• Overview
  • Features
  • Real Life Examples
  • Requirements

Overview

Summary

Shavlik Security Intelligence (SSI) is an intuitive, customizable Web-based dashboard. It places critical security information at your fingertips, giving you the intelligence you need to act with confidence. SSI provides an unparalleled ability to quickly and continuously deliver an enterprise-wide reach into security intelligence. It collects data from multiple sources and makes it available in one location. This greatly simplifies the task of tracking the security state of any sized network. SSI’s comprehensive enterprise view presents you with the information you need to quickly assess your risk level and act accordingly. For example, you might use the information to determine if defensive measures, such as applying critical patches or updating configuration policies, are required to successfully defend the corporate network from attack.

A Closer Look

SSI is designed to work with extremely large amounts of security data, turning it into intelligence that helps IT managers direct their security spending to those areas that need it most. It delivers to organizations near real-time metrics on areas of concern or risks related to their current security configuration settings, system patch levels, spyware and malware, as well as non-compliant software.

With SSI, not only can you create customized dashboards for an instantaneous assessment of your security and policy compliance states, but it also allows you to drill down and see the data that drives the dashboard analysis. SSI lets different company decision makers review and analyze security data from multiple sources via a single Web-based application.

SSI offers a total picture of your organization's network security. With SSI you can:

  • Integrate multiple data sources together for one comprehensive view
  • Identify trends and patterns
  • Quickly view and assess “How secure am I?”
  • View up-to-date reports that dynamically change as the data refreshes
  • Activate automated alerts
  • Allow different users to view data based upon their role

Real Answers to Really Tough Questions

How does your organization:

  • Prove compliance with policy and regulatory frameworks?
  • Prove adherence to a patch policy?
  • Prepare for an audit?
  • Report on IT governance initiatives?
  • Perform risk analysis?
  • Assess performance relative to service level agreements?
  • Validate that spyware remediation actually occurred?
  • Provide visibility on IT risk assessment and compliance for all constituents?

Easy! With SSI you can answer all of these questions, and do so all from one easy to use, Web-based dashboard. See the “Real Life Examples” tab for some examples of how you might use SSI in some real life situations.

 

Features

Shavlik Security Intelligence contains a large number of product features. In addition to reviewing the following list, you can also see several of the product features in action by viewing the product tutorials

  • Customizable Dashboard: The Shavlik Security Intelligence dashboard can be customized to display the number of panels of information you want, and in a layout that you prefer.
  • Easy-to-Use Navigation Menu Bar: All product features can be immediately accessed using the Navigation menu bar. The contents of the Navigation menu bar are configurable for your specific requirements. The Navigation menu bar can be used to:
    • Access all available user documentation
    • Access a variety of pre-defined reports, charts, and meters
    • Manage your users, roles, groups, etc.
    • Store your own data in a secure environment
  • Expandable and Collapsible Panels: Every panel on the dashboard can be configured to display any type of information (links, reports, charts, etc.). In addition, each of the panels on the dashboard can be individually expanded and modified.
  • Generous Reporting Tools: Reports are one of the cornerstones of SSI. You can design and build your own unique reports. Once built, you can send the reports to other users for review. And you don’t need to worry about sensitive data within a report from being seen by the wrong person. With SSI’s built in security, each recipient’s user ID and data security information will determine what data content they are allowed to see and what analytical functions they can perform. In addition, SSI provides tools to sort, filter, export, and print your reports.
  • Visually Friendly Charts: Charts enable you to view your information in an easy to understand graphical fashion. Charts are created directly from the data cells that you select within a report. SSI provides several different chart types. You can pick the chart type that best suits your personal preferences and your data. The available chart types include a variety of bar charts, pie charts, and line charts.
  • Demonstrate Regulatory Compliance: Review real-time data assessment results and analyze them for adherence to specific regulations, policies, and standards (e.g., Sarbanes-Oxley, FISMA, ISO 27002, NIST). Generate high-level compliance reports and drill down into them to review problem areas and make technical recommendations. Use the reports to help you prove that “due care” has been taken to ensure that the appropriate controls are in place for your entire network.
  • Role-based Administration: Assign user rights from a granular level, down to the data attribute level. Role-based rights can be created with permissions around specific views, refresh rights, ability to create, edit and delete reports, and many other functions.

 

Real Life Examples

So how do you use SSI to answer those tough, real-life questions? Here are a few examples.

How Do I Prove I Am In Compliance With Various Policy And Regulatory Frameworks?

To answer this you need to know how the machines in your organization fair when compared to the security checks in the various regulatory frameworks. You can determine this by creating a report that displays the status of all available security checks. You then compare their status to those checks in individual frameworks (ISO 27002 and NIST 800-53). You can also drill down to the machine level to see how each individual machine is conforming.

  1. From the home page, click the Navigation Menu Bar and select Sample Databases and Reports > Shavlik > Compliance > Compliance State.
  2. Drag and drop the Checks Compliance, the Framework Checks, and the Machines hierarchies to the Row Fields, and the Measures hierarchy to the Column Fields.
  3. Click OK.

    A report is displayed. Look in the System Checks in Compliance and System Checks out of Compliance columns to see how you are performing.
  4. Expand the machine list to view how each individual machine is performing.
  5. In the Measures dimension, enable any additional measures you want to view.

Do My Machines Conform To My Patch Policy?

Your patch policy is normally determined by one or more critical patches you have defined in a patch group. To see how a certain group of machines is doing (for example, all your Windows XP machines) you simply create a report to view just those machines and the desired patch group.

  1. From the home page, click the Navigation Menu Bar and select Sample Databases and Reports > Shavlik > Patch > Patch State.
  2. Drag and drop the Operating Systems and the Patch Group hierarchies to the Row Fields, and the Measures hierarchy to the Column Fields.
  3. Click OK.

    A report is displayed.
  4. In the Operating System filter, clear all the check boxes, expand the Workstation list, and then enable the three Windows XP check boxes.
  5. In the Patch Group filter, enable just the patch group you are interested in.

The resulting report will show the number of machines that contain the selected operating systems and how those machines fair when compared to the selected patch group.

Am I At Risk To Newly Announced Vulnerabilities?

With SSI you can very quickly determine your exposure to new vulnerabilities discovered in specific programs. For example, assume an iTunes vulnerability is making headlines. How can you determine if any machines in your organization contain this unapproved program, thereby putting your organization at risk? Simple.

  1. From the home page, click the Navigation Menu Bar and select Sample Databases and Reports > Shavlik > Unapproved Applications > Unapproved Applications State.
  2. Drag and drop the Signatures hierarchy to the Filter Field, the Machines hierarchy to the Row Fields, and the Measures hierarchy to the Column Fields.
  3. Click OK.
  4. In the Signatures filter, click the down-arrow, select iTunes and then click OK.

The report will now show just those machines in your organization that contain iTunes. You can use this information to decide your next course of action.

 

 

Requirements

Single Server

  • Windows 2003 SP1 or later
  • IIS 6.0
  • SQL Server 2005 SP2 or SQL Server 2008
  • SQL Server 2005 SP2 or SQL Server 2008 Analysis Services
  • SQL Server 2005 SP2 or SQL Server 2008 Integration Services
  • .NET Framework 2.0 or later (if this component was not installed after IIS a reinstall may be required)
  • MSXML 4.0
  • MDAC 2.8
  • ASP.NET

Dual Server

Note: Distributed Transaction Coordinator access must be enabled

  • Web Server
    • Windows 2003 SP1 or later
    • IIS 6.0
    • .NET Framework 2.0 or later (if this component was not installed after IIS a reinstall may be required)
    • MSXML 3.0
    • MDAC 2.8
    • ASP.NET
  • SQL Server
    • Windows 2003 Server or Windows 2000 SP4
    • SQL Server 2005 SP2 or SQL Server 2008
    • SQL Server 2005 SP2 or SQL Server 2008 Analysis Services
    • SQL Server 2005 SP2 or SQL Server 2008 Integration Services
    • .NET Framework 2.0 or later
    • MSXML 4.0

Clients

  • Clients must be using either Internet Explorer® 7.0 or Firefox® 3.

 

 


Designed by Palyacho