There are an increasing number of services across enterprises that are becoming web connected, but not all web services are secure. Organizations need to know what web services are operating in the environment in order to understand their vulnerability status. This dashboard provides insight into the web services in the environment and the vulnerabilities associated with them.
Within the Cyber Exposure lifecycle, assessment and analysis aim to bring down overall effort and time spent on reducing cyber risk. The information on this dashboard serves to give an informative overview of discovered vulnerabilities and web services. Organized and well labeled data points aim to give focus for any organization seeking to expedite the assessment of their assets.
Organizations can see vulnerabilities based on ports, outgoing network traffic, and web services that are present with known vulnerabilities. This allows for focused asset analysis through an understanding of vulnerability type, before the analysis phase even begins. Therefore, even with the wide array of threats that can be posed by web services, this dashboard should close an organizations cyber gap more quickly while performing their Cyber Exposure practice.
Cyber Exposure helps analysts drive a new level of dialogue with the business. By knowing which areas of the business are secure or exposed, analysts can effectively measure the organization's cyber risk. Analysts can use the metrics provided by Tenable.io to determine how much and where to invest in order to reduce risk to an acceptable amount. Tenable.io is the first Cyber Exposure solution that provides the key risk metrics that organizations need to measure risk exposure.
WEB SERVER VULNERABILITIES BY PLUGIN FAMILY
Assets can sometimes have multiple web facing services, which can in turn be affected by multiple vulnerabilities. This component maps out the vulnerabilities found in assets by their plugin families. This allows analysts to see which vulnerabilities need to be addressed first and which services those vulnerabilities affect.
WEB SERVICES VULNERABILITIES BY PORT
From web pages to VPNs, vulnerabilities can appear across all assets. This component maps out the different web service ports that have vulnerabilities present and correlates that data based on the type of service that listens on that port. This data allows analysts to understand which services contain the largest threat relative to the organization's attack surface.
SSL PLUGINS INDICATOR
SSL vulnerabilities concern nearly every modern asset. This component highlights the common and high profile SSL issues that organizations face today. This allows analysts to understand which SSL vulnerabilities affect them and which of those vulnerabilities poses the greatest threat.
WEB SERVICES INDICATOR
The number of assets that host different kinds of web services is ever growing. Some assets may have web services built into their default listening services. This component identifies the most common services so that analysts can correlate which assets correspond with different services on their network.