Dashboards are one of the most common tools that are found in nearly every security tool that is available on the market today. However I often still find customers that are completely underutilising these valuable dashboards, and if utilised correctly can provide important metrics in a quick and easy to view manner.
Dashboards within SecurityCenter come in a variety of different categories, which can easily help to identify what uses they have and the type of data they can show. The categories are broken down as follows:
- Compliance & Configuration Assessment- Aid with configuration, change and compliance management. Including Dashboards dedicated to different compliance regulatory such as ISO and NIST.
- Discovery & Detection- Aid in trust identification, rogue detection, and new device discovery. These dashboards include information about new devices being seen on your network, as well as occurrences of certain technologies such as Network File Access (Great for detecting occurrences of WannaCry or other Ransomware)
- Executive- Provide operational insight and metrics geared towards executives. High level metrics that are aimed towards the executives in your environment. Including details around how tickets are being handled within SecurityCenter.
- Monitoring- Provide intrusion monitoring, alerting and analysis. These dashboards are perfect for monitoring user activity within the network. This activity can include information such as Social Network Activity, allowing organisations to monitor their users and check if they are accessing social media accounts while at work.
- Security Industry Trends- Influenced by trends, reports and analysis from industry leaders. These reports help give organisations a valuable insight into activity in their network that is commonly identified as being some of the most important traffic to monitor. These dashboards include ones dedicated to displaying Verizon related data, as well as other industry leading organisations.
- Threat Detection & Vulnerability Assessments- Aid with identifying vulnerabilities and potential threats. These dashboards help with the overall threat and vulnerability landscape of an organisation, they include valuable insight into activity around well-known threats such as those identified during the Shadow Brokers leak, as well as other high profile vulnerabilities such as the KRACK vulnerability.
Finally there are two other methods of generating Dashboards within SecurityCenter, these are either Advanced, giving users the option to create completely custom dashboards, meaning if they have a need to display a very specific set of data they can do this through custom dashboard creation. Finally users are able to use the Import feature, to take the criteria created by someone else and upload this into their SecurityCenter to populate a Dashboard. This is a great function, and one that is severely underused, the Tenable forums host a wealth of technical expertise, and can mean that some of the dashboard elements that are typically very tricky to configure can be easily imported.
Dashboards are an invaluable tool when used correctly, and if they are utilised appropriately, can provide a high level insight into a whole host of information that is extremely valuable to any organisation. Since dashboards are updated on a regular occurrence, make sure to keep your eyes open for any new Dashboards released by Tenable.