Malware presents a risk to any organization and comes packaged in many forms. Malware can exploit weaknesses in vulnerabilities to make software or hardware perform actions not originally intended. Vulnerabilities can also be widely exploited shortly after publication as malware authors reverse engineer the fix and come up with "1-day exploits" that can be used to attack organizations.
Developers of malware and other malicious code are creating new methods of exploiting systems on a daily basis. Tenable.io easily identifies the hosts most vulnerable to malware and other exploitation frameworks. This report provides the necessary information on vulnerable assets to accurately represent and communicate the associated cyber risk to the business.
Several compliance standards such as Cyber Security Framework, NIST 800-53, and PCI, reference conducting risk assessments. Part of any risk assessment is to conduct penetration testing. Wikipedia defines a penetration test, also known as "pen test", as a software attack on a computer system that looks for security weaknesses and potentially gains access to the computer's features and data. Many companies provide pen-test services and use tools such as Core Impact and Immunity's CANVAS.
These frameworks provide security professionals with the ability to safely compromise a system and simulate attacks using published vulnerabilities. This report provides executives and administrators alike, with an insight into how vulnerable their network is to attacks by such frameworks. Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. In addition, Tenable.io is the first solution in Cyber Exposure that provides the key risk metrics a business needs to measure risk exposures.
Cyber Exposure is the next frontier for empowering organizations to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. Organizations that embrace Cyber Exposure are learning a new discipline on how to manage and measure their cyber risk across traditional and non-traditional assets, such as container security, cloud services, and web applications. Knowing which areas of your business are secure or exposed, allows for more effective measurement of an organization's Cyber Risk. For example, how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions.
This report contains the following Chapters:
Exploitable by Malware - This chapter presents a summary of the top 100 vulnerabilities that have been identified to be exploitable using malware.