Essential Eight Vulnerability Management Dashboard

The Essential Eight Vulnerability Management Dashboard is designed to support organizations in implementing and monitoring the Essential Eight Strategies for mitigating cybersecurity risks. This comprehensive dashboard provides actionable insights into asset discovery, patch management, compliance, and exploitability to ensure a robust security posture across operating systems and applications.

The Australian Cyber Security Centre (ACSC) under the Australian Signals Directorate (ASD) provides guidance to address targeted cybersecurity intrusions through its Strategies to Mitigate Cyber Security Incidents. Among these, the Essential Eight describes the minimum set of preventative cybersecurity measures organizations should implement. This guidance, complemented by the Information Security Manual (ISM) controls, forms a robust framework to ensure the confidentiality, integrity, and availability of information technology and operational technology systems. This dashboard aligns with these controls to provide critical insights into the implementation of the Essential Eight.

The Tenable One Platform combines a suite of sensors to facilitate efficient vulnerability scanning, regardless of network complexity. By leveraging Tenable's capabilities, organizations can effectively discover, assess, and understand their attack surface, gaining comprehensive insights into exposure points. This is coupled with Exposure Response features that prioritize remediation efforts based on contextual risk. The dashboard includes critical features to highlight asset discovery, identify unsupported systems, monitor patch management timelines, track compliance rates, and classify exploitable vulnerabilities, ensuring comprehensive coverage of the Essential Eight.

To maximize relevance, organizations should leverage Asset Tagging (Tenable Vulnerability Management) or Dynamic Asset Lists (Tenable Security Center). This ensures that the dashboard can be filtered to focus on data critical to implementing the Essential Eight. Tagging assets as Internet-facing or Non-Internet-facing enables differentiation for stricter service-level agreements (SLAs). For example, internet-facing systems require patching within 48 hours, while non-internet-facing systems have a longer patching window (e.g., two weeks).

Asset tags, composed of Category:Value pairs (e.g., Connectivity:Internet-Facing), can be applied manually or automatically using filtering rules such as public IP ranges, open ports (e.g., 80, 443). This categorization simplifies monitoring and prioritization for Essential Eight compliance, ensuring that organizations address vulnerabilities in their most critical assets. Tagging by application risk level (e.g., High Risk, Low Risk) or system role further enhances visibility. For more details, refer to Tenable's Tagging documentation.

This dashboard combines Tenable’s comprehensive vulnerability scanning, exposure insights, and asset prioritization with the ASD’s Essential Eight Strategies. By using the dashboard in conjunction with ISM controls and asset tagging, organizations can enhance their cybersecurity maturity, address vulnerabilities more effectively, and ensure compliance with Australia’s cybersecurity standards.

You can break down the dashboard into five main sections. The image above is annotated with colors to differentiate between the sections. The red widgets include The Asset Discovery Statistics and the Unsupported and EoL Assets widgets. These two widgets will provide the user with an overview of scan health in terms of assets discovered and Assets are broken down by products that are either unsupported, SEoL, or that have been detected as running an unsupported product.

The blue widgets include the Application Patch Risk Summary, Application Patch Published Summary and Operating System Patch Published Summary. These three widgets provide the user with an application based widget that focuses commonly targeted apps along with a row for different patch published date ranges to cover various SLA requirements within the ISM controls and, a pair of widgets (one application based and one operating system based) that will give more general counts of applications or operating systems along with patch published date ranges as well.

The purple widgets are a trio of widgets that all provide counts of critical, high, medium and low vulnerabilities split between specific SLA ranges. The three ranges are two day, two week, and one month. The orange widgets are both tables that can be easily replicated by a user for better customization if desired but should provide a good starting point for both an inventory list of possible online services (first widget) and a list of solutions for detected vulnerabilities.

The green widgets provide a couple of matrices that give the user counts of exploitable applications and operating systems. These widgets also utilize the CVSS Attack Complexity (AC) scores to split between hard to exploit and easier to exploit counts. Once again, the whole dashboard is greatly improved by leveraging asset tagging.