Improving Scans With Assets In SecurityCenter
Assets within SecurityCenter are one of the more powerful objects that can be used, but I often discover when working with my customers that they are ignored or at most, misunderstood.
An asset is very simply a method of grouping similar devices on your estate together. These similarities can be based on a variety of factors with increasing complexity:
- Operating System
- Network Address range
- Ports in use
- Applications installed
- Location in Active directory
- Devices talking using a specific port/protocol
- Severity and number of vulnerabilities
- Specific vulnerabilities
And a whole lot more besides. You can also use Boolean combinations to make highly complex mixtures using AND/OR/NOT combinations to include or exclude certain devices. One example could be:
- All devices in AD matching: OU=Admin, dc=foo, dc=bar
- NOT in the address range: 172.16.0.0/24
- AND Vulnerabilities where Severity=Critical, Published > 30 days ago
- OR Vulnerabilities where Severity=High, Published > 90 days ago
The bottom two sections there are an example of a particular KPI for some businesses where they need to ensure that they are fixing Critical vulnerabilities within 30 days of publication and Highs within 90 days.
One of the main advantages of any asset grouping that is dynamic is that you remove the requirement of environmental knowledge from the user and shift that to be vulnerability based querying instead, so that anyone who can use SecurityCenter to ask the right questions can discover the answers quickly. Those assets are also used as an integral part of SecurityCenter as a whole, within Dashboards, Reporting, Alerting & Workflow and Assurance Report Cards as a core element. This takes the use of those basic or custom assets and expands the information source to be context based.
All of these assets are also provided as an included component with either SecurityCenter or SecurityCenter Continuous View, and you can have an unlimited amount of these assets on a per user basis. You can even share these assets with other SecurityCenter users, even if they are not using the same SecurityCenter as your organisation as the language that builds the Assets is XML. It includes an encrypted definition within the XML that refers to the object(s) that you are referencing, meaning it cannot be reverse engineered to reveal any data pertinent to your SecurityCenter data.
Assets themselves are a massively powerful object and use case within SecurityCenter, if you would like to learn more about these and other areas within Tenable Vulnerability Management then please email firstname.lastname@example.org to organise a phone call/demonstration with one of our Tenable engineers.