Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Relative Date Summary Report

by Steve Tilson
April 18, 2017

Managers need to know the effectiveness of an organizations security program. Often key metrics are not available to accurately determine this information.  Knowing when a vulnerability is discovered, how often systems are being scanned, and when a vulnerability is remediated can provide valuable insight into potential security gaps. This report presents a high-level overview of vulnerability counts, trends, and remediation efforts over 25 days, 3 months, 6 months and 12 months.

Many organizations use a combination of vulnerability scanners and patch management solution to patch vulnerabilities on hosts within their environment. These various methods may lead to multiple reports that do not contain accurate information.  Inaccuracy may be due to, configuration issues with managed host, systems being offline, or access issues.  Data collected from these solutions may provide outdated information or lead to unnecessary patching efforts by security teams. Tracking the progress of each area throughout the enterprise will provide a clear picture of systems at risks and where security teams should focus mitigation efforts.

This report will provide organizations with a clear picture of remediation efforts over time. Elements within this report will include information on vulnerability and compliance status over each quarter for 1 year cumulatively. Although information presented within this report uses pre-defined time periods, elements can be modified to suit organizational requirements. Data presented within this report can be used to compare how often vulnerabilities are being remediated, and whether existing patch management efforts need to be improved or policy needs adjusted.

 This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Executive. The report requirements are:

  • Tenable.sc 5.4.5
  • Nessus 8.5.1
  • NNM 5.9.1

Tenable constantly analyzes information from our unique sensors, delivering continuous visibility and critical context and enabling decisive action that transforms the security program from reactive to proactive. 

Active scanning examines running processes and services, detects vulnerable software applications, configuration settings, and additional vulnerabilities. 

With more supported technologies than other vendors, Tenable.sc Continuous View (CV) is able to analyze vulnerabilities and collected logs from a wide range of operating systems, network devices, hypervisors, databases, elements, phones, web servers, and critical infrastructure devices.  By prioritizing remediation actions of misconfigured systems, the organization can maximize their investment in compliance reporting and system hardening efforts. 

 Tenable enables powerful, yet non-disruptive, continuous monitoring that will provide organizations with the information needed to detect and remediate vulnerabilities within the enterprise.

 

    This report contains the following chapters:

    Executive Summary - This Executive Summary chapter presents a summary of vulnerabilities discovered over specific time periods. Each element includes both discovered, remediated, and compliance related vulnerabilities over 25 days, 3 months, 6 months and 12 months.  Information presented within chapter can provide managers of the organization’s vulnerability remediation efforts.  

    25 Day Summary - The 25-day Summary chapter covers all vulnerabilities discovered within the past 25 days. The objective of this chapter is to present the most recent vulnerabilities discovered. The data is displayed in three sections: the first section shows vulnerabilities that have been discovered; the second shows remediated vulnerabilities; and the third shows the compliance checks.

    3 Month (90 Day) Summary - This chapter covers all vulnerabilities discovered in the previous 90 days. The objective of this chapter is to represent vulnerabilities discovered over 3 months. The data is displayed in three sections: the first section shows vulnerabilities that have been discovered; the second shows remediated vulnerabilities; and the third shows the compliance checks.

    6 Month (180 Day) Summary - This chapter covers all vulnerabilities discovered during the previous 180 days. The objective of this chapter is to represent vulnerabilities discovered during the past 6 months. The data is displayed in three sections: the first section shows vulnerabilities that have been discovered; the second shows remediated vulnerabilities; and the third shows the compliance checks.

    12 Month (365 Day) Summary - This chapter covers all vulnerabilities discovered during the previous 365 days. The objective of this chapter is to represent vulnerabilities discovered during the past 12 months. The data is displayed in three sections: the first section shows vulnerabilities that have been discovered; the second shows remediated vulnerabilities; and the third shows the compliance checks.