Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ITSG-33: Workforce Mobility

by Stephanie Dunn
December 14, 2016

ITSG-33: Workforce Mobility

As mobile workforce demands continue to increase, organizations must provide a secure way to remotely access, connect, and exchange information without compromising network security. Many organizations allow mobile and portable devices to be used without any additional security controls in place that can protect corporate data from being misused. Mobility demands have also resulted in organizations implementing bring your own device (BYOD) policies to support mobility needs. These devices are usually running outdated operating systems, and contain vulnerabilities that can spread malware, leak confidential data, and infect other network assets. Enabling security controls that protect data-at-rest and data-in-motion will help to reduce overall security risks and support mobility requirements. This dashboard covers key concepts within the ITSG-33 guide that will assist analysts in managing mobile devices, tracking portable device usage, and monitoring usage of cloud-based services.

The Communications Security Establishment Canada (CSEC) developed a series of guidelines for security practitioners in managing information technology (IT) security risks for Government of Canada (GC) information systems. The Information Technology Security Guidance Publication 33 (ITSG-33), IT Security Risk Management: A Lifecycle Approach provides a comprehensive set of security controls that can be used to support a wide variety of business requirements. To support interoperability needs, the ITSG-33 guide is consistent with controls published in the U.S. National Institute of Standards and Technology (NIST) Special Publication 800-53. Data presented within this dashboard aligns with ITSG-33 security controls that support remote access security, mobile device activity, and monitoring portable devices usage. This dashboard aligns with the following controls:

  • Remote Access (AC-17)
  • Wireless Access (AC-18)
  • Access Control for Mobile Devices (AC-19)
  • Use of External Information Systems (AC-20)

Having the ability to access data remotely in today’s competitive marketplace is critical in an organization’s long term survival. Devices used to support the mobile workforce can include unmanaged devices that are often outdated and contain vulnerabilities that can leave critical systems or data at risk. Additional risks can include the usage of personal cloud-based services to store and access corporate data from anywhere. Organizations that fail to monitor and protect data from being stored in the cloud can lead to confidential information being inadvertently or intentionally exposed.

This dashboard will assist organizations with monitoring mobile devices, remote access solutions, access to cloud-based services, and detection of wireless devices on the network. Analysts can use the information presented to detect vulnerabilities on both scanned and managed MDM-based mobile devices. This information can be used to prevent outdated or unauthorized mobile devices from connecting to the network. Monitoring wireless devices and events can alert analysts to rogue devices or unauthorized wireless devices currently in use. Access to cloud-based services will help security teams identify and prevent corporate data from being stored outside of the network.

This dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessment. The dashboard requirements are:

  • Tenable.sc 5.4.1
  • Nessus 8.5.1
  • LCE 6.0.0
  • PVS 5.2.0

Tenable's Tenable.sc Continuous View (CV) will provide continuous visibility enabling organizations to take decisive actions to secure the enterprise. Active scanning periodically examines systems to determine vulnerabilities and compliance concerns on remote access solutions and portable devices. Passive listening provides real-time discovery of vulnerabilities on mobile and portable devices. Host data and data from other security products is analyzed to monitor the network for secure communications, remote access activity, and portable device connections. Tenable.sc CV provides an organization with the most comprehensive view of the network and the intelligence needed to support workforce mobility requirements.

The following components are included within this dashboard:

  • Workforce Mobility - Mobile Device Detections: This component presents counts of mobile devices and associated vulnerabilities detected passively by the Tenable Nessus Network Monitor (NNM) and via Mobile Device Management (MDM) systems. The rows break down the detected devices by OS/Vendor. The last row presents those mobile devices and vulnerabilities detected via mobile applications. Clicking on a highlighted indicator will bring up the vulnerability analysis screen to allow further investigation.
  • CSF - Mobile Devices and Removable Media: This component assists an organization in monitoring mobile devices and removable media. Indicators are highlighted purple for mobile devices detected through active and passive scans, and for mobile devices managed through an MDM server. Indicators are also presented for device connection histories, vulnerabilities, and USB events. Additional indicators are highlighted red for compliance failures related to portable devices and removable media. Clicking on a highlighted indicator will bring up the analysis screen to display details on the detections and events and allow further investigation.
  • CSF - Wireless Detections: This component presents a breakdown of detected wireless access points, wireless vulnerabilities, and wireless event activity on the network. Indicators will turn purple when an event or vulnerability is detected. Analysts can drill down to obtain additional information, including IP addresses and MAC addresses. This information can assist an organization in maintaining an accurate inventory and detecting any unauthorized wireless devices.
  • Web Activity - SSL Sessions: This component presents passive detections of SSL session traffic over the last 72 hours to various destinations, including cloud file storage access, access to services commonly used for sensitive data, and social media access. A count and trend is included for each of the events. Clicking on the Browse Component Data icon will bring up the event analysis screen to allow further investigation. Viewing the raw syslog of the events will show the SSL connection times and destinations.
  • Cloud Services - Top Subnets Interacting with Cloud Services: This component displays the top Class C subnets with passive detections of interactions with cloud services such as iCloud, Google Drive, Dropbox, Salesforce, DocuSign, and others. Presenting these interactions by subnet allows easy understanding of which areas of the network are interacting most with the cloud, and if any areas of the network that are not supposed to be interacting with the cloud in fact are.
  • Cloud Services - Services Detected: This table presents a list of passive detections of network interactions with cloud services. This information can be used to determine which cloud services are most used and if any unauthorized services are being used.
  • Verizon DBIR - Remote Access: The Verizon DBIR notes that it is important to restrict remote access to systems. This matrix assists the organization in monitoring remote access activity across the network. Multiple indicators highlight VPN, SSH, RDP, VNC, and SSL traffic events within the last 72 hours, including potential intrusion events, events associated with known bad IP addresses (threatlist), and long-term events. The VPN Sniffed and SSH Sniffed indicators are highlighted purple if those protocols, respectively, are passively detected on the network. The Compliance Fails indicator is highlighted red if there are any remote access compliance failures. The GoToMyPC and RemotelyAnywhere indicators are highlighted purple if those applications are detected on the network.
Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.