Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Prioritize Hosts Dashboard

What systems on your network need attention now? With all the administrative work you need to have done by yesterday, how do you prioritize mitigation efforts to deal with host vulnerabilities? The enhanced vulnerability detection capabilities of Tenable.io™ can help you make the best prioritization decisions for keeping your network secure. The Prioritize Hosts dashboard presents several lists of hosts requiring immediate attention, such as top hosts infected with malware and top hosts with exploitable vulnerabilities, to help you decide which hosts should be prioritized first.

Prioritize Hosts dashboard

Top priority assets to secure

The Top Hosts Infected with Malware table displays the top hosts on the network that have detected malware infections. The plugin family Backdoors is used to detect malware on the hosts. A count of malware detections and a bar graph indicating the severity of the malware are given for each host. The hosts presented in this table are probably already compromised, making them the highest priority to deal with before an infection can spread.

To learn more about these malware infections, go to the Vulnerabilities Workbench and set an Advanced filter of Plugin Family equal to Backdoors:

Vulnerabilities Workbench

 

Advaanced search filter for backdoors

Once the filter is applied, clicking on individual vulnerabilities in the table at the bottom of the Workbench will bring up the malware infection vulnerability details. These details include the vulnerability description and the assets the vulnerability was detected on, and may also include information such as plugin output, last seen time, and solution information.

The Top Hosts with Exploitable Vulnerabilities table displays the top hosts on the network that have vulnerabilities that are known to be exploitable. Well-known exploits such as Shellshock are added to exploit frameworks like Metasploit or Core Impact to allow pen testers to exploit vulnerable systems. Unfortunately, malicious adversaries also use these frameworks to attack companies. This table is showing systems that are vulnerable to these frameworks and other malware known to exist in the wild. I find these vulnerabilities particularly concerning because any script kiddie can easily knock over any of your machines that have one of these vulnerabilities. I recommend making these hosts a high priority to lock down—especially if they are internet-facing!

To learn more about these exploitable vulnerabilities, go again to the Vulnerabilities Workbench and this time set the Advanced filter of Exploit Available equal to true:

Advanced search filter for exploitable vulnerabilities

As before, clicking on an individual vulnerability will bring up the details:

Vulnerabilities details

These details provide lots of useful information, including the vulnerability description and the assets the vulnerability was detected on. Also included may be plugin output, when the vulnerability was first seen, reference information, and links to go to for more information. Most importantly, solutions to the vulnerabilities are given. In almost all cases, the solution to these exploitable vulnerabilities is to patch your applications and operating systems, and upgrade older versions of software.

Prioritizing assets using vulnerability plugin families

The Top Hosts Running Vulnerable Web Servers table displays the top hosts with web server vulnerabilities and vulnerabilities in web technologies such as PHP and OpenSSL. These vulnerabilities are troublesome because they may allow an attacker to access data that should not be publicly accessible. Leakage of this data can lead to loss of sensitive information and may even put people at risk of identity theft. You will likely discover that you have more web servers on your network than you thought you did, which is a security risk as well! Make sure all detected web servers are authorized, and that they are properly secured.

For details on these web server vulnerabilities, go to the Vulnerabilities Workbench and set the Advanced filter of Plugin Family equal to Web Servers. In addition, to only display those vulnerabilities that are of most concern, set a filter of Severity not equal to None:

Advanced search filter for web servers with priority

Both the Top Hosts Infected with Malware table and the Top Hosts Running Vulnerable Web Servers table make use of filters on Plugin Family. You can use other plugin family filters to detect other types of vulnerabilities on assets. For example, you may want to know how vulnerable your databases are: you can use the Databases plugin family. Other plugin family suggestions are Firewalls, SCADA, Cisco, and local security checks for various operating systems. Use the plugin families that are appropriate in your environment to help you prioritize assets to secure, and check the vulnerability details for guidance on how to secure the assets.

Prioritizing assets using vulnerability keywords

The final table on the dashboard, Top Hosts with Java Vulnerabilities, uses a keyword filter for “java” in the Plugin Name to display the top hosts with Java vulnerabilities. These vulnerabilities include outdated versions of Java and the Java Development Kit (JDK), and vulnerabilities in applications that use Java. Because of the filter, concerns with JavaScript will also be included. Since Java is so commonly used on all kinds of devices, Java vulnerabilities can potentially open up huge security holes. These vulnerabilities must be dealt with as soon as possible.

For details on these vulnerabilities, go to the Vulnerabilities Workbench and set the Advanced filter of Plugin Name to contains java (the filter is not case sensitive):

Advanced search filter for Java plugins with priority

You can use other Plugin Name keywords to detect other types of vulnerabilities. For example, use “adobe” to find vulnerabilities in Adobe products, “unsupported” to find products that are no longer supported, “default”, “malicious process”, and “xss”. These and other plugin name keywords may be appropriate in your environment and can help you prioritize assets to secure. Experiment a bit! There are many possible filters; find the ones that best help your organization discover vulnerabilities that are the highest priority to fix.

Flexible licensing

The Tenable.io Vulnerability Management platform accurately captures vulnerabilities on transient and dynamic assets. Because asset data can change constantly, Tenable’s new Elastic Asset Licensing model employs an advanced algorithm to track changing asset attributes across the network over time. This asset-based model helps you recover licenses for temporary systems and isolated assets that are scanned periodically.

Try Tenable.io

Tenable.io provides accurate information on how well your organization is addressing security risks, and helps track improvements over time. Try Tenable.io Vulnerability Management free for 60 days.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training