Dashboard Topic: Security Management Dashboards
Enterprise dashboards are now quite popular in the area of Security Information Management. Reporting of incidents and threats are commonly surfaced via the dashboard format. The Dashboard Spy has reported on several security management dashboards such this application security dashboard.
Today we look at threat management, not at an application level, but on the enterprise level. Thanks to an avid Dashboard Spy reader who is also an expert at security information management systems, we have a sneak peek at the screens of a not-yet-released Security Operations Center Dashboard. These screenshots show how a dashboard and portal approach facilitates the various management tasks central to a security operations center.
That Dashboard Spy notes that while there are security information management tools such as ArcSight, Intellitactics and CiscoWorks, they don’t handle the business aspects of an Security Operations Center (SOC) organization. To address that market gap, there is a new product on the horizon called the Ops Soft Portal (www.opssoft.com) that serves as an adjunct to SIM tools by providing collaboration, workflow, publishing, reporting, tracking and dashboard capabilities.
Here is a look at the OpsSoft Portal Dashboard:
As you see, the Dashboard tab of the portal brings up the KPI dashboard. You can enter in a date range, hit go, and see an overview of security metrics including IDS status (intrusion detection system), number of incidents, ISVM notices, top virus type intercepts, spam messages stopped, top relays, number of VATs (vulnerability assessment tracking), number of SENs (security event notifications), and ISVM compliance. Each dashboard KPI is presented graphically and offers drill down capability.
The security portal itself is presented in a dashboard style as well. Here is a screenshot of the portal main page:
Of particular note is the incorporation of a security blog. This allows the administrator to keep users advised of system news, help materials and other community-oriented material. Here is a look at the admin screen for the blog functionality:
I often ask people who are submitting screenshots of dashboard applications to include screens that receive little or no attention. They can often be very helpful to those of us trying to build similar systems. Here are a couple of internal pages such as user maintenance, etc. as well as a look at the other tabs in the portal.
Here is a features list of the security portal:
- Security Event Notification Publishing and Tracking
- Comprehensive Incident Handling and Response Capabilities with workflow
- Vulnerability Assessment Scan Scheduling and Tracking
- Vulnerability Management Publishing of Technical Alerts, Advisories, and Bulletins
- Vulnerability Management Compliance Tracking
- Dashboard View of overall Security Posture of the organization with drill-down capability
- Comprehensive Reporting Capabilities
- Facilitates Compliance with FISMA and OMB reporting
- Security Device Tracking
- Several Security Related RSS Feeds and Links to Security Vendors
- Source of information about the Organization’s Security Policies and Directives
- Discussion Forum for Security Related Discussions
- Blog for Immediate SOC Related Information to be posted
- Engineering Change Control for System Change Requests
- An Administrative Interface for Managing Users and Roles
- User role based with application role based access
- Ability to add data feed and generate Dashboard Graphs
- Ability to add third party software for integration to the portal such as Vulnerability Scanners and Ticketing Systems
Tags: Security Operations Center Dashboards, Security Information Management System Portal Dashboard