Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Top Passive Vulnerabilities

by Stephanie Dunn
June 20, 2016

As network infrastructures continue to add new devices and services on a network, detecting and managing the growing number of vulnerabilities can be complicated for any organization to handle properly. Many organizations employ vulnerability scanners that perform active scanning, but can miss hosts or devices that may have connected in between scans. Passive listening enables organizations to detect vulnerabilities on hosts or other devices that were inactive or temporarily connected to the network in between active scans. This information can help to detect additional client or server-side vulnerabilities that can leave critical systems at risk. Information presented within this dashboard can assist analysts in discovering the top passively detected vulnerabilities on a network.

As organizations continue to invest in cloud and mobile solutions, having multiple ways to scan the network without overwhelming resources is key in helping to detect and maintain an accurate inventory of network assets. Using both active scanning and passive listening provides organizations with a complete and accurate view of existing hosts and network devices. Both methods can help to detect vulnerabilities with web servers such as Apache, or client-side vulnerabilities such as outdated browsers, or exploits within Flash or Java.

Tenable offers the industry’s broadest coverage of detecting vulnerabilities through active scanning, agent scanning, passive listening, and intelligent connectors. For more information on how Tenable can assist organizations with creating an effective vulnerability management program, please see the Comprehensive Vulnerability Management for a Changing IT Landscape blog post.

This dashboard presents a comprehensive summary of passively detected vulnerabilities on the network. Summary information can help analysts identify the most critical and exploitable vulnerabilities first, which can help to streamline vulnerability remediation efforts. Indicators can alert security teams to potentially unauthorized services in use, misconfigurations, or vulnerabilities on critical systems. Highlighting client and server-side vulnerabilities can help identify existing vulnerabilities by function, and can assist with patch management and prioritization. Using this dashboard, organizations will obtain real-time information that can assist with prioritizing and reducing overall security risks within the enterprise.

This dashboard is available in the Tenable.sc enter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Discovery & Detection. The dashboard requirements are:

  • Tenable.sc 5.3.2
  • NNM 5.9.0

Tenable automatically analyzes information from active scanning, intelligent connectors, agent scanning, passive listening, and host data in order to provide continuous visibility and critical context. Active scanning periodically examines hosts within the organization to determine risk. Intelligent connectors leverage other security investments to provide additional context and analysis. Agent scanning enables assessing systems without the need for ongoing host credentials. Passive listening detects hosts that were offline during active scans, and provides real-time monitoring of host activity throughout the network. Host data is analyzed to correlate real-time events, monitor firewall traffic, and identify malicious attacks. The combination of these sensors provides organizations with the tools they need to proactively detect, monitor, and respond to threats within the enterprise.

The following components are included in this dashboard:

  • Passive Vulnerabilities - Host Summary: The Host Summary table presents those hosts that are most vulnerable, in terms of passively detected vulnerabilities. The list of hosts is sorted by score and the bar graphs include Critical, High, and Medium severity level vulnerabilities. This information can help organizations to assess and prioritize current risks.
  • Detection - Passive Detection by Family: This matrix component triggers on passive detection plugins. Passive plugins are plugins used by Nessus Network Monitor (NNM) during passive network scanning.  The matrix cells provide an indicator filtered by detection plugins along with the passive plugin family.  When no alert is present, the indication remains off (or uncolored); if an alert is present, the indication changes to a purple.  The analyst may click on the indicator to retrieve a vulnerability list that includes the Plugin ID, Plugin Name, Family, Severity, IP Address, NetBIOS, DNS and MAC address that matches the query.
  • Passive Vulnerabilities - Top Passive Client Vulnerabilities: The Top Passive Client Vulnerabilities table presents a list of the top passively detected client vulnerabilities on the network. The list is sorted so that the most critical vulnerability is at the top of the list, and includes the severity and number of hosts affected. Data is reported by the Nessus Network Monitor (NNM), which detects hosts with client-based vulnerabilities such as web browsers, Java, Flash, and more. Analysts can drill down to obtain additional information on the hosts affected, and solutions to remediate the vulnerabilities.
  • Passive Vulnerabilities – Top Exploitable Vulnerabilities: The Top Exploitable Vulnerabilities table presents the top exploitable vulnerabilities detected by the Nessus Network Monitor (NNM). The list is sorted so that the most critical vulnerability is at the top of the list, and includes the severity and number of hosts affected. Information presented within this table consist of both client and server-based vulnerabilities that are frequently targeted by attackers. Analysts can drill down to obtain additional information on the hosts affected, and solutions to remediate the exploitable vulnerabilities.
  • NNM Detections - Vulnerabilities/Attacks: This matrix displays indicators for vulnerabilities and attacks detected by NNM. These vulnerabilities/attacks include observed issues with credentials and sensitive data, unsupported software, network attacks, suspicious database commands, and common known vulnerabilities of detected applications. 
  • Passive Vulnerabilities – Top Passive Server Vulnerabilities: The Top Passive Server Vulnerabilities table presents a top 10 list of the most common server vulnerabilities passively detected on the network. Data is filtered to detect hosts with passive server-based vulnerabilities that may include PHP, Samba, Apache, SSH, SQL Server, and more. The list is sorted so that the most critical vulnerability is at the top of the list, and includes the severity and number of hosts affected. This table can provide detailed information to remediate existing vulnerabilities and reduce overall risk.
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.