Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Executive Summary Dashboard

by Josef Weiss
March 23, 2018

Monitoring the current state of an organization’s Cyber Exposure initiative and measuring the organization's cyber risk are key responsibilities of IT executives. Executives are often pummeled with information from many different sources, one of those sources being vulnerability management. This dashboard takes into account all the metrics available to Tenable.io customers and helps to narrow the search down to only a few key metrics like severity, Common Vulnerabilities and Exposures (CVE) identifier, and vulnerability state.

Conceptually, the severity metric is easy to understand. There are five severity levels: Information, Low, Medium, High and Critical. Information has no risk associated with the finding, and only provides information for an analyst. Low through Critical severities are based on the Common Vulnerability Scoring System (CVSS) score. CVSS scores provide a way to capture the principal characteristics of a vulnerability and produce a numerical score. This score is then translated into a severity. Although a vulnerability's severity score is based on CVSS, other considerations (for example recasting a vulnerability due to other mitigations put in place) may warrant the vulnerability being assigned a higher or lower severity. Using CVSS scoring and severity scoring, Tenable.io is able to reflect both quantitative (CVSS Score) and qualitative (Severity) information about an organization's vulnerabilities in a simple and easy to understand view.

The CVE List is a data structure that contains vulnerability identification information. CVEs are often used as a third party system to allow many security products and software companies to report a common vulnerability. Once a vulnerability is reported, plugins are created for Tenable.io to detect the vulnerability. When high visibility vulnerability exploitation occurs, like in the case of Spectre & Meltdown, many executives ask questions like “Are we vulnerable to CVE-2017-5754?” Tenable.io is an essential platform for reporting on metrics such as CVE.

The “vulnerability state” metric is native to Tenable.io. This metric reports on the status of a vulnerability. There are four states: New, Active, Fixed and Resurfaced. The state New indicates vulnerabilities that were first detected on assets within the last 14 days. The Active state indicates vulnerabilities that are currently present on the network and are causing increased risk. The Fixed state indicates vulnerabilities that are no longer present. A vulnerability in the Resurfaced state is concerning because this state indicates that the vulnerability has returned. This means that Tenable.io detected that at some point the vulnerability was present, then removed (Fixed) and has now returned. This could be due to a scanning issue, or software that was reinstalled or downgraded. Executives should raise questions to the IT Security team if vulnerabilities are showing resurfaced very often.

Executives who are able to review and analyze these metrics will have a better understanding of the stability of the Cyber Exposure Life Cycle within their organizations. Cyber Exposure is an emerging discipline for managing and measuring the modern attack surface to accurately understand and reduce cyber risk. The discipline helps executives to better direct and focus mitigation efforts and report using industry-accepted metrics. Tenable.io facilitates the implementation of the five Cyber Exposure Life Cycle steps and provides a common place for analyzing vulnerability data.

Widgets on this dashboard

  • Vulnerabilities by State - This widget provides executives with a view into the vulnerability life cycle. By tracking vulnerabilities through each state, the executive can track the progress of risk mitigation efforts.
  • Most Prevalent Vulnerabilities Discovered in the Last 14 Days - This chart provides executives with a summary view of the most prevalent medium, high and critical severity vulnerabilities that have been detected within the last 14 days.
  • Top 100 Vulnerabilities with Patch Available More than 120 Days - This table provides executives with a list of vulnerabilities that have been patchable for over 120 days.
  • Top 100 Most Vulnerable Assets - This table presents a list of the top most vulnerable assets at risk for exploitation.
  • Asset Count by Operating System - This bar chart provides a count of assets by operating system.
  • Vulnerabilities by CVE - This table provides executives with a list of CVEs that are present on the network.
Category: 
Measure
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.