Dashboard Toolbox - AssetView: EOL/Obsolete Software & RTI MGMT (v1.0)

Document created by Felix Jimenez Employee on Oct 9, 2018Last modified by Felix Jimenez Employee on Oct 29, 2018
Version 17Show Document
  • View in full screen mode

fjimenez aaanr_bc1 This page contains information to create a Scorecard dashboard leveraging data in your Qualys Vulnerability Management subscription.  

This dashboard is part of AssetView Dashboard Program, If you have any questions regarding the content, please comment below or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc

This AssetView Dashboard will enable you to be more pro-active in your EOL/Obsolete Software, Hardware and OS Management.

Get a quick easy glance to KPIs for EOL/Obsolete indicators.

 

We all know how busy, and the amount of work as security professionals we encounter daily given its an ever-changing environment.

That is where Qualys can provide the ability for quick dashboarding and views to key indicators to assist and prioritize you remediation work.  

 

What are the dangers of End-of-life software (EOL), Operating Systems and Hardware?

The number one reason… They stop receiving support and updates. Over time they become more and more vulnerable to attacks/vulnerabilities because the attack surface is no longer a moving target. This creates opportunities to create attack scripts that can be distributed to less skilled attackers who do not have to understand how to use or modify the attacks.

Another reason to consider EOL software and operating systems a threat to your company is that the vendor has determined that they find greater value in putting programming resources towards the new products. Even with extended service contracts vendors do not supply patches for everything so the cost of supporting EOL software and operating systems become harder and harder to justify when looking at the ROI.

Full network scanning with Qualys scanners (as well as Qualys Cloud Agents if you have a subscription) can help you identify the assets in your environment introducing this type of risk and this dashboard will mine that data and provide you a view into your environment that easily calls out these risky assets.

What makes these EOLs risky?

The dangers of End-of-life software, operating systems, and hardware

  • With a lack of full vendor support, you must rely on mitigating controls such as firewalls or anti-virus which require a great deal of expertise and staff time to attempt to protect unpatchable vulnerabilities.
  • New applications often are writing to run on the current operating systems and by running an older OS you may be required to run older more vulnerable software compounding the risk even more.
  • The risks related to meeting compliance or regulatory requirements become greater due to the consequences of fines, business interruptions or even jail time.
  • The cost of operating older systems grows over time between extended support contracts and staff hours spent with compatibility issues and applying mitigating controls.
  • With a lack of proper support, patching and a mixture of homegrown mitigating controls your system availability can become impacted causing costly outages.

When considering how confidentiality, integrity, and availability can affect your bottom line the potential risks outweigh the perceived cost savings. This dashboard will enable you to drive efforts to eliminate the risk of EOL software, operating systems, and hardware to your business.

 

 

Dashboard Demonstration Images:

* The Pre-built Dashboard JSON file can be found attached below ready for download & import into your Qualys subscription *

 

 

* * * Requirements * * *

The following Widgets Require Threat-protection to be Purchased or in Trial mode:  

1. RTI Easy Exploit - Software

2. RTI - Denial Of Service (DOS) - Software

3. RTI - Public Exploit - Software

4. RTI - High Data Loss - Software

 

 Threat-protection (RTI)  -  Widgets:

 

How to Enable Trending on the widgets:

Open the desired widget in edit mode and select the Collect trend data check box.

 

 

Qualys - Training Videos:

Self-Paced Class: Vulnerability Management Asset Tags

Self-Paced Class: AssetView and Threat Protection

AssetView Dashboards

 

 

Help Link:

POD - 1 - Apply Tags to Organize Your Assets

POD - 2 - Apply Tags to Organize Your Assets

POD - 3 - Apply Tags to Organize Your Assets

 

 

Dashboard Collaborators: 

aaanr_bc1

fjimenez

 

 

More to Come ... 

References: 

Looking for additional Qualys Documentation use the Resource link in the Qualys Portal (Help > Resources)

 

Related community Post:

 

External References:

 

Additional AssetView Dashboards:#performance_mgmt

Dashboard Toolbox - Asset View: How To - Importing Dashboard json 

- - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - - -

Dashboard Toolbox - AssetView: Performance Management (v1.0) 

Dashboard Toolbox - AssetView: Host Scan Time Management (v1.0) 

Dashboard Toolbox - AssetView: Scanning Activity Management (v1.0) 

Dashboard Toolbox - AssetView: Open Ports Management & RTI (v1.0) 

Dashboard Toolbox - AssetView: Windows Authentication Management (v1.2) 

 

Back to Dashboarding and Reporting 

 

* * * WARNING: Read Before Downloading * * *

At this time, Dashboard and Widget JSON files are not interchangeable between application dashboards, meaning AssetView JSON files may only be used in AssetView and Vulnerability Management JSON

files may only be used in Vulnerability Management. If you make a mistake and import a JSON file from one application into the other, you must contact Qualys Support to have the error corrected in the database for your subscription. 

Again, there is no way to reverse this mistake within the UI, it must be done in the database.

2 people found this helpful

Outcomes