For the longest time, or as far as I can remember, the holy grail of all networking platforms has been the need for a single pane of glass, that single source of all information that you would need to be most effective.
So, what is a single pane of glass?
If you take it at face value, it simply means a window that consists of a single square frame through which you can peek and get a panoramic view of what you are looking at. I don’t know how this term came to be, but it may be referring to the ability to look at a computer screen and get a snapshot view of everything such that you will not need to look elsewhere. Simpler said than done. The single pane of glass is not a myth, rather, it is an unobtainable objective whose value may have been over-hyped in order to differentiate from the rest. It is no different in Cybersecurity.
There is a lot of talk in the cybersecurity world about a single pane of glass approach, which can often be misleading. It leads us to believe that the customers are looking for a single window or view to be able to visualize and understand the state of their cybersecurity posture at any given point where visualizations and metrics and other interesting insights will help them elevate and improve their cybersecurity posture. This is not entirely true.
With the number of different solutions used by companies to accomplish multiple tasks and manage different networks on the rise, it is impossible to have a master single pane of glass for everything, nor do I believe it is expected. What is expected that there are multiple views that tell the right story to the right audience, which means multiple single panes of glass, otherwise known as dashboards. Yes, dashboards that are designed with the user in mind and lets that particular user accomplish the task for which they are responsible, so in essence, a single functional pane of glass or functional dashboards for their task is where the real need is.
Different Roles Require Differing Functional panes of glass
The various roles within an organization that are responsible for the cyber health of the organization (IT and OT) can be broadly classified into the following user types/personas:
- CISO or the CIO
- The Functional or department leader, such as a plant manager or IT manager
- Finally, the IT or OT practitioners or analysts
Therefore, it is unrealistic to expect that a CISO will want to see the same information as an analyst, or the plant manager will have the same understanding of the different metrics and their impact as does the analyst. The multiple dashboards/functional panes are single panes of glass aimed at helping the users to be effective at their jobs. This is particularly true in larger organizations, with complex integrations and cybersecurity needs, where the user would like to see their core cybersecurity posture in a single view that combines their different tools into one location, giving them a holistic view of their cybersecurity state. Too many tools, too many functions, and too many expectations. Functional panes of glass, united through a common workflow that ties the different aspects together into a single view; that’s what is needed at the core. Some examples of these various functions are:
- Vulnerability management
- Configuration management
- Change detection
- Patch management
Form and Function
“Functional pane of glass” is synonymous with Dashboard, which is used to describe a visual representation of multiple metrics, indicators, status, and state information from a variety of systems, networks, and services – all brought together to create meaningful insights (in this context), about your cybersecurity posture.
The key to creating this functional pane of glass is accepting that it is almost impossible to capture the ideal or all-encompassing view that will address all needs. So, the cornerstone of this functional pane of glass has to be flexibility and the ability to customize. I have outlined a few characteristics that define a functional pane of glass, though I should mention that these would largely depend on your organization’s architecture, approach and need:
- A simple straightforward graphical user interface that is easy to understand, navigate, use, and extend.
- Data consistency – Look for vendors with a broader product portfolio that address your needs for cybersecurity controls. This way, you ensure that there is consistency in data and understanding of how the tool works.
- Designed for the audience: Identify your users and their needs. This will allow you to determine what kind of data you need for your functional panes of glass.
- Data Sources and Consolidation: Ability to include multiple data sources. Start with consolidating all data from different sources in a single location. this makes it easier to manage, analyze, and share. Use APIs to communicate with external integrations and bring in relevant data.
- Technology stack: Choose a technology stack such as AI/ML that can really help you by processing different data into meaningful insights,
- Workflow driven – Design the functional pane of glass by understanding the workflow that will allow them to complete their job with the information from that functional pane of glass.
- Build it as you need it: Ensure that you build flexibility and customization so that each user can make it work for their needs. Examples of such customization include, but are not limited to, widgets, filters, tags, displayed information, graphs, parameters, etc.
While the notion of a single pane of glass sounds almost calm and serene, the reality is that given the multidimensional aspect of cybersecurity, it will be almost impossible to achieve that. Predominantly, it is not necessary, because what is needed is the ability for the user to be able to get their job done. Functional panes of glass allow you to accomplish just that, while addressing the needs of the different stakeholders.
Connect with Tripwire
Tripwire Connect transforms configuration, change, and vulnerability data into meaningful insights in the form of dashboards, metrics, and reports, to help you manage cyber risk across your entire organization. It provides actionable insights into the following.
- Vulnerabilities (VM): The solution provides a dashboard view as well as details around vulnerabilities in your network, along with a risk matrix that allows you to know the most critical vulnerabilities as well as which ones to prioritize first.
- Policies (SCM): The SCM dashboard tracks an organization’s ability to maintain compliance to a resilient state. Failures in policy should be investigated and remediated to prevent breaches and outages.
- Changes (FIM): Change is good. When change becomes bad, you need to understand it, and you need to evaluate if the change process needs improvement. The FIM dashboard can help you to identify unauthorized or unexpected changes.
For more information on Tripwire Connect, click here.