Beyond the reporting discussed so far and related to customization, more advanced reporting capabilities are yet to be fully demonstrated by vendors. We will discuss this in a separate section of this book because, for organizations that have not yet begun to mature their processes, these capabilities may not be immediately needed. However, if you think that your organization will have a firm need for reports in support of process optimization, consider the following basic requirements:
- The product should be able to allow for customized reporting based on access to raw audit results.
- Summary tables of audits should be available in an open database structure (schema).
- Add-on functionality should permit some statistical analysis of vulnerability data.
- Beyond data analysis, the information should be combined with or readily able to combine with network topology information to assess risk by attack vectors.
These capabilities are more complex and require greater discipline in staffing and process. They directly feed risk management functions as well as security incident management. Products already on the market can combine this information from the major VM vendors and combine it with firewall, intrusion prevention system (IPS), and network equipment products to map and identify threats. Some vendors can even permit you to assess risks at a high level and then drill down into the specific configuration items on host, network, and security elements that can be altered to remediate an impending threat.
Assess your candidate vendor’s compatibility with these advanced products to leave a path for future enhancement. As of this writing, the most advanced of these risk management products are few and expensive but offer great functionality to the technical risk manager.
0 comments:
Post a Comment