Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Exploitable by Malware

by Cody Dumont
August 21, 2015

Developers of malware and other malicious code are creating new methods of exploiting systems on a daily basis.  SecurityCenter users can easily identify the hosts most vulnerable to malware and other exploitation frameworks.  This report provides an executive summary of vulnerable systems and by which framework.

Several compliance standards such as Cyber Security Framework, NIST 800-53, and PCI reference conducting risk assessments. Part of any risk assessment is to conduct penetration testing.  Wikipedia defines a penetration test, also known as “pen test”, as a software attack on a computer system that looks for security weaknesses and potentially gains access to the computer's features and data.  Many companies provide pentest services and use tools such as Core Impact and Immunity’s CANVAS.  These frameworks provide security professionals with the ability to safely compromise a system and simulate attacks using published vulnerabilities.  This report provides executives with an insight to how vulnerable their network is to attacks by such frameworks.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Executive. The report requirements are:

  • SecurityCenter 5.0.1
  • Nessus 6.3.4
  • LCE 4.4.1
  • PVS 4.2.1

Additionally, SecurityCenter Continuous View (CV) provides the ability to track vulnerabilities that are known to be exploited using malware.  When a vulnerability is known to be exploited via malware, the organization is at higher risk.  Malware can be deployed and utilized in several ways.  By running credentialed scans, the organization can gain a better understanding of the risk exposure to malware and other exploitation frameworks. 

This report provides a detailed view into the exploitability of the network.  The matrices, charts, and tables compare how exploitable the organization is to malware versus attack frameworks.  The report contains graphs that show exploitability to clients and servers, and compares exploitability of malware versus the exploit tools.   There are tables with a list of vulnerabilities and exploitable hosts, followed by a detailed matrix with an in-depth analysis of the exploitable vulnerabilities.

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. When deploying SecurityCenter CV’s proactive approach to continuous network monitoring, the organization has the ability to identify the biggest risks across the entire enterprise. SecurityCenter CV enables the organization to react to advanced threats, zero-day vulnerabilities and new forms of regulatory compliance.  SecurityCenter CV supports a tight integration and API extensibility with SIEMs, malware defenses, patch management tools, mobile devices, firewalls, and virtualization systems.

Chapters

Executive Summary: This chapter contains a series of tables displaying the count of systems or vulnerabilities that are exploitable by known frameworks or malware.  Each table is broken down by exploit framework and severity level.  The cells are also configured to change color based on the number thresholds.

Exploitable Trend Analysis: This chapter contains a series of charts and graphs that display the trend of vulnerabilities that can be exploited by malware and other frameworks.  Two of the graphs provide a trend analysis over the past 3 months, using a data point every 3 days.

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.