Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Vulnerabilities by Common Ports Dashboard

by Ryan Seguin
November 10, 2017

Vulnerable services may allow malicious actors to infiltrate the network, compromise assets, and exfiltrate information. Addressing vulnerable services is a key step in reducing network risk. This dashboard identifies active vulnerabilities by the network ports, allowing analysts to expedite risk mitigation activities.

The modern attack surface is largely comprised of services listening on network ports that can be exploited by an external attacker. An attacker can access user data, intercept traffic, or take control of company assets through some of these vulnerabilities. Mitigating these vulnerabilities is a critical part of the Cyber Exposure management life cycle and the reduction of cyber risk.

An important note about these vulnerabilities is that they often do not require user access for an external attacker to discover. Methods for detecting these vulnerabilities are often published throughout the cybersecurity and hacker communities alike. Tenable.io empowers administrators to discover vulnerabilities before they become known by an external threat.

The vulnerabilities presented with a critical severity often represent privilege escalation or system control attacks. The best course of action when approaching these vulnerabilities is to mitigate them by severity rather than number of assets affected. Mitigating higher severity vulnerabilities first is a great way to eliminate any risk to the most sensitive assets in an environment. This dashboard focuses on helping analysts and administrators to perform that task quickly and efficiently. 

Cyber Exposure helps analysts drive a new level of dialogue with the business. By knowing which areas of the business are secure or exposed, analysts can effectively measure the organization's cyber risk. Analysts can use the metrics provided by Tenable.io to determine how much and where to invest in order to reduce risk to an acceptable amount. Tenable.io is the first Cyber Exposure solution that provides key risk metrics that organizations need to measure risk exposure.

Components:

VULNERABLE ASSETS BY COMMON PORTS

Because thousands of assets often have commonly open ports for normal business use, they become the easiest target for attack. This component lists the assets that have vulnerabilities on commonly known ports. This data can be used to gauge how many assets are at risk across an organization, and, if those assets have similar vulnerabilities. This allows for the easiest mitigating effort for the greatest reward.

COMMON PORT VULNERABILITIES

Commonly known ports are the first place that a malicious entity looks to see if they can gain access to sensitive company data. This component lists those commonly known ports and then associates any vulnerabilities found for ease of reference. Mitigating these vulnerabilities reduces risk from the first place attackers approach.

CVSS VULNERABILITY COUNTS PER PORT

Vulnerabilities with CVSS scores are publicly known quantities with documented exploits and remediations. This component lists out each network port with found vulnerabilities and then counts the number of vulnerabilities found that have CVSS scores. Mitigating these vulnerabilities reduces the risk from exploits that are well documented and easily attainable.

PERCENTAGE OF VULNERABILITIES BASED ON CVSS AND PORT

Not all vulnerabilities that can be exploited have CVSS scoring. However, they can still pose a risk to an organization. This component gives a percentage value of vulnerabilities found that have CVSS scores and lists them by the port on which they were found. This information can be used by analysts who then independently search for vulnerability fixes that are not listed in the CVSS database.

Category: 
Discover
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security