Security Operations Center Dashboard

Dashboard Topic: Security Management Dashboards

Enterprise dashboards are now quite popular in the area of Security Information Management. Reporting of incidents and threats are commonly surfaced via the dashboard format. The Dashboard Spy has reported on several security management dashboards such this application security dashboard.

Today we look at threat management, not at an application level, but on the enterprise level. Thanks to an avid Dashboard Spy reader who is also an expert at security information management systems, we have a sneak peek at the screens of a not-yet-released Security Operations Center Dashboard. These screenshots show how a dashboard and portal approach facilitates the various management tasks central to a security operations center.

That Dashboard Spy notes that while there are security information management tools such as ArcSight, Intellitactics and CiscoWorks, they don’t handle the business aspects of an Security Operations Center (SOC) organization. To address that market gap, there is a new product on the horizon called the Ops Soft Portal (www.opssoft.com) that serves as an adjunct to SIM tools by providing collaboration, workflow, publishing, reporting, tracking and dashboard capabilities.

Here is a look at the OpsSoft Portal Dashboard:

Security Operations Center Dashboard

As you see, the Dashboard tab of the portal brings up the KPI dashboard. You can enter in a date range, hit go, and see an overview of security metrics including IDS status (intrusion detection system), number of incidents, ISVM notices, top virus type intercepts, spam messages stopped, top relays, number of VATs (vulnerability assessment tracking), number of SENs (security event notifications), and ISVM compliance. Each dashboard KPI is presented graphically and offers drill down capability.

The security portal itself is presented in a dashboard style as well. Here is a screenshot of the portal main page:

security management portal

Of particular note is the incorporation of a security blog. This allows the administrator to keep users advised of system news, help materials and other community-oriented material. Here is a look at the admin screen for the blog functionality:

security management blog

I often ask people who are submitting screenshots of dashboard applications to include screens that receive little or no attention. They can often be very helpful to those of us trying to build similar systems. Here are a couple of internal pages such as user maintenance, etc. as well as a look at the other tabs in the portal.

user administration portal screenshot

security event notification dashboard screenshot

security incident reporting dashboard screenshot

vulnerability tracking system dashboard screenshot

vulnerability compliance dashboard

Here is a features list of the security portal:

  • Security Event Notification Publishing and Tracking
  • Comprehensive Incident Handling and Response Capabilities with workflow
  • Vulnerability Assessment Scan Scheduling and Tracking
  • Vulnerability Management Publishing of Technical Alerts, Advisories, and Bulletins
  • Vulnerability Management Compliance Tracking
  • Dashboard View of overall Security Posture of the organization with drill-down capability
  • Comprehensive Reporting Capabilities
  • Facilitates Compliance with FISMA and OMB reporting
  • Security Device Tracking
  • Several Security Related RSS Feeds and Links to Security Vendors
  • Source of information about the Organization’s Security Policies and Directives
  • Discussion Forum for Security Related Discussions
  • Blog for Immediate SOC Related Information to be posted
  • Engineering Change Control for System Change Requests
  • An Administrative Interface for Managing Users and Roles
  • User role based with application role based access
  • Ability to add data feed and generate Dashboard Graphs
  • Ability to add third party software for integration to the portal such as Vulnerability Scanners and Ticketing Systems

Tags: Security Operations Center Dashboards, Security Information Management System Portal Dashboard

6 thoughts on “Security Operations Center Dashboard

  1. Pingback: Dashboard Recap - Recent Screenshots Sept 13 2007 » Executive Dashboards

  2. Pingback: Recent Dashboards from The Dashboard Spy « The Dashboard Spy

  3. Hello,
    Great forum!
    I found a lot of interesting information here.
    Does this forum helpful for you also?

  4. Hello! I just found this blog and it looks really helpful for dashboarders. I’m going to try and read every single post!

  5. Pingback: Enterprise Security Metrics 1 | Dashboards.TV

Leave a Reply