2022 Threat Landscape Retrospective Dashboard Widgets
|
Widget Description |
Widget Image |
|---|---|
|
The TLR 2022 – Top 5 Vulnerabilities widget features the top five vulnerabilities of 2022 as described in the Tenable 2022 Threat Landscape Report: Log4shell, Apache Log4j - CVE-2021-44228, Follina, Microsoft Support Diagnostic Tool - CVE-2022-30190, Atlassian Confluence Server and Data Center - CVE-2022-26134, ProxyShell, Microsoft Exchange Server - CVE-2021-34473, and Known Vulnerabilities - CVE-20XX-XXXX. Vulnerabilities that match the criteria will be displayed in a bar chart, with vulnerability counts for Tenable Vulnerability Management, or an indicator matrix for Tenable Security Center.
|
|
|
The 2022 TLR Mitigated Vulnerabilities widget displays cells for the most significant vulnerabilities of 2022 that have been mitigated. Filters focus on using the CVE and Vulnerability State filters. These filters display the fixed key vulnerabilities from the 2022 Threat Landscape Report. A fixed vulnerability is a vulnerability that was once present on a host, but is no longer present. This allows organizations to track mitigation progress and determine whether SLAs are being met. Details are provided in the Tenable 2022 Threat Landscape Report. |
Tenable Vulnerability Management
|
|
The 2022 TLR Key Vulnerabilities widget displays cells for the most significant vulnerabilities of 2022 using CVE filters from the 2022 Threat Landscape Report. These filters display the key vulnerabilities from 2022 as well as the notable known vulnerabilities from prior years. Details are provided in the Tenable 2022 Threat Landscape Report.
|
Tenable Vulnerability Management
Tenable Security Center
|
| The 2022 TLR CVSS to VPR Heat Map widget provides a correlation between CVSSv3 scores and Vulnerability Priority Rating (VPR) scoring for the key vulnerabilities listed in the 2022 Threat Landscape Report (TLR). The CVSSv3 scores are the standard scoring system used to describe the characteristics and severity of software vulnerabilities. Tenable's VPR helps organizations refine the severity level of vulnerabilities in the environment by leveraging data science analysis and threat modeling based on emerging threats. Each cell consists of a combination of cross-mapping of CVSS, VPR scoring, and 2022 CVE identifiers. Using a heat map approach, the filters begin in the left upper corner with vulnerabilities that present least risk. Moving to the right and lower down the matrix the colors change darker from yellow to red as the risk levels increase. Tenable recommends that operations teams prioritize remediation for risks in the lower right corners, and then work towards the upper left cells. | Tenable Vulnerability Management
Tenable Security Center
|
| The 2022 TLR – 90 Day Trend Analysis of Key Vulnerabilities widget provides a 90-day analysis of the most notable vulnerabilities in 2022, leveraging the CVEs identified in the Tenable 2022 Threat Landscape Report (TLR). There are over 180 CVEs discussed in the TLR, which, combined with the trend line, helps risk managers determine how risk has been reduced over a period of 90 days. The vulnerability last observed filter is set to 1 day to display risk changes on a daily basis. | Tenable Security Center
|
| The 2022 TLR – Mitigation Tasks widget provides a list of patches that mitigate the key vulnerabilities in 2022, leveraging the CVEs identified in the Tenable 2022 Threat Landscape Report (TLR). The Remediation Summary tool uses the concept of a Patch Chain, and identifies the top patch to remediate for the greatest risk reduction. When the top patch is applied, all other patches in the chain will be remediated. | Tenable Security Center
|
| The 2022 TLR Zero Days by Vendor widget displays zero-day vulnerabilities directly related to the CVE contained in the 2022 Threat Landscape Report (TLR) by vendor. For 2022, Tenable’s tracking of zero-day vulnerabilities includes flaws that were exploited in the wild, as well as flaws that were publicly disclosed prior to patches being made available or that do not have patches. Throughout 2022, as part of Tenable's analysis of publicly available vendor advisories, disclosures and news articles, 101 zero-day vulnerabilities were identified. For contrast, Tenable identified 105 of these zero-day vulnerabilities in 2022. This represents a decrease of 4 vulnerabilities, reflecting a 3.8% drop. | 
|
| The 2022 TLR Zero Days by Exploit Status Available widget displays zero-day vulnerabilities directly related to the CVE contained in the 2022 Threat Landscape Report (TLR) by their exploit state. Key vulnerabilities that are exploitable are displayed by severity. For 2022, Tenable’s tracking of zero-day vulnerabilities includes flaws that were exploited in the wild, as well as flaws that were publicly disclosed prior to patches being made available or that do not have patches. Throughout 2022, as part of Tenable's analysis of publicly available vendor advisories, disclosures and news articles, 101 zero-day vulnerabilities were identified. For contrast, Tenable identified 105 of these zero-day vulnerabilities in 2022. This represents a decrease of 4 vulnerabilities, reflecting a 3.8% drop. The requirements for this widget are: Tenable Vulnerability Management (Nessus). | 
|
| The 2022 TLR Zero Days by Software/Hardware Type widget displays zero-day vulnerabilities directly related to the CVE contained in the 2022 Threat Landscape Report (TLR) grouped by software/hardware type. For 2022, Tenable’s tracking of zero-day vulnerabilities includes flaws that were exploited in the wild, as well as flaws that were publicly disclosed prior to patches being made available or that do not have patches. Throughout 2022, as part of Tenable's analysis of publicly available vendor advisories, disclosures and news articles, 101 zero-day vulnerabilities were identified. For contrast, Tenable identified 105 of these zero-day vulnerabilities in 2022. This represents a decrease of 4 vulnerabilities, reflecting a 3.8% drop. | 
|
