Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ACR Summary

by Liz Hutto
January 5, 2022

ACR Summary Dashboard Screenshot

As assets and networks become more dynamic, maintaining visibility requires grouping and prioritizing business-critical assets and the risk associated with them. The increasing persistence of attackers and the evolving threat landscape raises the importance of the methods used in the Prioritize step of the Risk-Based Vulnerability Management (RBVM) lifecycle. Now available in Tenable.sc+, the Asset Criticality Rating (ACR) predicts the priority of each asset based on indicators of business value and criticality. Tenable.sc+ enables Security Teams to leverage the ACR with the VPR to make strategic decisions and focus on issues that better align with the desired security and compliance posture.

The ACR provides Security Teams with more comprehensive visibility of the organization’s assets by predicting the business impact of each asset. Indicators of business value include business purpose, device type, connectivity, internet exposure, capabilities, and location. The ACR calculation allows organizations to objectively measure the risk of assets and more accurately represent risk across the attack surface, while keeping vulnerability data on premises. Tenable.sc+ assigns an ACR to each asset to represent the asset's relative criticality as an integer from one to ten, where ten is the highest criticality rating.

Prioritizing risk across all assets based on theoretical risk (such as a static CVSS score) versus actual risk, is not conducive to maintaining or improving security posture. The adoption of a more fluid risk prioritization process is necessary to keep pace with evolving risk. The combination of ACR and VPR in this report allows Security Teams to efficiently prioritize and monitor the attack surface.

This dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards (ARCs), and assets. The dashboard is easily located in the Tenable.sc Feed in the Executive category.

The dashboard requirements are:

  • Tenable.sc+ 5.20.0

  • Nessus 10.0.2

Leveraging ACR alongside VPR enables organizations to gain an enriched risk-based view of the attack surface. Tenable.sc+ harnesses the power of ACR and VPR together, allowing for a more accurate representation and prioritization of risk through an RBVM approach. The data in this dashboard directly enables teams to Prioritize, which is the third step in the ongoing RBVM lifecycle. This report helps Security Teams prioritize remediation, enabling the Security Director to make more strategic risk decisions that align with the desired security posture.

This dashboard contains the following components:

ACR Summary - First Discovered Vulnerabilities: This matrix provides organizations with a view of vulnerabilities first discovered at different points in time, sorted by ACR, to enable Security Teams to focus on the vulnerabilities on the most business-critical assets first.

ACR Summary - Top Subnets with ACR 7-10: This table provides organizations with a Class C summary of networks containing the most assets with a High or Critical Asset Criticality Rating (ACR 7-10).

ACR Summary - Highlighted Patches (VPR and ACR 7-10): This table provides security teams with a risk reduction plan that reduces the greatest risk when patching the highest risk vulnerabilities (VPR 7-10) on the most business-critical assets (ACR 7-10).

ACR Summary - VPR to ACR Heat Map: This matrix displays a correlation between the VPR and ACR scores for all VPR-rated vulnerabilities on all ACR-rated assets, with the bottom-right corner containing the highest risk vulnerabilities on the most critical assets.

ACR Summary - Vulnerability Trending over the last 90 days: This line chart contains a trend analysis for VPR-rated vulnerabilities on assets with high and critical ACR scores (7-10) over the past 90 days.

ACR Summary - Mitigated Vulnerabilities: This matrix provides organizations with a view of vulnerabilities that have been mitigated during certain periods of time on ACR-rated assets.

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.

Tenable.ad

Continuously detect and respond to Active Directory attacks. No agents. No privileges. On-prem and in the cloud.