Mitigation Summary Report

by David Schwalenberg
August 18, 2015

Managing risk can seem to be an overwhelming task -- even more so when security managers don’t have metrics to show progress. SecurityCenter Continuous View has the ability to track mitigated vulnerabilities, allowing management to see and understand that progress is being made and how it is being measured. This report provides executives with an evolving view of mitigated vulnerabilities compared to unmitigated vulnerabilities.

Communicating risk reduction progress is difficult as new vulnerabilities are continuously being identified. System administrators and application developers are continuously working to apply the latest patches. The perception of stalled progress is often a result of miscommunication and lack of normalized visualization methods. This report provides technical managers with an “easy to use and understand” method of communicating progress to executives.

Throughout the report there is a continued comparison of mitigated vulnerabilities to unmitigated vulnerabilities. The first chapter provides a 3-month trend of vulnerabilities and other related charts focusing on vulnerability counts per subnet.  The second chapter provides a series of matrices with an in-depth look at vulnerabilities by severity, by CVSS score, by CVE identifier, and by Nessus and PVS plugin groupings.

The report is available in the SecurityCenter app feed, an app store of dashboards, reports, and assets. The report can be easily located in the SecurityCenter Feed by selecting category Executive. The report requirements are:

  • SecurityCenter 5.0.1
  • Nessus 6.3.4
  • LCE 4.4.1
  • PVS 4.2.1

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. SecurityCenter Continuous View (CV) provides the ability to report on both current and mitigated vulnerabilities alike. With more supported technologies than any other vendor, including operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure, SecurityCenter CV scales to meet future vulnerability management demands for virtualized systems, cloud services, and the proliferation of devices.

Chapters

Executive Summary - This chapter provides executives with high-level understanding of vulnerability history, and which network segments are at the most risk. The first component is a 3-month trend of vulnerabilities followed by two bar charts. The bar charts provide a side-by-side comparison of vulnerability mitigation by subnet. The vulnerabilities that have been mitigated are in the top bar chart and current vulnerabilities are shown in the following chart.

Vulnerability Summaries - This chapter provides a series of matrices showing the relationship between mitigated vulnerabilities and unmitigated. The matrices are created using different criteria. The components provide an analysis using CVSS, CVE, and operating systems.