icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Vulnerability Top Ten Executive Report

by Andrew Freeborn
January 27, 2016

Organizations have commonly faced vulnerabilities present in user applications such as Java, Flash and Microsoft Office. Local software installations require time on a continual basis for analysts and administrators to remediate associated vulnerabilities. Operating system vulnerabilities will always be a focus of remediation efforts, but client-side vulnerabilities also continue to be a constant source of risk to the organization.

The landscape of a modern organization includes vulnerabilities from known sources such as operating systems and client-side software. However, mobile devices and hardware appliances are also potential sources of vulnerabilities. As organizations continue the path of routine remediation of operating system and client-side vulnerabilities, other threats may continue to linger in the organization. This report can assist analysts by giving executive-level information about the top vulnerabilities in the organization. Using this report, analysts and management can quickly see information relevant to the organization to help assist them identify and properly deal with vulnerabilities.

Different network segments can consist of different software and hardware, which can introduce unique opportunities for vulnerability remediation. This report contains information on how to help analysts identify networks with the most vulnerabilities. Analysts can use this information to work within the confines of the network segment to better address vulnerabilities specific to that network segment. In the past, a basic ranking of all vulnerabilities in the entire environment may have masked vulnerabilities affecting a specific network segment that may be more impactful to the organization if known.

This report can assist analysts in efforts of vulnerability remediation and risk mitigation. Analysts are able to get different snapshots of the vulnerability data in the organization that may not have been previously seen. Traditional vulnerability remediation efforts may have fixated analysts to routine and expected tasks. This report can be used to help analysts discover different threats in an ever-changing environment. Many networks continue to evolve and change to meet the goals of organizations.

This report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. This report can be easily located in the SecurityCenter Feed under the category Executive. The report requirements are:

  • SecurityCenter 4.8.2
  • Nessus 6.5.4
  • PVS 4.4.1

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Our family of products includes SecurityCenter Continuous View (CV) and Nessus. SecurityCenter CV performs log normalization from hundreds of unique data sources. Nessus is the global standard in detecting and assessing network data. PVS provides deep packet inspection to continuously discover and track users, applications, cloud infrastructures, trust relationships, and vulnerabilities.

This report contains the following chapters:

  • Executive Summary: This chapter provides an overview of various vulnerabilities in the organization
  • Top 10 Remediations: This chapter presents a list of the top 10 remediations for the network
  • Top 10 Exploitable Vulnerabilities: This chapter displays the top 10 exploitable vulnerabilities on the network
  • Top 10 Mobile Vulnerabilities: This chapter displays the top 10 vulnerabilities of mobile devices on the network
  • Top 10 Data Leaks: This chapter displays the top 10 indications of possible data leakage on the network