Security Dashboard

Viewing 17 reply threads
  • Author
    Posts
    • #4906
      Dengar13
      Participant

      Has anyone ever had to do one of these?

      Essentially, I am tasked with:  creating a snapshot that shows all aspects of security health that can be easily understood at the Exec level.

      If anyone knows of any examples, ideas or suggestions I would greatly appreciate it.

    • #30892
      ziggy_567
      Participant

      Have you taken a look at:

      http://www.sans.org/security-resources/top5_logreports.pdf?ref=3766

      Also, if your collecting network traffic, its always nice to see things like workstations/endpoints creating the highest traffic volume, workstations that are utilizing banned protocols, etc. etc.


      Ziggy

    • #30893
      Dengar13
      Participant

      Thanks, Ziggy.  I think I will include charts, graphs and pictures since execs seem to like those better and can be a better point of reference than wording.  But, I will have captions as well so it has substance. 

    • #30894
      Ketchup
      Participant

      In my experience, execs like to see security related to dollars.  They react better when you are prepared to tell them:

      a.  how much is it going to cost us?
      b.  what is the potential cost if we don’t do this?

      I think that if you put security in the terms of risk analysis, they will respond better to your presentation. 

      I think that charts and graphs are an excellent idea, especially if they rating the security issues in terms of cost, risk, and impact.

      These are just my two cents.

    • #30895
      Don Donzal
      Keymaster

      Have you tried Splunk? I guess it would depend on the size of your organization if it would remain free, but here’s a link that may help:

      http://www.splunk.com/base/Documentation/latest/Developer/DashboardIntro

      Don

    • #30896
      Dengar13
      Participant

      Downloading now, Don.  I put your site and you as the person who referred me to this solution.

      Thanks to you as well, Ketchup!  Good ideas to go off of.  I am going to start this today and see how it goes.

    • #30897
      rattis
      Participant

      Dengar13,

      Please let us know what you think of Splunk. I had it at work, but the company wouldn’t pay for the full version, thus usage was limited. Mainly it was used as a syslog tool for the NAS.

      I didn’t care for it, based on the limited function of it. When I took over the senior role, I dropped it and went with a proper syslog server in it’s place.

      I have heard other people speak good of it, require it for security related jobs, and I wonder what a full version would provide.

    • #30898
      ziggy_567
      Participant

      I can’t believe I didn’t think of Splunk. I use the free version of Splunk as well, but I love it!

      We use it with syslog-ng on our Solaris/RedHat servers for our log server. We’ve also incorporated all our Cisco logging, and a few of our Windows servers (with Snare). We are soon to start incorporating Apache and Weblogic logs to our implementation.

      Splunk is awesome!!! Its not so intuitive to configure, but its VERY intuitive to use through the GUI once setup. The commercial version is not that expensive (depending on how much throughput you need) to boot…


      Ziggy

    • #30899
      Dengar13
      Participant

      Roger that, chrisj.  I will be sure to do so when I have it set up and tuned the way I need it for my environment.

    • #30900
      Dengar13
      Participant

      Well, Splunk has been scrapped.  The cost is too high for us to use and I will have to find a clever way to do this and am thinking I may leverage what I already have internally.  Thanks for the help as always!

    • #30901
      BillV
      Participant

      What about one of the ManageEngine products? I just happened to see an ad here on EH-Net for their helpdesk product (I actually implemented this in a prior position, price was very reasonable, much cheaper than competing products). They had a lot of different products, and I thought one or two was for overall network status that may have included security. Their stuff is very graphical and pretty 🙂 and easy to use. I’ll have to take a look at their products again, but I know they had a couple of security-related things.

    • #30902
      Dengar13
      Participant

      Sweet….I will take a gander at that.  I appreciate that.

    • #30903
      BillV
      Participant

      http://www.manageengine.com/it-compliance-suite.html

      Any of these do what you need?

      No problem 🙂

    • #30904
      Dengar13
      Participant

      WOW!  I’d say a couple of them would do the trick.  I will have to demo it and see what pricing is like.

    • #30905
      BillV
      Participant

      Cool, let us know how that works out. They were very accommodating of licensing for testing purposes when I worked with them.

    • #30906
      salil
      Participant

      Hi,

      I dont exactly have a dashboard but if I could I would put all my monthly reports in it. Right now I provide a monthly report which has graphs and charts (Top 10) covering the following

      1. Virus – detected, cleaned, PC name and Username (identify repeat offenders)
      2. Patching update
      3. Graph on number of attacks by type
      4. Graph on most targeted servers
      5. Any security incidents within the month.
      6. External vulnerability scans – server and number of vulnerabilities identified/fixed.

      Cheers.

    • #30907
      sil
      Participant

      Dengar, you should check out OSSIM which has almost all of the reports you requested. *If not* all of them

    • #30908
      caissyd
      Participant

      If I may…

      I worked 3 years developing Dashboards. I have been an assistant-director at one point in my life and I am a project manager (ok, so much for the big head! ;)).

      What they want to see is a status report easy to understand, maximum 3 pages. You need these 5 things, in that order:

      1) Executive summary (Green, Yellow or Red with a 2 line description of the current situation)
      2) Accomplishments (What you team has accomplished since the last report)
      3) Risks and mitigation strategies (What are you afraid of but didn’t happen yet)
      4) Issues and actions (What is wrong, currently)
      5) Next Steps (what are you planning to do next)

      I am telling you, they want these things more than a bunch of graphs.

      You provide the facts and they make decisions. You propose and they chose.

      Anyway, better than a dashboard if you want my opinion.

      Another question, do they have security-related Performance Indicators to report on? If it is the case, you may want to have a graph or two about them…

Viewing 17 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?