|
Dengar13
|
 |
« on: April 05, 2010, 06:12:58 AM » |
|
Has anyone ever had to do one of these?
Essentially, I am tasked with: creating a snapshot that shows all aspects of security health that can be easily understood at the Exec level.
If anyone knows of any examples, ideas or suggestions I would greatly appreciate it.
|
|
|
|
|
Logged
|
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
|
|
|
|
ziggy_567
|
|
« Reply #1 on: April 05, 2010, 08:40:26 AM » |
|
Have you taken a look at: http://www.sans.org/security-resources/top5_logreports.pdf?ref=3766Also, if your collecting network traffic, its always nice to see things like workstations/endpoints creating the highest traffic volume, workstations that are utilizing banned protocols, etc. etc. -- Ziggy |
|
|
|
|
Logged
|
--
Ziggy
eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
|
|
|
|
Dengar13
|
|
« Reply #2 on: April 05, 2010, 09:55:21 AM » |
|
Thanks, Ziggy. I think I will include charts, graphs and pictures since execs seem to like those better and can be a better point of reference than wording. But, I will have captions as well so it has substance.
|
|
|
|
|
Logged
|
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
|
|
|
|
Ketchup
|
|
« Reply #3 on: April 05, 2010, 10:09:41 AM » |
|
In my experience, execs like to see security related to dollars. They react better when you are prepared to tell them:
a. how much is it going to cost us?
b. what is the potential cost if we don't do this?
I think that if you put security in the terms of risk analysis, they will respond better to your presentation.
I think that charts and graphs are an excellent idea, especially if they rating the security issues in terms of cost, risk, and impact.
These are just my two cents.
|
|
|
|
|
Logged
|
~~~~~~~~~~~~~~
Ketchup
|
|
|
|
|
|
Dengar13
|
|
« Reply #5 on: April 06, 2010, 07:38:41 AM » |
|
Downloading now, Don. I put your site and you as the person who referred me to this solution.
Thanks to you as well, Ketchup! Good ideas to go off of. I am going to start this today and see how it goes.
|
|
|
|
|
Logged
|
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
|
|
|
|
chrisj
|
|
« Reply #6 on: April 06, 2010, 10:43:22 AM » |
|
Dengar13,
Please let us know what you think of Splunk. I had it at work, but the company wouldn't pay for the full version, thus usage was limited. Mainly it was used as a syslog tool for the NAS.
I didn't care for it, based on the limited function of it. When I took over the senior role, I dropped it and went with a proper syslog server in it's place.
I have heard other people speak good of it, require it for security related jobs, and I wonder what a full version would provide.
|
|
|
|
|
Logged
|
OSWP, Sec+
|
|
|
|
ziggy_567
|
|
« Reply #7 on: April 06, 2010, 11:47:29 AM » |
|
I can't believe I didn't think of Splunk. I use the free version of Splunk as well, but I love it!
We use it with syslog-ng on our Solaris/RedHat servers for our log server. We've also incorporated all our Cisco logging, and a few of our Windows servers (with Snare). We are soon to start incorporating Apache and Weblogic logs to our implementation.
Splunk is awesome!!! Its not so intuitive to configure, but its VERY intuitive to use through the GUI once setup. The commercial version is not that expensive (depending on how much throughput you need) to boot...
--
Ziggy
|
|
|
|
|
Logged
|
--
Ziggy
eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
|
|
|
|
Dengar13
|
|
« Reply #8 on: April 06, 2010, 11:55:32 AM » |
|
Roger that, chrisj. I will be sure to do so when I have it set up and tuned the way I need it for my environment.
|
|
|
|
|
Logged
|
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
|
|
|
|
Dengar13
|
|
« Reply #9 on: April 16, 2010, 02:27:11 PM » |
|
Well, Splunk has been scrapped. The cost is too high for us to use and I will have to find a clever way to do this and am thinking I may leverage what I already have internally. Thanks for the help as always!
|
|
|
|
|
Logged
|
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
|
|
|
|
BillV
|
|
« Reply #10 on: April 16, 2010, 02:34:52 PM » |
|
What about one of the ManageEngine products? I just happened to see an ad here on EH-Net for their helpdesk product (I actually implemented this in a prior position, price was very reasonable, much cheaper than competing products). They had a lot of different products, and I thought one or two was for overall network status that may have included security. Their stuff is very graphical and pretty  and easy to use. I'll have to take a look at their products again, but I know they had a couple of security-related things. |
|
|
|
|
Logged
|
|
|
|
|
Dengar13
|
|
« Reply #11 on: April 16, 2010, 02:35:57 PM » |
|
Sweet....I will take a gander at that. I appreciate that.
|
|
|
|
|
Logged
|
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
|
|
|
|
BillV
|
|
« Reply #12 on: April 16, 2010, 02:36:11 PM » |
|
|
|
|
|
|
Logged
|
|
|
|
|
Dengar13
|
|
« Reply #13 on: April 16, 2010, 02:40:57 PM » |
|
WOW! I'd say a couple of them would do the trick. I will have to demo it and see what pricing is like.
|
|
|
|
|
Logged
|
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
|
|
|
|
BillV
|
|
« Reply #14 on: April 16, 2010, 04:29:21 PM » |
|
Cool, let us know how that works out. They were very accommodating of licensing for testing purposes when I worked with them.
|
|
|
|
|
Logged
|
|
|
|
|
