EH-Net

Has anyone ever had to do one of these?

Essentially, I am tasked with:  creating a snapshot that shows all aspects of security health that can be easily understood at the Exec level.

If anyone knows of any examples, ideas or suggestions I would greatly appreciate it.

Have you taken a look at:

http://www.sans.org/security-resources/top5_logreports.pdf?ref=3766

Also, if your collecting network traffic, its always nice to see things like workstations/endpoints creating the highest traffic volume, workstations that are utilizing banned protocols, etc. etc.


--
Ziggy

Thanks, Ziggy.  I think I will include charts, graphs and pictures since execs seem to like those better and can be a better point of reference than wording.  But, I will have captions as well so it has substance. 

In my experience, execs like to see security related to dollars.   They react better when you are prepared to tell them:

a.  how much is it going to cost us?
b.  what is the potential cost if we don't do this?

I think that if you put security in the terms of risk analysis, they will respond better to your presentation.   

I think that charts and graphs are an excellent idea, especially if they rating the security issues in terms of cost, risk, and impact.

These are just my two cents.

Have you tried Splunk? I guess it would depend on the size of your organization if it would remain free, but here's a link that may help:

http://www.splunk.com/base/Documentation/latest/Developer/DashboardIntro

Don

Downloading now, Don.  I put your site and you as the person who referred me to this solution.

Thanks to you as well, Ketchup!  Good ideas to go off of.  I am going to start this today and see how it goes.

Dengar13,

Please let us know what you think of Splunk. I had it at work, but the company wouldn't pay for the full version, thus usage was limited. Mainly it was used as a syslog tool for the NAS.

I didn't care for it, based on the limited function of it. When I took over the senior role, I dropped it and went with a proper syslog server in it's place.

I have heard other people speak good of it, require it for security related jobs, and I wonder what a full version would provide.

I can't believe I didn't think of Splunk. I use the free version of Splunk as well, but I love it!

We use it with syslog-ng on our Solaris/RedHat servers for our log server. We've also incorporated all our Cisco logging, and a few of our Windows servers (with Snare). We are soon to start incorporating Apache and Weblogic logs to our implementation.

Splunk is awesome!!! Its not so intuitive to configure, but its VERY intuitive to use through the GUI once setup. The commercial version is not that expensive (depending on how much throughput you need) to boot...

--
Ziggy

Roger that, chrisj.  I will be sure to do so when I have it set up and tuned the way I need it for my environment.

Well, Splunk has been scrapped.  The cost is too high for us to use and I will have to find a clever way to do this and am thinking I may leverage what I already have internally.  Thanks for the help as always!

What about one of the ManageEngine (http://www.manageengine.com) products? I just happened to see an ad here on EH-Net for their helpdesk product (I actually implemented this in a prior position, price was very reasonable, much cheaper than competing products). They had a lot of different products, and I thought one or two was for overall network status that may have included security. Their stuff is very graphical and pretty :) and easy to use. I'll have to take a look at their products again, but I know they had a couple of security-related things.

Sweet....I will take a gander at that.  I appreciate that.

http://www.manageengine.com/it-compliance-suite.html

Any of these do what you need?

No problem :)

WOW!  I'd say a couple of them would do the trick.  I will have to demo it and see what pricing is like.

Cool, let us know how that works out. They were very accommodating of licensing for testing purposes when I worked with them.

Hi,

I dont exactly have a dashboard but if I could I would put all my monthly reports in it. Right now I provide a monthly report which has graphs and charts (Top 10) covering the following

1. Virus - detected, cleaned, PC name and Username (identify repeat offenders)
2. Patching update
3. Graph on number of attacks by type
4. Graph on most targeted servers
5. Any security incidents within the month.
6. External vulnerability scans - server and number of vulnerabilities identified/fixed.

Cheers.

Dengar, you should check out OSSIM which has almost all of the reports you requested. *If not* all of them

If I may...

I worked 3 years developing Dashboards. I have been an assistant-director at one point in my life and I am a project manager (ok, so much for the big head! ;)).

What they want to see is a status report easy to understand, maximum 3 pages. You need these 5 things, in that order:

1) Executive summary (Green, Yellow or Red with a 2 line description of the current situation)
2) Accomplishments (What you team has accomplished since the last report)
3) Risks and mitigation strategies (What are you afraid of but didn't happen yet)
4) Issues and actions (What is wrong, currently)
5) Next Steps (what are you planning to do next)

I am telling you, they want these things more than a bunch of graphs.

You provide the facts and they make decisions. You propose and they chose.

Anyway, better than a dashboard if you want my opinion.

Another question, do they have security-related Performance Indicators to report on? If it is the case, you may want to have a graph or two about them...