Jennifer Liou

New Vulnerability Remediation Display in Nexpose Gets You to a Fix Faster

Blog Post created by Jennifer Liou Employee on Apr 6, 2017

Background Information

 

As part of the Nexpose 6.4.28 release on Wednesday, March 29th, we introduced a new way to view remediation solution data in both the Nexpose Console UI and the Top Remediations Report.


Over the years, we’ve heard from our customers that the Top Remediations Report is one of the most useful features in our vulnerability management solution, but there’s always room for improvement.  Specifically, they want to only see solutions that are applicable to the asset based on its OS, instead of solution data for all operating systems and platforms.  This led to larger reports and frustrated remediators who need to figure out which exact solution to apply.

Enhanced Top Remediations Report

We’ve improved the Top Remediations Report to present a single solution called the “best solution”. This solution is selected from a pool of solutions that are the highest in their supersedence chain, i.e. “rollup”, and are applicable to the asset’s OS/platform.  Usually, there is only a single choice, but if there are multiple solutions that meet the criteria for the best solution, Nexpose will choose the latest or most comprehensive solution.

Top Remediations Report.png

We have also added formatting improvements, including a risk take down %

 

This results in a more concentrated delivery of solution prescriptions in the Top Remediations report.  The report provides solutions that will mitigate the same or more amount of risk with a fewer, more finely distilled selection of solutions.

 

In addition to changes in the Top Remediations Report, we have also updated the presentation of solution data in the console UI itself. On the Asset Details Page - New Solutions “Pill” in Vulnerabilities Table:

solutions_column.png

 

These pill icons indicate the status of the solution.

Solution Pill IconDescription
pill single soln.pngA single best solution for the vulnerability.
pill warning.pngWarning – there is no single best solution or “tie breaker”, so one or more of the following solutions needs to be applied.
pill error.pngError – no solution is applicable, usually because solution is deprecated by the vendor or the Console is decommissioned and not taking updates.

 

Clicking on the new pill icons in the Solutions column will navigate to a new Remediations portlet. This makes all the solution data pertaining to a vulnerability accessible without overwhelming users with the full set of data right away.  Rather than loading the full solution superset every time, the solution information is presented in a more structured way - with the best solutions displayed first, followed by supporting data ordered by priority.

Fix all vulnerabilities on an asset or just a targeted few

remediations portlet 1.png

New portlet “Remediations”

 

The Remediations portlet can be found on the Asset Details page and has three tabs. The first two tabs are helpful when you are remediating an asset and focused on mitigating as much risk as possible on the asset.  Best Solutions shows the single solution for each vulnerability on the asset, selecting from the data in the Applicable Solutions tab.  The Solutions by Vulnerability tab provides a different view showing solutions by vulnerability, which is helpful in scenarios where remediators are targeting a specific vulnerability to fix.

 

solution detail in remediation portlet.png

The solutions listed at the top in each of the tabs are links that navigate to the full solution entry, specifically the fix steps, references, and also a summary of the number of vulnerabilities the solution remediates and which vulnerabilities. 

Best solutions for one or all assets

The Remediations portlet is also available on the Vulnerabilities Detail Page.

 

remediation 2 tabs.png

Remediations Portlet on the Vulnerabilities Details page

 

Since we are viewing a vulnerability without an asset in mind, the tabs provided show all the solutions that remediate the vulnerability across any OS, platform, library, etc., both in rollup and non-rollup view.

 

header.png

We have added “header” information at the top of the Vulnerability Details page when viewing a vulnerability found on a specific asset.

 

However, when viewing a vulnerability found on a particular asset, users will see more information.  The two additional tabs show information in the same fashion as on the Assets Detail Page, so that users can view specific remediation steps to take for a specific vulnerability on a specific asset.

 

remediation first of four tabs.png

The Remediations portlet when viewing a vulnerability on an asset has the following two additional tabs.  (1 of 2)

 

 

Asset Best Solutions lists the single best solution for remediating the vulnerability on this asset.

remediation second of four tabs.png

The Remediations portlet when viewing a vulnerability on an asset has the following two additional tabs.  (2 of 2)

 

The second tab, Asset Applicable Solutions, allows users to view other possible solutions.  These entries are specific to the OS/Platform or other profile data of the asset, and are also the highest in their supersedence chains.

More resources

In summary, this new structured solution data in the Console UI and enhancement of the Top Remediations report strikes a balance between keeping the Top Remediations Report clean and actionable while also making available the full set of solution data.  Users will be able to fix faster without losing the ability to look at all of their options.

 

Here are a couple links that may provide more background on the topics covered in this post:



Outcomes