by Carole Fennelly
August 23, 2023
The purpose of this dashboard is to provide security leaders with information to prioritize and remediate the worst cyber risk exposures currently present in their environment. Very often the worst cyber risk exposures get lost in a sea of vulnerabilities, which creates a challenge for busy security leaders in identifying the most serious exposures and prioritizing a remediation plan.
Displayed in the dashboard are the Top Cybercrime exposures that can be exploited with minimal effort and skill. These vulnerabilities have been known to cause the most damage with the least amount of effort, making them a favorite target for cyber-criminals. Tenable recommends assigning the highest priority to remediate these vulnerabilities.
The Worst-of-the-Worst vulnerabilities are serious exposures that are remotely exploitable, have low complexity, require no authentication, and have a high Tenable VPR score. The Tenable VPR score helps customers understand what is likely to be exploited in the next 30 days, based on Tenable’s Threat Intelligence research.
The Exploitable, Malware and Unsupported Product components of the dashboard provides visibility into other exposures that need to be evaluated for remediation. Additional filters can be applied to this dashboard to focus on specific asset characteristics, such as assets with the highest Asset Criticality Rating (ACR), often referred to as the “Crown Jewels” of the organization, or on critical stakeholders, teams or any other conditions to provide specifically targeted information.
Security leaders need to SEE everything, PREDICT what matters most, and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Vulnerability Management discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. The requirement for this dashboard is: Tenable Web App Scanning.
Widgets
Top CyberCrime Exposures from 2015-2022: This widget displays exposures that can be exploited with minimal effort and skill. These vulnerabilities have been known to cause the most damage with the least amount of effort, making them a favorite target for cyber-criminals. The widget filters to show only active, resurfaced, or new plugins or filter out any accepted risks. The CVE filter can be used to focus on CyberCrime related CVEs. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Assets with the Most CyberCrime Exposures from 2015-2022: This widget displays assets that have the most exposures that can be exploited with minimal effort and skill. These vulnerabilities have been known to cause the most damage with the least amount of effort, making them a favorite target for cyber-criminals. The widget will filter to show only active, resurfaced, or new plugins or filter out any accepted risks. The CVE filter can be used to focus on CyberCrime related CVEs. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Top Worst-of-the-Worst Exposures: This widget displays serious exposures that are Remotely Exploitable, Low Complexity, No Authentication Required vulnerabilities that also have a high Tenable VPR score and an exploit is available. The widget filters to show only active, resurfaced, or new plugins. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Assets with the Most Worst-of-the-Worst Exposures: This widget displays assets with serious exposures that are Remotely Exploitable, Low Complexity, No Authentication Required vulnerabilities that also have a high Tenable VPR score and an exploit is available. The widget filters to show only active, resurfaced, or new plugins. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Top Exploitable Exposures: This widget displays the most prevalent vulnerabilities in the environment that are exploitable by any method. The widget filters to show only active, resurfaced, or new plugins or filter out any accepted risks. The exploitable filter can be used to display only plugins that have exploits available. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Assets with the Most Exploitable Exposures: This widget displays the assets that have the most vulnerabilities that are exploitable by any method. The widget filters to show only active, resurfaced, or new plugins or filter out any accepted risks. The exploitable filter can be used to display only plugins that have exploits available. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Top Malware Exposures: This widget displays the most prevalent, active malware exposures. The widget filters to show only active, resurfaced, or new plugins or filter out any accepted risks. The exploitable filter can be used to display only plugins that can be exploited by malware. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Assets with the Most Malware Exposures: This widget displays the hosts with the most active malware exposures. The widget filters to show only active, resurfaced, or new plugins or filter out any accepted risks. The exploitable filter can be used to display only plugins that can be exploited by malware. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Top Unsupported Products: This widget displays a sorted list of the most prevalent unsupported products found in the environment. The widget filters to show only active, resurfaced, or new plugins or filter out any accepted risks. The plugin filter can be used to display only unsupported plugins. The requirement for this widget is: Tenable Vulnerability Management (Nessus).
Assets with the Most Unsupported Products: This widget displays the assets that currently have the highest count of unsupported products in the environment. The widget filters to show only active, resurfaced, or new plugins or filter out any accepted risks. The plugin filter can be used to display only plugins that search for unsupported products. The requirement for this widget is: Tenable Vulnerability Management (Nessus).