CVE Analysis Report

In the early days of the Internet, vulnerabilities were not publicly known or identifiable. In 1999, the information security industry endorsed the importance of using a common format in identifying vulnerabilities, thus the Common Vulnerabilities and Exposures (CVE®) was created. Tenable products were first CVE Compatible in 2004, and Tenable continues to lead the security industry in vulnerability management and continuous network monitoring by embracing accepted standards such as CVE.

Cyber Exposure has an operational security lifecycle which aims to provide common visibility to Security and IT teams. Tenable Vulnerability Management utilizes the CVE program to reference each of the vulnerabilities detected. This identifies and remediates security issues quickly and efficiently. The CVE identifiers can be used throughout several areas of the Cyber Exposure lifecycle within Tenable Vulnerability Management for reporting, asset identification, risk management, and threat mitigation. The CVE Analysis report helps to identify vulnerabilities for a number of device types such as: Windows, macOS, Linux, and Web devices.

CVE is a widely used industry standard for identifying vulnerabilities across software vendors and vulnerability management systems. Using CVE IDs to identify vulnerabilities allows organizations to easily target affected systems and software for remediation. As vendors provide patches for widespread vulnerabilities such as WannaCry and Krack, many new plugins are released. The task of tracking vulnerabilities is simplified by using CVE identifiers, as the CVE identifiers for vulnerabilities remain the same even as new patches and plugins are released. Using CVE is a very flexible and useful method of detecting vulnerabilities to assist in the risk management process.

Cyber Exposure is the next frontier for empowering organizations to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. Cyber Exposure will help the CISO drive a new level of dialogue with the business. Being able to know which areas of your business are secure or exposed, then the CISO can more effectively measure the organizations Cyber Risk. For example, how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions.

This report provides the business with an easy to understand format for displaying the current count of vulnerabilities based on CVE release data and collection methods. This allows analysts and administrators to accurately represent and communicate cyber risk back to the business.Tenable.io is the first solution in Cyber Exposure that provides the key risk metrics business’ need to measure risk exposures.

Chapters

Windows - This section provides an analysis of detected CVE vulnerabilities based on the vulnerabilities Windows plugin family.

macOS - This section provides an analysis of detected CVE vulnerabilities based on the vulnerabilities macOS plugin family.

Linux - This section provides an analysis of detected CVE vulnerabilities based on the vulnerabilities Linux plugin family.

Web - This section provides an analysis of detected CVE vulnerabilities based on the vulnerabilities Web plugin family.

Each chapter displays first an initial barchart listing the most prevalent mitigated CVE vulnerabilities. Following the barchart is a table showing the top 25 mitigated CVEs. After the table are another barchart and table displaying CVE vulnerabilities that are detected as being Active, Resurfaced, or New. Finally, each chapter follows up the second group of widgets by providing users vulnerability details for those CVE Vulnerabilities that have states listed as Active, Resurfaced, or New.