ASD Top 4 Mitigation Strategies - List of Software - This Component Provides A Common Application Vendors - Vulnerability Summary - This Component Displays

Uploaded by

This dashboard provides analysts with information about the software installed on an organization's network. It contains components that display a detailed list of discovered software, vulnerabilities found in common application vendors, outstanding patches by operating system, software modification events, and a summary of potentially unwanted software. Maintaining an inventory of authorized software is considered a critical security control. The dashboard leverages active scanning, passive network monitoring, and system logs to collect software information using SecurityCenter Continuous View and its Log Correlation Engine and Passive Vulnerability Scanner.

Copyright:

Available Formats

Download as DOC, PDF, TXT or read online from Scribd

ASD Top 4 Mitigation Strategies - List of Software - This Component Provides A Common Application Vendors - Vulnerability Summary - This Component Displays

Uploaded by

Irene

0% found this document useful (0 votes)

33 views2 pages

Original Description:

not mine

Original Title

Copyright

Available Formats

DOC, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Download as DOC, PDF, TXT or read online from Scribd

Download as doc, pdf, or txt

0% found this document useful (0 votes)

33 views2 pages

ASD Top 4 Mitigation Strategies - List of Software - This Component Provides A Common Application Vendors - Vulnerability Summary - This Component Displays

Uploaded by

Irene

Copyright:

Available Formats

Download as DOC, PDF, TXT or read online from Scribd

Download as doc, pdf, or txt

Jump to Page

You are on page 1of 2

Search inside document

A good vulnerability management program requires that an organization also know the software

installed on its systems. This dashboard and its components provide information to analysts
about software that is discovered on the network. According to the Center for Internet Security
(CIS), Critical Security Control (CSC) Control 2 (CSC 2) is the Inventory of Authorized and
Unauthorized Software.
CSC 2: Actively manage (inventory, track, and correct) all software on the network so that only
authorized software is installed and can execute, and that unauthorized and unmanaged software
is found and prevented from installation or execution.
Maintaining a detailed list of software used on computers in the network can be a very difficult
task. However, using SecurityCenter Continuous View (CV), security professionals can collect
information about software installed on a network using three distinct methods. The first method
is active scanning with credentials. This allows the analyst to analyze each computer to collect
the information about installed software. The second method is to passively monitor the network,
and text software by analyzing live traffic on the network. The third method is by using system
event logs from workstations and servers. This allows software inventory to be tracked using
different events that monitor change control.
The dashboard and its components are available in the SecurityCenter Feed, a comprehensive
collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be
easily located in the SecurityCenter Feed under the category Monitoring.
The dashboard requirements are:

SecurityCenter 5.0.0
Nessus 6.6.2
PVS 5.0.0
LCE 4.8

SecurityCenter CV enables the organization to react to advanced threats, zero-day vulnerabilities,

and new forms of regulatory compliance. The Log Correlation Engine (LCE) provides log
inspection to continuously discover and track users, applications, cloud infrastructure, trust
relationships, and vulnerabilities. The Passive Vulnerability Scanner (PVS) performs deep packet
inspection enabling discovery and assessment of operating systems, network devices,
hypervisors, databases, tablets, phones, web servers, cloud applications, and critical
infrastructure. SecurityCenter CV provides a unique combination of detection, reporting, and
pattern recognition utilizing industry recognized algorithms and models.
The dashboard contains the following components:

ASD Top 4 Mitigation Strategies - List of Software - This component provides a

detailed list of software currently discovered on the network.
Common Application Vendors - Vulnerability Summary - This component displays
various application vendors by row, and enumerates any found vulnerabilities across the
columns.

Executive Summary - Outstanding Patches by Operating System - The Outstanding

Patches by Operating System component is a table with counts of vulnerabilities based
on the OS local security check plugins.
ASD Top 4 Mitigation Strategies - Software Modification Events - This component
provides an indicator for file changes or modification events collected from systems with
LCE Clients installed, or from systems where syslogs are collected.
59641 Potentially Unwanted Software - Host Summary - This component provides a
host summary table reports the counts of system, which match the plugin 59641
(Malicious Process Detection: Potentially Unwanted Software). The md5sum of one or
more running process on the remote Windows host matches software known to violate
some corporate policies. Verify that the remote processes are authorized in your
environment.

COS30015 Practical Assignment
Document15 pages
COS30015 Practical Assignment
crazyspartan1999
No ratings yet
Vulnerability Assessment and Penetration Testing
Document19 pages
Vulnerability Assessment and Penetration Testing
Yash Chodvadiya
100% (1)
SOC Overview Guide For SOC Analyst
Document12 pages
SOC Overview Guide For SOC Analyst
Kaushal Kishor
100% (2)
Hack Website Database Using Kali Linux
Document7 pages
Hack Website Database Using Kali Linux
Top G
No ratings yet
Software Criticality Paper PDF
Document10 pages
Software Criticality Paper PDF
Säbiik Bärrëtö
No ratings yet
Student Registration System-Final Report
Document88 pages
Student Registration System-Final Report
Gudako Chaotic-Evil
67% (3)
Cissp - Issmp Exam Outline
Document33 pages
Cissp - Issmp Exam Outline
humdil
No ratings yet
Assignment 1
Document8 pages
Assignment 1
prathameshwadile0
No ratings yet
1) - System Vulnerability
Document7 pages
1) - System Vulnerability
kanaiya valvi
No ratings yet
NOC and SOC
Document19 pages
NOC and SOC
shivpreetsandhu
No ratings yet
Critical Controls Poster 2016
Document2 pages
Critical Controls Poster 2016
pepin1971
No ratings yet
An Agent-Based Bayesian Forecasting Model For Enhanced Network Security
Document8 pages
An Agent-Based Bayesian Forecasting Model For Enhanced Network Security
Dwi Amalia Purnama Sari
No ratings yet
p23 Seifert
Document8 pages
p23 Seifert
JohnnyNess
No ratings yet
CSE DAY 4 Module 5
Document7 pages
CSE DAY 4 Module 5
Vikram Singh
No ratings yet
040.80 - Chapter 3 - Patch Management (Script) PDF
Document4 pages
040.80 - Chapter 3 - Patch Management (Script) PDF
Angelitha Vargass
No ratings yet
Auditing Operating System
Document10 pages
Auditing Operating System
Andreasadityakurnianto
No ratings yet
Cybersecurity Essentials Chapter 7
Document13 pages
Cybersecurity Essentials Chapter 7
Samuel Amure
No ratings yet
Web Application Security - Unit 4 Notes
Document143 pages
Web Application Security - Unit 4 Notes
hell hacker
No ratings yet
ISM - Guidelines For System Hardening (March 2024)
Document20 pages
ISM - Guidelines For System Hardening (March 2024)
k21mtl
No ratings yet
Kaspersky Lab Whitepaper System Watcher
Document6 pages
Kaspersky Lab Whitepaper System Watcher
Deshan Wolfey
No ratings yet
ISM - Guidelines For System Hardening (September 2024)
Document28 pages
ISM - Guidelines For System Hardening (September 2024)
Karthik
No ratings yet
An Agent-Based Bayesian Forecasting Model For Enhanced Network Security
Document8 pages
An Agent-Based Bayesian Forecasting Model For Enhanced Network Security
Sudheer Varma
No ratings yet
Kaspersky Lab Whitepaper Systems Management Eng Final
Document3 pages
Kaspersky Lab Whitepaper Systems Management Eng Final
chaitanya
No ratings yet
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
Document3 pages
An Approach To Vulnerability Management: by Umesh Chavan, CISSP
Raju Patle
No ratings yet
7.Endpoint Security
Document9 pages
7.Endpoint Security
kondapalkala
No ratings yet
OS Security 01
Document9 pages
OS Security 01
shivamvts05
No ratings yet
Audit CharterThe Audit Charter Should State Management
Document11 pages
Audit CharterThe Audit Charter Should State Management
Fares Salman
No ratings yet
CIS Controls V7.0.1-EBOOK - Parte5
Document2 pages
CIS Controls V7.0.1-EBOOK - Parte5
Pedro Alexis Rojas Castro
No ratings yet
Svt_module 2 Additional (1)
Document44 pages
Svt_module 2 Additional (1)
shashwatchandra70
No ratings yet
Assignment 2
Document2 pages
Assignment 2
prathameshwadile0
No ratings yet
NCC'24 Content
Document15 pages
NCC'24 Content
cyberfort75
No ratings yet
Software Architecture Spring 2023 Mid Term Question Solution
Document5 pages
Software Architecture Spring 2023 Mid Term Question Solution
md1974faruk
No ratings yet
CySA Glossary
Document33 pages
CySA Glossary
smm azad
No ratings yet
Mockup_01_Explanation
Document11 pages
Mockup_01_Explanation
erhantamur8
No ratings yet
Brian - Ashworth: Assessment Event 1 - Assess Network Security Threats and Vulnerabilities To Identify Risk (VM)
Document6 pages
Brian - Ashworth: Assessment Event 1 - Assess Network Security Threats and Vulnerabilities To Identify Risk (VM)
parkbenchbruce
No ratings yet
Power Water Cybersecurity Suite Application Control en 326852
Document3 pages
Power Water Cybersecurity Suite Application Control en 326852
Zohaib Jamil
No ratings yet
Nessus and OpenVAS
Document4 pages
Nessus and OpenVAS
Nikhil Amodkar
No ratings yet
Patch Management
Document6 pages
Patch Management
Hiren Dhaduk
No ratings yet
Top Free Cybersecurity Services and Tools PDF
Document100 pages
Top Free Cybersecurity Services and Tools PDF
Marcelo Junior
No ratings yet
First Review Part-A Identification and Statement of The Problem
Document5 pages
First Review Part-A Identification and Statement of The Problem
Mohamed Saleem
No ratings yet
Intrusion Detectionusing Address Monitoring: K. Rahimunnisa, S. Suresh Kumar, Kavya T. S, and Anoop Suraj A
Document3 pages
Intrusion Detectionusing Address Monitoring: K. Rahimunnisa, S. Suresh Kumar, Kavya T. S, and Anoop Suraj A
ankitk_96
No ratings yet
An Audit Trail
Document9 pages
An Audit Trail
Gaby Mbugua
No ratings yet
Chapter 3 Availabilty of Information System
Document5 pages
Chapter 3 Availabilty of Information System
Steffany Roque
No ratings yet
Work 10
Document15 pages
Work 10
mwarubwaj000
No ratings yet
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
From Everand
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
Devi Prasad
No ratings yet
Utilizing Neural Networks For Effective Intrusion Detection: Martin Botha & Rossouw Von Solms
Document15 pages
Utilizing Neural Networks For Effective Intrusion Detection: Martin Botha & Rossouw Von Solms
anioutka
No ratings yet
SOC Cyberthreats
Document12 pages
SOC Cyberthreats
Pranav Haran Harichandran
No ratings yet
Crime Records Management System (Synopsis)
Document12 pages
Crime Records Management System (Synopsis)
sanjaykumarguptaa
80% (5)
INTRODUCTION
Document8 pages
INTRODUCTION
Jadamal sangeetha Choudhary
No ratings yet
Unit 2 Application Security Another - PG 1 - 15
Document15 pages
Unit 2 Application Security Another - PG 1 - 15
Vishal
100% (1)
Unit 2 Application Security Another
Document27 pages
Unit 2 Application Security Another
Vishal
No ratings yet
Cutlass - Rup Risk List
Document6 pages
Cutlass - Rup Risk List
Saud Ab Aljaloud
No ratings yet
Operating System Security
Document19 pages
Operating System Security
Madhuri Betha
No ratings yet
Important Question Ethical Hacking
Document27 pages
Important Question Ethical Hacking
suthojuakhil21
No ratings yet
Chapter 5 Vulnerability Analysis
Document25 pages
Chapter 5 Vulnerability Analysis
Getaneh Alehegn
No ratings yet
Cyber Project
Document13 pages
Cyber Project
Usama Saqlain
No ratings yet
Module-3: Information Security Management
Document17 pages
Module-3: Information Security Management
Akshi Chauhan
No ratings yet
EMRS-6 Updated
Document16 pages
EMRS-6 Updated
christiangyeabour2011
No ratings yet
Software Requirement Specification: Modules
Document7 pages
Software Requirement Specification: Modules
narayanait
No ratings yet
Document Final
Document51 pages
Document Final
Ribhanshu Raj
No ratings yet
DB Monitor
Document103 pages
DB Monitor
NAVEEN
No ratings yet
Computer Operational System Prac
Document31 pages
Computer Operational System Prac
Anushka
No ratings yet
Patch Management Plan
Document6 pages
Patch Management Plan
Manish Bateja
100% (2)
Security Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices
From Everand
Security Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices
Arun Thomas
Rating: 4 out of 5 stars
4/5 (1)
Microsoft Word - Manual On Threat Assessment and Risk Management Methology NoLogos
Document24 pages
Microsoft Word - Manual On Threat Assessment and Risk Management Methology NoLogos
Etana
No ratings yet
Test 2 PDF
Document134 pages
Test 2 PDF
Jeeju
No ratings yet
IBM APPSCAN Practice Teste 000-139
Document18 pages
IBM APPSCAN Practice Teste 000-139
skfk
No ratings yet
Penetration Testing Presentation
Document15 pages
Penetration Testing Presentation
Arif Zina
50% (2)
Participatory and Negotiated Territorial Development (PNTD) : Why PNTD? Where Has It Been Applied?
Document2 pages
Participatory and Negotiated Territorial Development (PNTD) : Why PNTD? Where Has It Been Applied?
Jose Ferreira
No ratings yet
7 Steps To Build A GRC Framework
Document29 pages
7 Steps To Build A GRC Framework
Ankush Markandey
80% (5)
Compusoft, 3 (4), 752-757 PDF
Document6 pages
Compusoft, 3 (4), 752-757 PDF
Ijact Editor
No ratings yet
Symbiosis University of Applied Sciences Indore: An Internship Report ON "IT Audit - Techite Consulting Services"
Document31 pages
Symbiosis University of Applied Sciences Indore: An Internship Report ON "IT Audit - Techite Consulting Services"
Elizebeth Shiju
No ratings yet
Akamai How To Mitigate The Owasp Top 10 Risks
Document12 pages
Akamai How To Mitigate The Owasp Top 10 Risks
Nguyễn Đức Anh
No ratings yet
Pen Test Questionnaire - Summit Consulting LTD
Document4 pages
Pen Test Questionnaire - Summit Consulting LTD
Ehtasham Ul Haq
No ratings yet
Information Security Transformation Handouts
Document1,039 pages
Information Security Transformation Handouts
Rimsha Ishtiaq
No ratings yet
Threats and Countermeasures
Document22 pages
Threats and Countermeasures
Keerthana Sudarshan
No ratings yet
Dissertation: Risks of Open Wi-Fi Networks: Name 1
Document44 pages
Dissertation: Risks of Open Wi-Fi Networks: Name 1
api-299038404
No ratings yet
Bribery and Corruption Assessment Template: UK Anti-Corruption Plan Progress Update On The UK Anti-Corruption Plan
Document18 pages
Bribery and Corruption Assessment Template: UK Anti-Corruption Plan Progress Update On The UK Anti-Corruption Plan
ahnaf
100% (1)
Int 881 Cyber Crime and Computer Forensic
Document7 pages
Int 881 Cyber Crime and Computer Forensic
तरुण भारत
No ratings yet
Lesson 2: Hardware and Software
Document16 pages
Lesson 2: Hardware and Software
Ysa Diente
No ratings yet
Iam Opc Security Wp3
Document54 pages
Iam Opc Security Wp3
Industrial Automation and Mechatronics
No ratings yet
Unveiling Instagram Hacking
Document47 pages
Unveiling Instagram Hacking
Thiago Santos
No ratings yet
Information and Software Technology: Andrew Austin, Casper Holmgreen, Laurie Williams
Document10 pages
Information and Software Technology: Andrew Austin, Casper Holmgreen, Laurie Williams
ZION
No ratings yet
NST Isms Manual v2.6
Document49 pages
NST Isms Manual v2.6
Natália Gomes
No ratings yet
The Art of Exploiting UAF by Ret2bpf in Android Kernel
Document23 pages
The Art of Exploiting UAF by Ret2bpf in Android Kernel
Amit Singh
No ratings yet
Prudential Standard CPS 234 Information Security
Document8 pages
Prudential Standard CPS 234 Information Security
Gary Penson
No ratings yet
Microsoft Guide To Security Patch Management - Solutions For Management
Document157 pages
Microsoft Guide To Security Patch Management - Solutions For Management
Jose Baltasar Couce Lopez
No ratings yet
SBOM Guidelines
Document41 pages
SBOM Guidelines
charan.coke
No ratings yet
Ethical Hacking Lecture
Document37 pages
Ethical Hacking Lecture
Abdul Hannan Faisal
No ratings yet
Using Metasploit For Real
Document6 pages
Using Metasploit For Real
vijoynew5233
100% (1)