April 5, 2010 at 11:12 am #4906
Has anyone ever had to do one of these?
Essentially, I am tasked with: creating a snapshot that shows all aspects of security health that can be easily understood at the Exec level.
If anyone knows of any examples, ideas or suggestions I would greatly appreciate it.
April 5, 2010 at 1:40 pm #30892ziggy_567Participant
Have you taken a look at:
Also, if your collecting network traffic, its always nice to see things like workstations/endpoints creating the highest traffic volume, workstations that are utilizing banned protocols, etc. etc.
April 5, 2010 at 2:55 pm #30893
Thanks, Ziggy. I think I will include charts, graphs and pictures since execs seem to like those better and can be a better point of reference than wording. But, I will have captions as well so it has substance.
April 5, 2010 at 3:09 pm #30894KetchupParticipant
In my experience, execs like to see security related to dollars. They react better when you are prepared to tell them:
a. how much is it going to cost us?
b. what is the potential cost if we don’t do this?
I think that if you put security in the terms of risk analysis, they will respond better to your presentation.
I think that charts and graphs are an excellent idea, especially if they rating the security issues in terms of cost, risk, and impact.
These are just my two cents.
April 6, 2010 at 1:01 am #30895Don DonzalKeymaster
Have you tried Splunk? I guess it would depend on the size of your organization if it would remain free, but here’s a link that may help:
April 6, 2010 at 12:38 pm #30896
Downloading now, Don. I put your site and you as the person who referred me to this solution.
Thanks to you as well, Ketchup! Good ideas to go off of. I am going to start this today and see how it goes.
April 6, 2010 at 3:43 pm #30897rattisParticipant
Please let us know what you think of Splunk. I had it at work, but the company wouldn’t pay for the full version, thus usage was limited. Mainly it was used as a syslog tool for the NAS.
I didn’t care for it, based on the limited function of it. When I took over the senior role, I dropped it and went with a proper syslog server in it’s place.
I have heard other people speak good of it, require it for security related jobs, and I wonder what a full version would provide.
April 6, 2010 at 4:47 pm #30898ziggy_567Participant
I can’t believe I didn’t think of Splunk. I use the free version of Splunk as well, but I love it!
We use it with syslog-ng on our Solaris/RedHat servers for our log server. We’ve also incorporated all our Cisco logging, and a few of our Windows servers (with Snare). We are soon to start incorporating Apache and Weblogic logs to our implementation.
Splunk is awesome!!! Its not so intuitive to configure, but its VERY intuitive to use through the GUI once setup. The commercial version is not that expensive (depending on how much throughput you need) to boot…
April 6, 2010 at 4:55 pm #30899
Roger that, chrisj. I will be sure to do so when I have it set up and tuned the way I need it for my environment.
April 16, 2010 at 7:27 pm #30900
Well, Splunk has been scrapped. The cost is too high for us to use and I will have to find a clever way to do this and am thinking I may leverage what I already have internally. Thanks for the help as always!
April 16, 2010 at 7:34 pm #30901
What about one of the ManageEngine products? I just happened to see an ad here on EH-Net for their helpdesk product (I actually implemented this in a prior position, price was very reasonable, much cheaper than competing products). They had a lot of different products, and I thought one or two was for overall network status that may have included security. Their stuff is very graphical and pretty 🙂 and easy to use. I’ll have to take a look at their products again, but I know they had a couple of security-related things.
April 16, 2010 at 7:35 pm #30902
Sweet….I will take a gander at that. I appreciate that.
April 16, 2010 at 7:36 pm #30903
Any of these do what you need?
No problem 🙂
April 16, 2010 at 7:40 pm #30904
WOW! I’d say a couple of them would do the trick. I will have to demo it and see what pricing is like.
April 16, 2010 at 9:29 pm #30905
Cool, let us know how that works out. They were very accommodating of licensing for testing purposes when I worked with them.
June 15, 2010 at 4:33 am #30906salilParticipant
I dont exactly have a dashboard but if I could I would put all my monthly reports in it. Right now I provide a monthly report which has graphs and charts (Top 10) covering the following
1. Virus – detected, cleaned, PC name and Username (identify repeat offenders)
2. Patching update
3. Graph on number of attacks by type
4. Graph on most targeted servers
5. Any security incidents within the month.
6. External vulnerability scans – server and number of vulnerabilities identified/fixed.
June 15, 2010 at 12:10 pm #30907silParticipant
Dengar, you should check out OSSIM which has almost all of the reports you requested. *If not* all of them
June 15, 2010 at 6:59 pm #30908caissydParticipant
If I may…
I worked 3 years developing Dashboards. I have been an assistant-director at one point in my life and I am a project manager (ok, so much for the big head! ;)).
What they want to see is a status report easy to understand, maximum 3 pages. You need these 5 things, in that order:
1) Executive summary (Green, Yellow or Red with a 2 line description of the current situation)
2) Accomplishments (What you team has accomplished since the last report)
3) Risks and mitigation strategies (What are you afraid of but didn’t happen yet)
4) Issues and actions (What is wrong, currently)
5) Next Steps (what are you planning to do next)
I am telling you, they want these things more than a bunch of graphs.
You provide the facts and they make decisions. You propose and they chose.
Anyway, better than a dashboard if you want my opinion.
Another question, do they have security-related Performance Indicators to report on? If it is the case, you may want to have a graph or two about them…
- You must be logged in to reply to this topic.