The big buzz around RSA this year seems to be the concept of dashboards. By establishing frameworks, various vendors will be able to integrate data from their respective products. Users will be able to view a simple interface and “see” the status of their network security. While at first blush this may seem to be a giant leap forward and a truly helpful product, is it really all it is cracked up to be? I think not. Much like compliance checklists, a nice pie chart or bar graph can deceive users into thinking they are truly secure; but are they? A deeper understanding of what these dashboards are truly quantifying or measuring is essential. While almost everyone knows that the gauge in their car with the little gas pump icon tells how much gas is in the car’s tank, will every viewer of a “security dashboard” really know what information is being conveyed? This especially applies to those not in the trenches but to those that make decisions about money, specifically, how much of it will be allocated to IT security projects. Time and time again we see short sightedness because the minimum has been done and the enterprise is technically “in compliance.” Why would we need to do more, the money dolers ask? I fear that a fancy dashboard with nice colorful lights will only serve to delight a select few and cause further battles for those truly in the know.
Cimcor is an industry leader in developing innovative security and integrity software solutions that help protect the nation’s computer networks from unauthorized access. Cimcor’s innovative flagship software product, CimTrak helps organizations to monitor, protect and “self-heal” computer servers and network devices in real-time, including who is making changes, what is being changed, when change is occurring, and how the change was made.
