Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IAVM Executive Summary Report

by Stephanie Dunn
August 27, 2015

Patch management is one of the most important and essential components in protecting a network from vulnerabilities. Network assets that have unpatched or outdated software can leave critical systems vulnerable, which can result in stolen confidential data, compromised personally identifiable information (PII), and seized control of critical systems. Government agencies have an added responsibility in protecting the integrity of critical network infrastructures. Attackers have used increasingly sophisticated methods to gain unauthorized entry into government networks that can severely impact government operational and/or mission readiness. 

The Information Assurance Vulnerability Management (IAVM) program is an automated system that provides alerts on existing vulnerability threats, and automates the deployment of patches within Department of Defense (DoD) networks.  The IAVM also acknowledges the receipt of an appropriate countermeasure by an analyst, and specifies a timeframe to mitigate the corresponding vulnerability.  In addition, the IAVM program addresses all types of vulnerabilities from critical to informational, vulnerability bulletins, and technical advisories. The US Cyber Command (USCYBERCOM) and the Defense Information Systems Agency (DISA) jointly manage and publish IAVM Notices for the DoD.  IAVM Notices are published at several levels with differing priority categories. The IAVM Notices are posted on a USCYBERCOM website and also entered into the Defense Information Systems Agency (DISA) operated Vulnerability Management System (VMS). 

The IAVM Executive Summary report provides an executive summary to the current IAVM program, which includes a detailed list of the vulnerabilities identified since 2002. The report template is comprised of two chapters, the first of which focuses on summary charts and graphs to display an overview of the IAVM program.  The second chapter provides a pair of indicator matrices showing a more detailed view of IAVM program by the year of the IAVM Notice and by software vendor.

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable.sc Feed under the category Executive. The report requirements are:

  • Tenable.sc 4.8.2
  • Nessus 8.5.1

When appropriate risk management utilizing IAVM is applied, government agencies can strengthen their network security posture, and ensure enterprise-wide compliance. Any type of vulnerability could compromise the confidentiality, availability, and integrity of critical assets and classified data. Any delay in patching assets can cause critical delays, compromise missions, and disrupt national security.

Tenable.sc Continuous View (Tenable.sc CV) is the market-defining continuous network monitoring platform. Tenable.sc CV includes active vulnerability detection with Nessus, which enables the organization to react to advanced threats, zero-day vulnerabilities and new forms of regulatory compliance. Using Tenable.sc CV, an organization will obtain the most comprehensive and integrated view of its network, in order to best prioritize its administration and mitigation efforts.

The following chapters are included in the report:

Executive Summary - The Executive Summary chapter presents several components that provide a high level overview of IAVM vulnerabilities detected within a network. The first component presents a chart of the top assets with IAVM vulnerabilities. The next component presents the number of vulnerabilities by software vendor. The software vendors displayed include Microsoft, Adobe, Sun, PHP, and Apple, which have the most frequent, high-impact types of security vulnerabilities. The respective vendors make up for a large number of vulnerabilities that are being actively exploited and used in targeted attacks. The last component presents the top ten IP addresses with outstanding vulnerabilities identified by IAVM alerts. Any vulnerability that is presented should be assessed, prioritized, and remediated in a timely manner to reduce overall risk.

IAVM Summary Charts and Graphs - The IAVM Summary Charts and Graphs chapter presents a series of charts that display critical and high severities IAVM vulnerabilities. In addition, this chapter presents a 25-day trend analysis of IAVM alerts per year, and a summary of IAVM alerts per plugin family. The information provided within this chapter can assist the analyst in identifying areas of high-risk, and aid in ongoing risk mitigation efforts.

IAVM Summary Matrix - The IAVM Summary Matrix Chapter presents two matrices that display severity levels by year and by vendor. The first matrix present the number of vulnerabilities identified by severity level for the corresponding year. The last matrix presents the number of vulnerabilities identified by software vendor. The respective vendors make up for a large number of vulnerabilities that are being actively exploited and used in targeted attacks. This information can assist the analyst in targeting vendor-specific vulnerabilities, prioritize mitigation efforts, and reduce overall risk.
 

Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.