Perimeter
3/27/2012
10:28 PM
Commentary
Commentary
Commentary
50%
50%

A Single 'Pain' Of Glass?

Is the often-pitched 'single pane of glass' a benefit to security monitoring tools or yet another point of contention?

Promising the coveted "single pane of glass" for all levels of the organization to leverage, vendors are hoping to bring their products to bear in support of the entire business stack -- from the entrenched security practitioner at the bottom to the executive branch of the organization.

One problem with a single pane of glass is that (marketing analogy aside) glass is fragile and is likely to shatter should someone or something apply too much pressure or weight upon it. If one were to straddle a large pane of glass between two tables and begin piling boxes upon it, the glass would inevitably shatter when it could no longer manage the weight. Another problem with the single pane of glass analogy is that, on one hand, it provides visibility into the mountains of collected data and subsequent intelligence (such as alerts, reports and tickets), but on the other hand, it also generates a much larger field upon which to focus.

Think of a small glass bottom boat that allows you to view the ocean floor. If it's a relatively small pane of glass you can easily focus your gaze on what's important -- tropical fish, coral, and maybe even a shipwreck. Now take a cruise ship and give it a glass bottom. Not only will it be difficult to focus on particular items of interest, but you may also have to push other cruise-goers out of the way to see the same item.

Vendors must be wary about bolting on features and functionality haphazardly lest it result in their customers being impaled by shards of broken (and painful) glass.

The ideal solution: A dashboard-like analytics interface that allows the end user to represent the data that THEY care about with as much or as little visualization as THEY deem appropriate or relevant. Though vendors believe canned dashboard widgets ultimately help the end user (and in some cases they do), a user can dull the "pain of glass" if presented with a tool that allows for the massage of the data into the widgets or data presentation elements that are dynamic, easy to manipulate, and highly configurable for the organization.

Vendors need to start caring less about canned widgets and more about malleable data presentation capabilities.

Andrew Hay is senior analyst with 451 Research's Enterprise Security Practice (ESP) and is an author of three network security books. Follow him on Twitter: http://twitter.com/andrewsmhay

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1637
Published: 2015-03-06
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for r...

CVE-2014-2130
Published: 2015-03-05
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka B...

CVE-2014-9688
Published: 2015-03-05
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

CVE-2015-0598
Published: 2015-03-05
The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.

CVE-2015-0607
Published: 2015-03-05
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connecti...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.