Exploits & Attack Paths

Remote Access Detection

by Michael Willison
July 11, 2014

Remote Access Detection screenshot
This dashboard provides information on remote access vulnerabilities. These include vulnerabilities associated with the standard protocols of SSH, VNC, and RDP, along with the proprietary protocols of pcAnywhere, Apple Remote Desktop, WebEx, Google Desktop, and GoToMyPC.

OpenSSL ChangeCipherSpec Dashboard

by Michael Willison
June 6, 2014

OpenSSL ChangeCipherSpec Dashboard
As new threats emerge in networks, SecurityCenter customers are able to properly identify risk. This dashboard identifies systems vulnerable to the new OpenSSL ChangeCipherSpec vulnerability.

CVSS Base Risk Matrices

by Cody Dumont
April 3, 2014

CVSS Base Risk Matrices Screen Shot
The Common Vulnerability Scoring System (CVSS) provides the open framework for assessing the risk of discovered vulnerabilities. The scoring system has three metric types, the first being “Base Metric”. This dashboard provides risk analysis matrices and trend lines showing the change in risk over 25 days.

Council on CyberSecurity 20 Critical Security Controls Dashboard

by Cody Dumont
March 14, 2014

CSC Top 20 Dashboard
This dashboard displays many indicators of the Council on CyberSecurity 20 Critical Security Controls. As published by Council on CyberSecurity, the goal of the 20 Critical Security Controls is to protect assets, infrastructure, and information by strengthening your organization’s defensive posture through continuous automated protection and monitoring. This SecurityCenter Dashboard is comprised of one dashboard with 15 individual components that provide insight to nearly 50 items that directly correlate to the Council on CyberSecurity 20 Critical Security Controls.

Exploitable by Malware

by Cody Dumont
December 17, 2013

Exploitable by Malware
This dashboard provides a detailed view into the exploitability of your network. This series of components shows which vulnerabilities are exploitable by malware, and then compares the exploitability to attack frameworks.

Tracking Risk

by Josef Weiss
October 30, 2013

Tracking unsupported and exploitable software along with critical vulnerabilities over time offers a variety of insights to the security of your network.

DNS Vulnerability Dashboard

by Josef Weiss
July 30, 2013

Requirements:
PVS 3.8.0 or higher
LCE 4.0.2 or higher

It is useful to monitor DNS to see trends and evaluate your DNS infrastructure. This dashboard leverages Tenable’s Log Correlation Engine (LCE) and Passive Vulnerability Scanner (PVS) and is useful for forensic analysis, employee monitoring and creating reports.

The DNS Error Indicator component alerts on a variety of DNS concerns.

Software Summary

by Josef Weiss
May 2, 2013

Ideally, updates and security patches should be deployed as soon as they become available, to prevent exploitable vulnerabilities. Reality is, that is a somewhat difficult task, and rarely do patches get deployed as fast as they should.

This dashboard assists organizations by implementing controls to quickly identify, and reduce the potential exploitation of application vulnerabilities.

Exploits By Platform

by Ron Gula
April 3, 2013

This dashboard identifies vulnerabilities which can be exploited by Metasploit, Core Impact or Immunity CANVAS.

Pages