BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

The Value of a Management Console

Posted August 18, 2010    Morey Haber

My background is in Network Management Systems (NMS). In the late 1990’s, the buzz words for NMS were around a “single pane of glass” management. This referred to a single CRT computer screen showing all of the relevant network management information in one view. The inherent value in this approach was the ability to see all of the relevant network information and status at a quick glance. For enterprise clients, this quick glance included “management by exception” since the single pane of glass should only show aspects that were faulty or out of tolerance versus all elements in the network. If they did show everything, the view generally became cluttered and lost its value as a quick glance tool.

The value and philosophy of those management consoles still holds true today for vulnerability management. Reporting aspects of vulnerability assessment are designed to show you which devices are not within acceptable parameters; and management console dashboards highlight the highest risk assets and vulnerabilities. In essence, they are performing the same functions of management by exception using vulnerabilities and security as filtered disciplines.

Thus, the inherent value of a management console is how much relevant information it can bring together into that single pane of glass and then allow detailed drill down of information when requested. The correlation of relevant information is equally as important in establishing this value. Consider a vulnerability management console that indicates your highest risk assets and which vulnerabilities are present. Every vendor in the vulnerability management industry has the view today. The technology for which is over a decade old.

Now consider that same single pane of glass that also tells you what attacks that asset has experienced, what malware has been detected, and all of the relevant asset information including software installed and even processes running. The value of this management console has just increased because it extends relevance of the data to not only show what is vulnerable, but is also showing how that device is interacting with the environment from a security and asset management perspective. If we now couple that same view with the ability to manage our regulatory compliance initiatives and even offer two way communications to those devices that need remediation, our single pane of glass now provides a value that has never been realized before. A single management console can now provide the entire lifecycle of vulnerability management for assets from discovery, assessment, reporting, and remediation.

So I would like to pose this question to my readers for comments:

Do you use a management console for a lifecycle approach to vulnerability management? If not, why?

Solutions are available today that can realize the visions of a decade ago and simplify your entire approach to vulnerability management. If you’re using a solution that only reports vulnerabilities, eEye can truly provide your business the value it has been striving for in the next generation management consoles.

Tags:

Leave a Reply

Additional articles

webinar_ondemand

On Demand Webinar – Why You Still Suck at Patching

Posted March 27, 2015    Lindsay Marsh

On Demand Webinar: Dave Shackleford recounts some of his personal experiences in patch management failure, and breaks down the most critical issues holding many teams back from patching more effectively.

Tags:
,
dave-shackleford-headshot

Why You Still Suck at Patching…and How to Turn Your Life Around

Posted March 25, 2015    Dave Shackleford

Live webinar | March 26, 2015 | 10am PT/1pm ET | Dave Shackleford, SANS Instructor | Why You Still Suck at Patching…and How to Turn Your Life Around

Tags:
, ,
infographic

Privilege Gone Wild 2: Over 25% of Organizations Have No Privileged Access Controls

Posted March 24, 2015    Scott Lang

BeyondTrust recently conducted a survey, with over 700 respondents, to explore how organizations view the risk of misuse from privileged account misuse, as well as trends in addressing and mitigating those risks.

Tags:
,