Exploitability ease grows every day as attacks are made public, and those exploits are then imported into various tools and services. With most common exploit frameworks being free or easy to obtain, security technicians must always be aware of adversaries that may use these frameworks. By understanding an exploit’s source tool, and the most common targets, security technicians can make effective plans to reduce risk to the organization.
The Cyber Security Framework (CSF) category ID.RA (Risk Assessment) provides guidance to organizations on understanding cyber risk and helps to define actions the security operations team should conduct. ID.RA-1 calls for the security technicians to implement National Institute of Standards and Technology (NIST) 800-53 control CA-8 Penetration Testing. The control states “Penetration testing is a specialized type of assessment conducted on information systems or individual system components to identify vulnerabilities that could be exploited by adversaries.” To aid in this specialized assessment some security teams will utilize exploitation frameworks such as Core Impact, Canvas or others. Tenable.io aids the organization in identifying which vulnerabilities are exploitable by different frameworks. This dashboard provides the security technicians with a centralized view of which frameworks are most commonly found on vulnerabilities in their network.
When analyzing the vulnerability status of a network, security teams need to understand the different vulnerability attributes and metrics available through Tenable.io. Within this dashboard there are several attributes that help communicate the exploitability and the framework to which exploitability is already available. In addition to the exploitable attributes, other attributes are used such as plugin family and vulnerability state. After using the dashboard to drill down into the Vulnerability Workbench, there are other attributes such as CPE, In The News, and CVSS Vectors. Each of these filters helps the security team to narrow the focus and discover risks that may require a higher priority over other vulnerabilities.
Cyber Exposure will help security technicians drive a new level of dialogue with the business. By knowing which areas of the network have exploitable systems, the security team is able to effectively measure the organization's cyber risk. Technicians can use the metrics provided by Tenable.io to determine how to plan testing and patching, in order to reduce risk to an acceptable amount. Tenable.io is the first Cyber Exposure solution that provides key risk metrics that organizations need to measure risk exposure.
The following widgets are included on this dashboard:
Exploitable by Framework - This widget provides a summary of exploitable vulnerabilities by framework. Exploitation framework tools are designed to detect and exploit software and hardware vulnerabilities in target systems. This matrix helps the security team to narrow the focus and discover risks that may require a higher priority over other vulnerabilities.
New Exploitable Hosts - Vulnerabilities marked as new have not been seen before on an asset. A vulnerability can be marked as new if that vulnerability had not been discovered before in a scan, or if that vulnerability was recently published and discovered on a new scan. This allows technicians to see previously secure assets with new exploitable vulnerabilities.
Top Exploitable Linux Hosts - This widget displays a list of the top Linux/Unix assets that have exploitable vulnerabilities. Security technicians will be able to use this information to focus mitigation efforts by operating system. This allows technicians to notify the asset administrator of the threats posed to their assets.
Exploitable Windows Hosts -This widget displays a list of the top Windows assets that have exploitable vulnerabilities. Security technicians will be able to use this information to focus mitigation efforts by operating system. This allows technicians to notify the asset administrator of the threats posed to their assets.