by Carole Fennelly
March 30, 2022
Exploits leveraged in attacks are imported into various tools and services when the attack is made public. Common exploit frameworks are easy to obtain and are used by security researchers and malicious attackers. Security analysts can effectively reduce risk to the organization by analyzing an exploit’s source tool and the most common targets.
The Cyber Security Framework (CSF) category ID.RA (Risk Assessment) provides guidance to organizations on cyber risk and helps to define recommended actions for the security operations team. The ID.RA-1 category states requirements for the National Institute of Standards and Technology (NIST) 800-53 control CA-8 Penetration Testing. The control states “Penetration testing is a specialized type of assessment conducted on information systems or individual system components to identify vulnerabilities that could be exploited by adversaries.” Some security teams leverage exploitation frameworks such as Core Impact, Canvas or others to help with this control. Tenable.io identifies which vulnerabilities are exploitable by different frameworks.
This dashboard provides a centralized view of which frameworks exploit vulnerabilities found in the organization’s network. In addition to the exploitable attributes, other attributes are used such as plugin family and vulnerability state. Using the dashboard to drill down into the Vulnerability Workbench displays other attributes such as CPE, VPR Key Drivers, and CVSS Vectors. Each of these filters helps the security team to narrow the focus and discover risks that may require prioritization over other vulnerabilities.
Cyber Exposure management helps security analysts drive a new level of dialogue with the business. Identifying areas of the network that have exploitable systems helps the security team to effectively measure the organization's cyber risk. The metrics provided by Tenable.io can be used to develop test and remediation plans to reduce risk to an acceptable level.
Widgets
Exploitable by Framework - This widget provides a summary of exploitable vulnerabilities by framework. Exploitation framework tools are designed to detect and exploit software and hardware vulnerabilities in target systems. This matrix helps the security team to narrow the focus and discover risks that may require a higher priority over other vulnerabilities.
New Exploitable Hosts - Vulnerabilities marked as new have not been seen before on an asset. A vulnerability can be marked as new if that vulnerability had not been discovered before in a scan, or if that vulnerability was recently published and discovered on a new scan. This information allows technicians to see previously secure assets with new exploitable vulnerabilities.
Top Exploitable Linux Hosts - This widget displays a list of the top Linux/Unix assets that have exploitable vulnerabilities. Security technicians can use this information to focus mitigation efforts by operating system. This information allows technicians to notify the asset administrator of the threats posed to their assets.
Exploitable Windows Hosts -This widget displays a list of the top Windows assets that have exploitable vulnerabilities. Security technicians can to use this information to focus mitigation efforts by operating system. This information allows technicians to notify the asset administrator of the threats posed to their assets.
