Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

NESA - Vulnerability and Support

by Ben Smith
March 12, 2020

NESA - Vulnerability and Support

The United Arab Emirates’ (UAE) National Electronic Security Authority (NESA) Information Assurance Standards state that an organization should have appropriate vulnerability management in place. The NESA standard includes many controls related to vulnerability management across a wide variety of devices. Tenable.sc includes active scan aggregation and vulnerability management. This dashboard provides risk managers with clear visibility into the state of vulnerability across the organization.

A critical focus of NESA compliance is identifying vulnerabilities in the environment. NESA requires identifying and remediating vulnerabilities throughout the network. To aid in this process, Tenable.sc tracks when vulnerabilities are mitigated and provides two metrics: patch rate and patch date. Patch rate shows how long vulnerabilities took to patch. Patch date shows the number of days since the patch was applied. Several NESA controls require patching vulnerabilities within a reasonable amount of time where the timeline is determined  by the organization and by the organization’s risk ranking or cost-benefit analysis. These controls include M2.1.1, M2.2, M2.4, T4.2.5, T7, T7.5.1, T7.7, T7.8.6, and T8.3. Tenable.sc can also show exploitable vulnerabilities to help aid in the risk ranking process.

The first stage in a successful Cyber Exposure program requires discovery of assets on the network. NESA controls T1.2, T2.3.3, and T5.4.3 each require knowledge of assets and the appropriate identification, categorization, and protection of these assets. Tenable.sc shows identification and aids in analysis by grouping assets by the plugin families reported. The asset categories can then be prioritized based on vulnerability criticalities, classification, and the organization’s own risk ranking.

Knowing the types of assets on the network also aids in another NESA requirement, for example NESA T4.2.5. Identifying known vulnerabilities in administrative, accounting, and business communications systems. Vulnerability assessments should be performed frequently and after any risk assessment or control implementation. Tenable.sc allows aggregation of regular scan data, assisting the consultant in verifying that such requirements are met. Similarly, NESA controls T7.5.1 and T7.8.2 require software to be maintained at a level supported by the supplier. Tenable.sc shows plugins related to unsupported applications and operating systems, assisting in identification. Additionally, NESA controls T3.4, T3.4.1, T3.6.2 and T5.7.2 require assets to be protected from malware. Tenable.sc can use local checks and active plugins to show assets that have out-of-date definitions and other antimalware and endpoint protection related vulnerabilities.

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Executive.

The dashboard requirements are: 

  • Tenable.sc 5.12.0
  • Nessus 8.9.0 
  • Compliance Data

Tenable.sc Continuous View (CV) is the market-defining On-Prem Cyber Exposure Platform. Tenable.sc CV provides the ability to continuously Assess an organization’s adherence to best practice configuration baselines. Tenable.sc provides customers with a full and complete Cyber Exposure platform for completing an effective Cyber Hygiene program prescribed by NESA standard.

This dashboard contains the following components:

CIS - Anti-Virus/Firewall Enumeration: This matrix assists the organization in monitoring anti-virus (AV) solutions and firewall settings. The "% Hosts AV Up-to-Date" column displays the percentage of total systems that have AV installed and are working properly; the "% Hosts AV Detected" column displays the percentage of total systems on which AV has been detected, whether or not the AV is working properly. The "AV Vulnerabilities" column displays the number of detected vulnerabilities related to AV. The Firewall Enumeration provides all the devices where the host based firewall rules have been collected. Clicking on a highlighted indicator will bring up the analysis screen to display details on the detections for further investigation.

Unsupported Product Summary - Operating Systems: This indicator matrix reports on operating systems that are no longer supported.  The matrix displays popular operating systems but is easily modified to fit organizational requirements.  Plugin ID #33850, with vulnerability text filters that filter for the appropriate operating system name in the plugin output, alert on Unix-based operating systems that are no longer supported.  Keyword filters, along with a CPE string for Microsoft, is used to alert on end-of-life Microsoft operating systems by turning the indicator purple when a vulnerable asset is present.

Vulnerability Top Ten - Top 10 Exploitable Vulnerabilities: This table displays the top 10 exploitable vulnerabilities on the network. The list is sorted so that the most critical vulnerability is at the top of the list. For each vulnerability, the severity and the number of hosts affected is shown. This will be helpful for those getting started with SecurityCenter.

Vulnerability Trend - New Exploitable Vulnerabilities - Past 25 Days: The Vulnerability Trend – New Exploitable Vulnerabilities – Past 25 Days area chart shows the trend of exploitable vulnerabilities over the past 25 days. Trends for seven exploit frameworks are displayed, along with an overall exploitable trend. The data presented is based on vulnerabilities observed in a 24-hour span. This component helps analysts to understand which exploit frameworks their network is most susceptible to in addition to whether hardening efforts against various frameworks are effective over time.

PCI Monitoring - Vulnerabilities by Age: The “PCI Monitoring - Vulnerabilities By Age” matrix component displays an overview of vulnerabilities over time. Each row focuses on vulnerabilities first detected within a specific timeframe, in order to allow analysts to monitor vulnerabilities over time. The first two columns show the totals of vulnerabilities that have been and have not been mitigated. The matrix also shows the percentages of vulnerabilities that are exploitable, the percentage of vulnerabilities that have patches available, and the count of hosts with exploitable vulnerabilities. Analysts can use this matrix to identify and monitor vulnerabilities in context.

Unsupported Product Summary - Applications: The table displays unsupported applications by name and sorted by severity. Displayed is the plugin ID, application name, plugin family, severity, and the total host count found. This component utilizes the keyword “unsupported” in the plugin name field. Additionally the table filters based on severity, dropping any informational results, and presents them via the Vulnerability Summary tool.

Host Count - Patch Date 21 - 60 Days: This component has 4 columns, showing a range of patch dates from 21 - 60 days.  Each column has an explicit date range. They are:

Within 30 days - 21 to 30

Within 40 days - 31 to 40

Within 50 days - 41 to 50

Within 60 days - 51 to 60

The patch date refers to the 'Days Since Mitigation' filter.  The 'Days Since Mitigation' allows the user to filter results based on when the vulnerability was mitigated.

NESA - Device Diversity: This component shows the breadth of device types in the environment. Broken down by vulnerability severity, the component details devices by plugin family. This is especially useful to understand which classes of device to remediate first.

Host Count - Patch Rate 21 - 60 Days: This component has 4 columns, showing a range of patch rates from 21 - 60 days.  Each column has an explicit date range. They are:

Within 30 days - 21 to 30

Within 40 days - 31 to 40

Within 50 days - 41 to 50

Within 60 days - 51 to 60

The component displays the patch rate referring to the 'Days to Mitigate'.  The 'Days to Mitigate' filter allows the user to track the number of days since a vulnerability was moved to the mitigated database.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training