by Stephanie Dunn
August 26, 2016
Many organizations struggle with keeping systems patched without disrupting uptime availability. Implementing an effective patch management policy can address these issues, as any patch applied that is not tested properly can result in access to critical systems or data being offline or unavailable. This report provides organizations with a high-level overview of vulnerabilities and events reported by patch management systems.
Deploying patches can become complex to manage as user mobility requirements change and additional devices are added to the network. This change may require the addition of one of more patch management systems to support an organization’s growing infrastructure needs. Tenable Nessus has the ability to query a variety of patch management solutions, and verify whether or not patches are installed on managed systems. Additionally, Nessus can also report on unmanaged hosts, or hosts that have fallen out of management, or aren’t functioning properly. Having a comprehensive patch management policy in place can provide organizations with a consistent, repeatable process that can be used to keep systems up to date.
This report provides organizations with valuable information that can be used to compare patch management policies against the effectiveness of existing patch management solutions. Elements included within this report can be used to identify systems that may have been overlooked, fallen out of management, or are unmanaged. Analysts can use this information to target and mitigate existing vulnerabilities on managed hosts. This information can be used to help prevent attackers from injecting malicious code or compromise other systems on the network. Event data can alert analysts to issues with patch management solutions, missing clients, and patch failures on systems that need to be addressed. Other built-in patch management services can highlight vulnerabilities, potential misconfigurations, or services that need to be disabled. Information on potential remediation opportunities can assist with prioritizing patch management efforts. By monitoring these solutions, organizations will be able to effectively monitor and remediate configuration issues associated with patch management systems.
This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Discovery & Detection. The report requirements are:
- Tenable.sc 5.4.0
- Nessus 8.6.0
- NNM 5.9.0
- LCE 6.0.0
Tenable's Tenable.sc Continuous View (CV) is the market-defining continuous network monitoring solution, and can assist in securing an organization’s internal network and effectively monitor patch management solutions. Tenable.sc CV is continuously updated with information about advanced threats, zero-day vulnerabilities, and new regulatory compliance data. Active scanning periodically examines systems to determine vulnerabilities and compliance concerns. Agent scanning enables scanning and detection of vulnerabilities on transient and isolated devices. Passive listening provides real-time discovery of vulnerabilities on operating systems, protocols, network services, wireless devices, web applications, and critical infrastructure. Host data and data from other security products is analyzed to monitor patch management solutions on the network. Tenable.sc CV provides an organization with the most comprehensive view of the network and the intelligence needed to support proactive patch management efforts.
The following chapters are included in this report:
- Executive Summary: This chapter presents a high-level overview of the top vulnerabilities detected by patch management systems within an organization. Vulnerabilities are tracked by severity and patch management system, which will provide a summary of vulnerabilities present in the network. Each element within this chapter can assist with patch remediation efforts, and help determine the overall effectiveness of existing patch management solutions on the network.
- Patch Management Vulnerability Summary: This chapter presented detailed information on detected vulnerabilities by severity. Elements included within this chapter are filtered by Critical, High, and Medium severity levels, and present a list of Microsoft Bulletins vulnerabilities reported by patch management systems. Results from each element may include results from multiple patch management systems supported by Tenable. Each table provides targeted information that analysts can use to prioritize remediation efforts and identify the most critical vulnerabilities first.
- Patch Management Reports and Events: This chapter presents a patch report and event summary overview. Elements will include a list of hosts and operating systems that have been scanned and reporting missing security patches. Patch Management events from solutions such as Microsoft SCCM, Microsoft WSUS, Windows Update, IBM BigFix, OS X Software Update, and Linux Yum Updates will alert analysts to changes such as patches failing to install correctly, or hosts that need to be restarted. Information presented within this chapter can be modified to per organizational requirements.
- Patch Management Server and Compliance Issues: This chapter provides detailed information on existing compliance concerns and vulnerabilities detected on patch management systems and services. Leaving these services misconfigured can allow for attackers to inject malicious code into patch management systems that can be distributed out to the enterprise. Analysts can use this information presented within this chapter to identify misconfigurations within patch management solutions that could potentially impact critical systems and patch management efforts.
- Patch Management Clients: This chapter includes a summary of detected patch management clients on the network. A trend chart will report on client changes from supported patch management systems including IBM BigFix, Symantec Altiris, Red Hat, Microsoft SCCM, and Microsoft WSUS. Each element within this chapter can help analysts to track client changes, misconfigured clients, or detect potentially unauthorized hosts.