by Ryan Seguin
November 17, 2017
Organizations often need a big picture view of the current state of their assets. Individual scans and reports are fantastic for honing into specific areas of assessment and analysis when practicing good Cyber Exposure discipline. This dashboard aims to serve the entire Cyber Exposure lifecycle by providing a constantly updated overview of an organizations risk level, asset count, and overall cyber gap.
This dashboard is a launching point for any mitigation effort made by the organization. Each member of an organization’s cyber security team will find data here that serves their focus. The vulnerability information is grouped by different focuses and needs, which allows organizations to decide how they want to plan mitigation strategy from a high level.
The current total number of vulnerabilities and their exploitability informs organizations about their current risk as it relates to the total attack surface. In addition, the most vulnerable asset information empowers organizations to address the most problematic assets first, in addition to addressing the vulnerabilities that pose the greatest threat. For organizations that wish to focus on internal or user data, this dashboard provides the necessary identification of assets that are hosting those important files and how risk to that data should be addressed. All of these approaches reinforce strong Cyber Exposure methods, and embolden an organization’s ability to reduce risk.
Cyber Exposure will help analysts drive a new level of dialogue with the business. By knowing which areas of the business are secure or exposed, analysts are able to effectively measure the organization's cyber risk. Analysts will be able to use the metrics provided by Tenable.io to determine how much and where to invest, in order to reduce risk to an acceptable amount. Tenable.io is the first Cyber Exposure solution that provides key risk metrics that organizations need to measure risk exposure.
Components:
VULNERABILITIES OVERVIEW
An organization's complete attack surface is a useful metric to follow. This component shows all of the current and patched vulnerabilities that have been discovered in Tenable.io. This allows an organization to understand what their current risk level is for their entire attack surface.
TOP 100 MOST VULNERABLE ASSETS
Knowing which assets pose the greatest risk is critical to managing Cyber Exposure. This component lists the top assets in an organization that have the greatest number of vulnerabilities. Addressing these assets first will greatly reduce cyber risk.
POTENTIAL SENSITIVE INFORMATION
Many organizations have services that transfer or host sensitive company or customer information. This component labels the different services found within an organization that have the potential to contain sensitive data. This allows organizations to focus on the assets that could directly affect customer and company data security.
EXPLOITABLE VULNERABILITIES INDICATOR
Knowing which assets can be attacked by known exploits is important for every organization. This component labels different types of vulnerabilities found within an organization that can be exploited through publicly available attacks. This differs from vulnerabilities that arise from simple outdated encryption methods or improper configuration. This allows organizations to focus on assets that are at risk from hacks and exploits.
DATA ACCESS VULNERABILITIES
Fileshares and databases are some of the most attacked targets. This component shows which data sensitive vulnerabilities have been discovered. This data helps an organization understand the ways their data may be at risk.