Mitigation Summary Executive Report

by David Schwalenberg
July 16, 2014

This report presents vulnerability summary information grouped in various ways. It provides a succinct visual representation of how quickly vulnerabilities on the network are being mitigated and how many exploitable vulnerabilities remain.

Each of the “Vulnerabilities by…” sections in the report presents eight columns of vulnerability summary information, as follows:

The Total Mitigated column displays the total number of mitigated vulnerabilities. The next three columns display the percentage of these vulnerabilities that were mitigated within the specified number of days. Ideally, the percentage of vulnerabilities mitigated in less than 10 days should be close to 100%. The percentage of vulnerabilities mitigated after more than 30 days should be close to 0%, because all vulnerabilities should have been mitigated before then.

The Total Unmitigated column displays the total number of vulnerabilities that have not yet been mitigated. The Exploitable column displays the percentage of those unmitigated vulnerabilities that are known to be exploitable. The Patch Available column displays the percentage of the unmitigated, exploitable vulnerabilities that have had a patch available for more than 30 days. Ideally, both of these percentages should be 0%, because all exploitable vulnerabilities and all vulnerabilities with patches available should have been mitigated already.

The Exploitable Hosts column displays the number of hosts on the network that have unmitigated, exploitable vulnerabilities.

The report is available in the SecurityCenter app feed, an app store of dashboards, reports, and assets. The report can be easily located in the SecurityCenter Feed by selecting category Executive, and then selecting tag mitigated. The report requirements are:

  • SecurityCenter 4.8
  • Nessus 5.2.5
  • LCE 4.2.2
  • PVS 4.0.1

For the related SecurityCenter dashboard, see the Mitigation Summary dashboard.