 21, 2015

Developers of malware and other malicious code are creating new methods of exploiting systems on a daily basis.  SecurityCenter users can easily identify the hosts most vulnerable to malware and other exploitation frameworks.  This report provides an executive summary of vulnerable systems and by which framework.

Several compliance standards such as Cyber Security Framework, NIST 800-53, and PCI reference conducting risk assessments. Part of any risk assessment is to conduct penetration testing.  Wikipedia defines a penetration test, also known as “pen test”, as a software attack on a computer system that looks for security weaknesses and potentially gains access to the computer's features and data.  Many companies provide pentest services and use tools such as Core Impact and Immunity’s CANVAS.  These frameworks provide security professionals with the ability to safely compromise a system and simulate attacks using published vulnerabilities.  This report provides executives with an insight to how vulnerable their network is to attacks by such frameworks.

The report is available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The report can be easily located in the SecurityCenter Feed by selecting category Executive. The report requirements are:

  • SecurityCenter 5.0.1
  • Nessus 6.3.4
  • LCE 4.4.1
  • PVS 4.2.1

Additionally, SecurityCenter Continuous View (CV) provides the ability to track vulnerabilities that are known to be exploited using malware.  When a vulnerability is known to be exploited via malware, the organization is at higher risk.  Malware can be deployed and utilized in several ways.  By running credentialed scans, the organization can gain a better understanding of the risk exposure to malware and other exploitation frameworks. 

This report provides a detailed view into the exploitability of the network.  The matrices, charts, and tables compare how exploitable the organization is to malware versus attack frameworks.  The report contains graphs that show exploitability to clients and servers, and compares exploitability of malware versus the exploit tools.   There are tables with a list of vulnerabilities and exploitable hosts, followed by a detailed matrix with an in-depth analysis of the exploitable vulnerabilities.

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. When deploying SecurityCenter CV’s proactive approach to continuous network monitoring, the organization has the ability to identify the biggest risks across the entire enterprise. SecurityCenter CV enables the organization to react to advanced threats, zero-day vulnerabilities and new forms of regulatory compliance.  SecurityCenter CV supports a tight integration and API extensibility with SIEMs, malware defenses, patch management tools, mobile devices, firewalls, and virtualization systems.

Chapters

Executive Summary: This chapter contains a series of tables displaying the count of systems or vulnerabilities that are exploitable by known frameworks or malware.  Each table is broken down by exploit framework and severity level.  The cells are also configured to change color based on the number thresholds.

Exploitable Trend Analysis: This chapter contains a series of charts and graphs that display the trend of vulnerabilities that can be exploited by malware and other frameworks.  Two of the graphs provide a trend analysis over the past 3 months, using a data point every 3 days.