Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Defending Against Ransomware (ACT)

by Josef Weiss
October 5, 2022

defending against ransomware screenshot

Ransomware attacks leverage well-known and established software vulnerabilities and poor cyber hygiene. Successful ransomware attacks can cripple an organization with increased costs and lost revenue. There are many contributing factors to the upward trend of ransomware. The most important is the large number of software vulnerabilities and misconfigurations, along with Active Directory (AD) weaknesses that enable attackers to escalate privileges. Threat actors leverage poor cyber hygiene to their advantage to gain a foothold and propagate attacks. Ransomware has been very profitable for organized crime, which targets lucrative businesses that can afford large payouts. Many organizations purchase ransomware insurance to mitigate the cost of a breach, but insurers are starting to push back against large payouts if the organization is found to be negligent in following industry security guidance.

Ransomware is a symptom of poor cyber hygiene and security awareness, which can impact operational availability and lead to increased cost. Comprehensive and regularly tested Disaster Recovery and Data Recovery plans go a long way toward combating the effects of ransomware and other threats to the business. This dashboard highlights a path forward with an in-depth focus on cyber hygiene by enabling IT staff to focus on vulnerabilities that could have the most impact to the organization in the event of a ransomware attack. For more information, see the Tenable blog: Focus on the Fundamentals: 6 Steps to Defend Against Ransomware.

The first row of this dashboard indicates the most significant areas of concern. Displayed in the first column are vulnerabilities that have a published exploit. The middle column displays the current hygiene state. The vulnerability mitigation state is shown in the right column.

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable.io discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. The requirements for this dashboard are: Tenable.io Vulnerability Management (Nessus, NNM) and Tenable Web Application Security (WAS).

Widgets

CVSS to VPR Heat Map - This widget provides a correlation between CVSSv3 scores and Vulnerability Priority Rating (VPR) scoring for the vulnerabilities present in the organization. The CVSSv3 scores are the standard scoring system used to describe the characteristics and severity of software vulnerabilities. Tenable's VPR helps organizations refine the severity level of vulnerabilities in the environment by leveraging data science analysis and threat modeling based on emerging threats. Each cell is comprised of a combination of cross-mapping of CVSS & VPR scoring.  Using a heat map approach, the filters begin in the left upper corner with vulnerabilities that present least risk.  Moving to the right and lower down the matrix the colors change darker from yellow to red as the risk levels increase.  Tenable recommends that operations teams prioritize remediation for risks in the lower right corners, and then work towards the upper left cells. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Vulnerability and Missing Patch Heat Map - This widget provides a correlation between Patch Published dates and Vulnerability Published dates for the vulnerabilities present in the organization. The Patch Published dates indicate when a vendor published a patch for the vulnerability, while the Vulnerability Publication date is the date when the vulnerability definition was first published (for example, the date the CVE was published). Each cell consists of a cross-mapping of Patch Publication and Vulnerability Publication. The widget uses a heat map approach, with the upper left corner containing the vulnerabilities and patches that have been published in the last 30 days. Moving lower and to the right in the matrix, the colors change from yellow to red as the risk levels increase. Tenable recommends mitigating risks shown in the lower right cells and working towards the upper left cells, since the lower right cells represent missing patches associated with vulnerabilities that have been present within the organization for a longer time period. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Exploitability by Attack Vector - This widget displays three columns of exploitable vulnerabilities by the CVSS Exploitability Metric Vectors: AV:N (Network), AV:A (Adjacent Network), and AV:L (Local). A row for each exploit framework is provided. The CVSS metric vector specifies the pathway that can be used to exploit the vulnerability. Vulnerabilities that can be exploited remotely are a greater risk, since there is a global threat vector. Vulnerabilities that can be exploited locally require local access to the system through another mechanism, such as an authorized user or  a remote-execution vulnerability. Threat vectors are designated as Network (AV:N), Adjacent (AV:A), and Local (AV:L). Security analysts can effectively reduce risk to the organization by prioritizing remediation on vulnerabilities that can be remotely exploited from known exploits and exploit frameworks. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

BOD 22-01– DHS Tracked Known Exploited Vulnerabilities - This widget displays vulnerability status counts for DHS tracked known vulnerabilities derived from the CISA Known Exploited Vulnerabilities Catalog. The widget uses the CVE filter to exactly match the CVEs included in the CISA Known Exploited Vulnerabilities Catalog and sorts the results in rows by: past due vulnerabilities The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Top 2021 OWASP Categories Discovered (Last 14 Days) - This widget displays the percentages of active Web Application vulnerabilities from Tenable.io WAS by OWASP category for 2021. The requirement for this widget is: Tenable Web Application Security (WAS).

Microsoft Active Directory Findings - This widget displays a vulnerability summary for assets that contain any vulnerabilities related to Active Directory. This widget uses the application CPE filter to cross reference Tenable plugins that contain active_directory, including those from the AD Starter Scan.  The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

log4shell - Log4j Concerns - This widget widget alerts organizations to potential concerns regarding the Log4j vulnerability. Displayed are the vulnerabilities that are directly associated with the log4shell CVEs (CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2021-4104, and CVE-2021-45105) and Log4j installations. Since installing Java v8 is also a requirement to address this exploit, a row is presented of vulnerabilities that are associated with Java, JRE, and JDK. Identifying where Log4j and Java are installed in the organization enables security teams to prioritize remediation. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Vulnerability Overview by Year - This widget tracks vulnerability mitigations by year. Each row covers a time period. The bottom row displays vulnerabilities that were made public from 2016 and earlier. The ascending rows display vulnerabilities from more recent time periods, up to the current year.  The Mitigated column displays the total number of mitigated vulnerabilities. The Unmitigated column displays the total number of vulnerabilities that have not yet been mitigated. The Exploitable column displays the number of those unmitigated vulnerabilities that are known to be exploitable. The Patch Available column displays the number of unmitigated, exploitable vulnerabilities that have had a patch available for more than 30 days. The Exploitable Assets column displays the number of assets on the network that have unmitigated, exploitable vulnerabilities. Drilling down into the widget provides more details about vulnerabilities discovered by this filter. This information demonstrates the effectiveness of the security program over time. If vulnerabilities from previous years are still present in the environment, security management needs to address why they are not mitigated. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Fixed Patches by Vulnerability Publication Date - This widget displays columns that contain counts of fixed vulnerabilities grouped by the patch publication dates of 0-30, 31-60, 61-90, and more than 90 days ago. Each cell contains a count of fixed vulnerabilities grouped in rows by Microsoft Windows systems, Unix Systems, Network Systems*, and vulnerabilities specified in the DHS BOD 22-01 and Tenable's 2021 Threat Landscape Retrospective. This matrix helps organizations map mitigation progress to ensure compliance with organizational policies and Service Level Agreements (SLAs). The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until December 31st.
Buy a multi-year license and save more.

Add Support and Training