Reportin' Stats to
Please the Boss
Our executives like
numbers. And heaven forbid we disappoint them … so here’s our plan: We want to
collect network security and performance data and put it into a report. That
way the executives will know what happens in our shop on a regular basis. For
those of you who are already doing this, how do you monitor and present this data to executives—and how often? What is the best way to leverage such a report for
budgeting and network re-evaluations? I’d
appreciate any help your readers can give me.
—Louis,
Tech Manager
Summary of Advice Received
|
How to Start a Business Blog and Build Traffic
by Meryl K. Evans, meryl.net
Get advice and resources for determining whether or not to start a blog,
selecting a tool and publicizing the blog. Why learn the hard way when you can
get going faster with this report by a person who has successfully blogged for
over four years?
If you like
this article, you'll like this report. Get this report and receive a free
copy of "A Marketer's Guide to e-Newsletter Publishing," a $24.95 value!
Special Offer:
Order and
receive a complimentary copy of:
A Marketer's Guide to e-Newsletter Publishing, a $24.95 value. |
Louis, all of the responses suggest various
tools to use for monitoring and creating stats. Like investigating any
application, find the tool that best fits your organization and its processes. Kevin Buchanan, IS director with
Lexington Memorial Hospital, says there isn't a single solution that pulls data
from all sources to create a good executive report.
"Here are the
tools I use to gauge our situational status. MRTG is a SNMP tool
that can monitor any SNMP-enabled devices. I use it primarily for monitoring
routers, switches and server NICS. It is also nice for providing historical
performance benchmarking/utilization. IPMonitor
is an effective monitoring and notification tool that we have used for years.
We don't staff our IT center 24/7, but we are on call, and IPMonitor keeps an
eye on our network and applications to provide instant notification when an
alarm is triggered. It provides great reports for uptime and response
monitoring.
"Shavlik provides
a cost-effective and manageable means of patch management. The integration with
Active Directory helps us target specific users and sites to give us a flexible
and reliable means of patching our systems. The reporting demonstrates and
confirms our patch-compliance status. In the end, I run several reports and use
the collection of reports along with a short narrative—and usually, no one has
any questions. Practically, there isn't one solution that will give you
everything, but several solutions are cost-effective, perform well and are
easily managed."
A reader
uses Shavlik's HFNetCheck Pro
integrated with the company's software distribution and inventory tool to
report daily on outstanding vulnerabilities on all 130K desktops in their
environment. Specific details for all open vulnerabilities including the
assigned line of business or department are reported, tracked and trended.
"On the report we
track status and issues, freeing our engineers to focus on the patches and
distribution, and allowing the management to quickly assess progress and status
when it's best for them. At the end of the year, you have some really impressive
statistics that clearly show the rate at which you remediate vulnerabilities,
the volume of vulnerabilities and great data for assessing your ROI."
Mike Smith, programmer at Larry Methvin Installation, suggests several tools.
"Snort and ACID collect tons of information.
Running Ethereal has proved invaluable for stats or trying to locate 'noise' on
the network. Occasionally we scan the network with HFNetChk for workstation
information."
Shawn Cannon uses a Silverback Technologies product.
"We collect
relevant event log data and performance data, and the data is put into a SQL
database for archival and reporting purposes. We have a group of developers
that has created reports through Crystal to give our executives a monthly
executive summary and all the necessary security-related details with notes on
how these events were handled."
Esmond Kane
offers two options: one for those with a budget and another for those without a
budget.
"If you have the
budget: Solarwinds, HFNetChk, eEye Retina and Adiscon/MSACS (when it ships). If
you don't have a budget: MRTG/Nagios/Cacti, Nessus, NTSyslog and Syslog-ng.
Scour Gartner and SAN for downtime analyses, statistics and risk assessments.
Mine your existing reporting capacity for simple and pretty graphs. List the
fiscal value (cost/benefit) in devoting resources to security over the risk of
intrusion/disclosure/compromise. Mention the hourly cost to the company of a
spyware/virus on the workstation, server, network and gateways/firewall. Detail
the multi-faceted nature of modern threats.
"Don't overly
favor a particular vendor/solution, CYA and mention social engineering, and
know that insiders are the most deadly attack vectors (google for Passwords and
Chocolate). Bias the report in your favor by stating your cost saving measures
to date and your preferences for future direction/acquisitions."
Winston Klein provides
several monitoring options for tracking stats.
"For monitoring
bandwidth and network usage, you might want to look at a tool called PRTG Traffic Grapher. This tool monitors
multiple network devices and provides real-time 'bandwidth usage of leased
lines, routers and firewalls. You can also monitor many other aspects of
servers, managed switches, printers and other network components as long as
they are SNMP enabled' (description from PRTG). The best part is that if you're
a small shop, you can use the free version to monitor a single device."
No matter your budget, many tools exist to
help with tracking stats and creating reports. Do your research to find the
one(s) that best fits your processes and existing tools. You'll impress the
bosses with your reports in no time.
[ PRINTER FRIENDLY VERSION ]
