by Josef Weiss
October 24, 2016
Network service applications are applications running on a host/server that provide some service to a client on another host. Network services, such as Apple Bonjour, Samba, Netflow, and many others, are often important applications and used extensively on a daily basis. Many organizations benefit from the utilization of these network applications for file and print services, the monitoring and collecting of information, and edge and cloud services.
This dashboard enumerates known network services, displaying vulnerability data to assist analysts in enforcing and verifying IT management policies. The dashboard displays information for enforcing and verifying IT management policies relating to network applications, such as vulnerability, configuration, and remediation policies. Analysts are provided with vulnerability data, which can be easily used to assist in reducing network applications vulnerabilities.
The components in this dashboard leverage data gathered by active vulnerability scanning with Tenable Nessus and passive vulnerability detection with Tenable Passive Vulnerability Scanner (PVS). The data collected is filtered to provide insight into the vulnerabilities related to database software in the environment. Vulnerabilities are tracked by time, severity, and exploitability in order to provide a more complete view of the security status of the network. Security teams can use all of the components in this dashboard to assist in identifying, monitoring, and remediating vulnerabilities within database software that may expose their organization to risk.
The dashboard uses the Common Platform Enumeration (CPE) filter to identify many of the software programs used in enterprise networks. According to NIST, the CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. Tenable assigns CPEs to plugins where appropriate. This allows for analysts to search for common CPE prefixes such as cpe:/a:apple:bonjour, cpe:/a:cisco:netflow, and others. Associating CPE strings with vulnerabilities allows the analysts a greater view into separating operating system vulnerabilities from application vulnerabilities, and adds to the level of vulnerability detail provided to the organization.
This dashboard is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments.
The dashboard requirements are:
- SecurityCenter 5.3.1
- Nessus 6.8.1
Tenable SecurityCenter provides extensive network monitoring by leveraging a unique combination of detection, reporting, and pattern recognition utilizing industry recognized algorithms and models. SecurityCenter is continuously updated to detect advanced threats and vulnerabilities. Tenable constantly analyzes information from our unique sensors, delivering continuous visibility and critical context and enabling decisive action that transforms the security program from reactive to proactive. Continuous vulnerability analysis enables security teams to more effectively tailor remediation efforts. Monitoring the network to ensure that all systems are secured against vulnerabilities is essential to ongoing security efforts. Tenable’s extensive network monitoring capabilities can verify that systems are successfully scanned regularly and secured against vulnerabilities, enabling ongoing improvements to an organization’s security posture.
The corresponding report can be found here:Network Service Vulnerability Report
The following components have been developed to provide a quick visual representation of the number of systems certain applications are installed on, the number of vulnerabilities, ratio of vulnerable systems, and percentage of systems that are currently exploitable. Vulnerability Trend displays application vulnerabilities over the last 90 days. By default, trend data is only stored for 30 days, and must be set to 90 days in SecurityCenter. Vulnerability observed dates are set to the last 3 days within the trend as well. The two remaining components provide a fast; at-a-glance summary that displays how the organization stands in a quick perspective, continuing the format of quick visual data presentation without having to drill down to get into it. All fields are clickable for a deep dive analysis into the presented data.
- Network Services Summary - Network Services Vulnerability Summary - This component displays various network services technologies by row, and enumerates any found vulnerabilities across the columns. Presented is the number of systems on which the technology that has been located, the number of identified vulnerabilities, the ratio of vulnerable systems, and the count of how many are exploitable.
- Network Services Summary - Network Services Status at a Glance - This component gives a quick visual status report on patching efforts for network service applications. The number of critical, high, and medium vulnerabilities is displayed across three columns, as well as the number of days they have been detected. Represented are known vulnerabilities that have existed for over 30 days, the last 30 days, or the last 7 days.
- Network Services Summary - Network Services Trend Last 90 Days - This component tracks a trend of the number of vulnerabilities by the installed network service applications over the last 90 days. By default, trend data is only stored for 30 days, and must be set to 90 days in SecurityCenter. Vulnerability observed dates are set to the last 3 days within the trend as well.
- Network Services Summary - Network Services Criticals at a Glance - This component displays the most critical network service vulnerabilities in a text format for a fast, readable reference without having to do a deep dive.