Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Outstanding Remediation Tracking

by Ryan Seguin
October 20, 2017

Every day after an asset is added to a network, maintaining continuous visibility into where an asset is secure, or exposed, and to what extent is crucial. As time passes, assets grow and shrink in their risk scope, and that risk mostly comes from outdated and unpatched vulnerabilities. Even with rigorous risk management practice, assets are often missed, and this report serves to give a clear snapshot at which assets have fallen behind.

As assets age, so too does the process that secures them, and that process needs to evolve to stay ahead of legacy threats. In addition to identifying which assets have been missed by the organization’s mitigation strategies, End of Life assets pose the greatest risk. Any assets labeled as End of Life are no longer receiving security updates and support by the vendor, which in turn sets a permanent bottom line to an organization’s Cyber Exposure gap. 

Cyber Exposure will help analysts drive a new level of dialogue with the business. By knowing which areas of the business are secure or exposed, analysts can effectively measure the organization's Cyber Risk. Analysts can use the metrics provided by Tenable.io to determine how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions. Tenable.io is the first Cyber Exposure solution and provides key risk metrics that organizations need to measure risk exposure. 

Tables

Outstanding Remediations - Time since Patch Publication

The Outstanding Remediations - Time since Patch Publication matrix reflects three key points of risk: total count of missing patches, vulnerability severity, and exploitability ratio. Assets with the largest number of missing patches possibly represent a higher level of mitigation effort, and may be the most time consuming to address. Assets with a high exploitability ratio represent a fast lane for attackers, and removing these vulnerabilities is one of the best ways to reduce risk.

Outstanding Microsoft Remediations - Time since Patch Publication

The Outstanding Microsoft Remediations - Time since Patch Publication matrix reflects three key points of risk for Microsoft systems: total count of missing patches, vulnerability severity, and exploitability ratio. Assets with the largest number of missing patches possibly represent a higher level of mitigation effort, and may be the most time consuming to address. Assets with a high exploitability ratio represent a fast lane for attackers, and removing these vulnerabilities is one of the best ways to reduce risk.

Outstanding Remediations by Device Type

The Outstanding Remediations By Device Type matrix reflects three key points of risk across different asset types: total count of missing patches, vulnerability severity, and exploitability ratio. Assets with the largest number of missing patches possibly represent a higher level of mitigation effort, and may be the most time consuming to address. Assets with a high exploitability ratio represent a fast lane for attackers, and removing these vulnerabilities is one of the best ways to reduce risk.

End of Life Software Detection

The End of Life Software Detection table provides a look at which assets have reached their end of life from the vendor. All assets in this list will have vulnerabilities that cannot be fixed by the vendor, and therefore can only be mitigated through upgrades or removal. Assets found here that can be upgraded to a higher supported version should be upgraded immediately, as vendors no longer list active vulnerabilities for EoL software. 

Category: 
Fix
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.