Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tracking Microsoft Security Bulletins Dashboards

by Cody Dumont
July 8, 2014

One of the most difficult tasks in information security is patch management.  Tenable.sc customers have an advantage over other IT professionals; this series of dashboards can help IT professionals understand the true state of Microsoft patch management.  Monitoring the application of Microsoft Security Bulletin patches can be extremely difficult if an organization is not continuously scanning the environment with credentialed scans.  Using Tenable.sc's ability to use “regular expressions” in combination with mitigation data and current vulnerability data allows for a much clearer picture.  These dashboards will allow for a detailed view of missing Microsoft patches.  

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Monitoring.

The dashboard requirements are:

  • Tenable.sc 4.8.1
  • Nessus 8.5.1
  • NNM 5.9.1

There are five dashboards in this series.  Each dashboard contains four components.  The components allow for the monitoring of Microsoft patches that are currently missing, and patches that have been missing for more than 30 days.  Additionally, there is a trend graph showing an analysis of how patch management has been maintained over the preceding three months.  The final component shows the count of Microsoft patches that have been applied.

Each of the five dashboards in the series focus on a specific 5 year period, or groups the 5 year periods into smaller, more concise components.   With the diverse range of components, the security professional can select the components that are the most relevant to their environment.  They are:

  • Tracking Microsoft Security Bulletins
  • Tracking Microsoft Security Bulletins (1999 - 2003)
  • Tracking Microsoft Security Bulletins (2004 - 2008)
  • Tracking Microsoft Security Bulletins (2009 - 2013)
  • Tracking Microsoft Security Bulletins (2014 - 2018)

The components included for each dashboard are:

Tracking Microsoft Security Bulletins - Current Missing Patches: This component displays the total count of missing patches related to Microsoft Security Bulletins.  The matrix is comprised of six columns; the first provides a count of affected systems.  The middle four columns provide a count based on the respective severity levels.  The final column provides a count of the vulnerabilities which are exploitable.  The color will change based on the percentage thresholds.    The colors are: >=90 Purple, >= 75 Red, >= 50 Orange, >= 25 Yellow, >= 1 Blue, Default Green.

Tracking Microsoft Security Bulletins - 90 Day Missing Patch Trending:  This component provides a 90-day trend analysis of unpatched systems with respect to Microsoft Security Bulletins.  The different lines in the line chart depict the year the Security Bulletin was released.  The data points are calculated every 3 days over the past 90 days. 

Tracking Microsoft Security Bulletins - Missing Patches for More Than 30 Days: This component displays the total count of patches missing for more than 30 days related to Microsoft Security Bulletins.  The matrix is comprised of six columns; the first provides a count of affected systems.  The middle four columns provide a count based on the respective severity levels.  The final column provides a count of the vulnerabilities which are exploitable.  The color will change based on the percentage thresholds.    The colors are: >=90 Purple, >= 75 Red, >= 50 Orange, >= 25 Yellow, >= 1 Blue, Default Green.

Tracking Microsoft Security Bulletins - Applied Patched (Mitigated): This component displays the total count of applied patches related to Microsoft Security Bulletins.  The matrix is comprised of six columns; the first provides a count of affected systems.  The middle four columns provide a count based on the respective severity levels.  The final column provides a count of the vulnerabilities which are exploitable.  The color will change based on the percentage thresholds.    The colors are: >=90 Purple, >= 75 Red, >= 50 Orange, >= 25 Yellow, >= 1 Blue, Default Green.

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.