Security Reporting and Analytics: Your Top 3 Dashboards
March 29, 2018
Melanie Karunaratne | Senior Manager, Product Marketing | Ivanti
Jeremy Carter | Manager, Product Management | Ivanti
In the era of increased cyber-threats, GDPR, and proof of Compliance, up-to-the minute, meaningful and actionable IT security data is critical to every business. Just as important is the ability to show how that ‘meaning’ was derived without manipulation.
- Do you know the age of missing patches from your endpoints? Discover how to see the attack area and limit your threat exposure.
- How is your environment performing against the top 5 Critical Security Controls? Understand your position against the controls identified by the Center for Internet Security
- Compliance reporting is not one size fits all? Learn how you can achieve different goals and perspectives from the same core data and get rid of the noise and clutter.
Join this webinar to learn how Ivanti reporting and dashboard solutions can help solve your security reporting challenges.
Melanie: Welcome to today's Ivanti webinar. Thanks so much for joining. We're really pleased to have you with us. Today's webinar is "Security Reporting and Analytics: Your Top Three Dashboards." My name is Melanie Karunaratne. I'm one of the product marketing leads at Ivanti and I'll be presenting today along with my co-host Jeremy Carter from our product management team over the reporting and analytics business line.
So before we start just a couple of normal housekeeping rules to let you know what's going on. If you have any issues with hearing or if you want to ask a question, please use the Q&A facility in WebEx. We have muted all the lines for everyone's comfort. Also this record...this is being recorded so that if you miss anything or if you feel your colleagues would like to get more then we will be sending out the links and they'll be available on our Ivanti website just as soon as we can get them up there.
Also we'd love your participation. As I said please use the Q&A to ask questions. Please tweet us @ivanti or #ivanti. We've also got a couple of polls running in this webinar so at some point you will see some polls popping up to the right of your screen around where the Q&A and chat facilities are and we'll be asking one or two questions just to keep you on your toes and hopefully we'll get some responses and we'll be able to let you know how you fared on those so.
But without further ado let's get going. So as I said this webinar is "Security Reporting and Analytics and Your Top Three Dashboards" and what we're trying to do in this webinar is to take a look at the current state of the security landscape and how that relates to reporting and the challenges that you are facing when you're pulling reports, dashboards, trying to look at analytics. And what we'd like to do today is walk you through the key areas that you should report on and how Ivanti can help you meet the challenges around reporting that you're seeing at the moment.
We're also going to show you some demo and then as we mentioned before we'll take some questions at the end if you'd like to use the Q&A chat facility or chat facility.
Poll #1 and Security Challenges
So let's get going. And just to get you all started let's start with our first quick poll. So hopefully you are seeing a poll on your screen and let me just read out the question for you. How many security challenges...or how many security solutions do you currently use in your organization? Is it A, one, B, two to four, C, five to seven or D, seven plus? We're gonna give you a couple of minutes to answer that so please enter your answer and then we will provide those as we go along the next slide or two.
Okay. So let's start by talking about some of the security challenges that you guys are facing. We hear about these from our customers all the time and I'm sure, absolutely sure that you're on the same boat. We understand that security issues are evolving and it affects your posture and trying to handle all of this is overwhelming at the same time just trying to meet compliance specifications with limited resources. And also the other thing that we think is key is ensuring that there is integrity behind the data for the audits and compliance reports that you need to provide and that's without having additional expense by having to add additional resources and making your lives really, really hard.
And so this is compounded by the number of security solutions that you could potentially be asked to manage. And that's why we ask the question actually, how many solutions you are currently using at the moment. And one of the things that we've seen or...sorry. One of the facts according to an industry survey by CISCO is that according to their poll 65% of security professionals are using at least six security vendors. So I'm not sure how many you're using. Hopefully we'll see that shortly but that's what CISCO has found. So this patchwork of security point solution each have their own interface and that does not provide that complete integrated view of the risk of the newer environment. I mean, you guys know how difficult it is because you're almost in swivel chair motion going back and forth between security solutions. You are grappling with these multiple tools, you're having to work with multiple vendors and naturally that's going to create gaps where attacks can be launched and that adds risk and cost and it increases the pressure on your already overworked teams and also on your IT governance and how that all fits together.
So there's so much information coming in from these six plus solutions that you could be using all from different places. That causes gaps in your reporting as well. There's a lack of reporting integration between the tools that you're using which...it makes...it's slower for you to respond, it increases your risk and the number of security threats continue to evolve. It just makes life way more complicated.
You've got unfocused metrics, you've got your manual tasks. You're flipping between tasks where you've got masses of data. You're trying to find it in separate tools. You're trying to correlate. You may be taking it out into spreadsheets. By doing that you're likely to have errors, you're using up precious, precious resources. Manual manipulation is never a good thing. It always becomes a problem when it comes to integrity and you get that false sense of security because your metrics or your decisions are based on, quite frankly, unsound data if you're having to manipulate it outside of security solutions or if you're having to knit together security data from different solutions and the limited views. And, of course, with all this going on when your security is at stake you really can't afford to be doing manual work to get that completed. Couple that with the compliance and audits that are coming at any time it often disrupts your workloads because you're having to cope with an upcoming compliance audit and you've got IT personnel rushing around trying to pull data from the different solutions and it's clear that what's really needed is something that you can just grab up to the minute with all of the data from all of your security solutions all in one place whenever you need it.
Poll #2 and Cost of Data
So okay. We have another poll coming up. The last poll has ended. We're onto the next one so if you wouldn't mind here's another quick question for you. Okay. I'm still seeing the same poll. How long does it take you to pull the security reports you need about your environment? So we just talked about the fact that it could take you rather a long time. So we'd like to understand that from you. Is it less than 30 minutes? Is it one hour? Is it four hours? Is it a day? Is it a week? Is it greater than a week because you're having to ask security specialists to help? Sorry. Security reporting specialists to help you. And let us know how long it's taking you to pull that data from your security environment and into reports that you are finding useful.
Okay. So we'll let you answer that poll and whilst you're doing that we will keep going. So the cost of not adequately protecting your data can literally take you out of business. I mean, it's hard when you know that you have to focus on your decision...attention with so much data out in the wind. We just talked about the fact that you're pulling data from various places and whilst you're doing that where to look and what to focus on and how to get rid of the superfluous data that's coming from your solutions. That's another headache and it's also a distraction to your teams when they should be focusing on the job in hand which is protecting your environment. They may be running around looking for...or you may be running around looking for the reports that you need and it's really hard. And in this particular area where we know that cyber threats are absolutely increasing you've got compliance things coming through like GDPR. You have to please compliance. You need to consider a different approach to deliver that up-to-the-minute, meaningful, actionable IT security data. That's really critical for your business. If you don't have that, as we've mentioned, it could put you out of business just on reputation alone. But it's really important to go over to show how you get that data very fast and how you derive meaning without the manipulation of taking it out of reports and into spreadsheets.
So without the right level of information in place you can't determine your exposure, your level of acceptable risk that we talked about and we think there's a better way. We think we can help you make your data work better for you.
So here are three areas that we feel are important to focus on in your reporting. So the first is how your environment is reporting against the top five security controls. That's understanding your position against these controls and identified by the Center of Internet Security. The second one is patch aging. Now patch aging, the identified security controls but we feel it's important. So we pulled this one out after the separate one. Do you know how many missing patches there are? Do you know the age of the missing patches from your end point? Can you discover how to, you know, see that attack area and limit that threat exposure by understanding your patch aging. And then finally we feel that you need to look at your compliance data. You need to understand that the reporting...the compliance is not one size fits all. We know that. But there are other ways to achieve the goals that you need and the perspective that you need to get from that pool data by getting rid of the noise and clutter and just focusing on different views.
Okay. So before we go on I see that we've got some results back from the poll. So looking at what you guys are telling us at the moment, 45% of you, in fact add it up, 45% are taking four hours or more to pull reports that they need, 32% a day and 5% a week. So that's almost...well, that is 80%, guys. Eighty percent of your time it's taking you to pull the reports that you need. There's definitely, definitely a better way.
And this is where I'm going to introduce Jeremy to ask us how we can accomplish that.
Jeremy: Yeah. Thanks, Melanie. Yeah, we can accomplish this with using Xtraction. And Xtraction is a Ivanti's reporting and dashboarding solution. It provides a self-service of real-time reporting and dashboarding technology that basically brings back that intelligence back to IT. We can use our own solutions or other third-party solutions or other vendor solutions as data sources to bring in data into Xtraction and to provide basically that real insight highlighting trends, risks, financial impact, all of which are key to keeping an eye on the business and keeping an eye on those threats as you mentioned earlier.
Melanie: Great. That's...thanks, Jeremy. That's great. We have some...another...the first poll that we did, how many security solutions do you manage, interestingly we've had some results back from that and over six...let me just look at that again. Over 40% are using more than five solutions to manage your security environment. So that kind of matches what we said earlier, 52% of you using two to four solutions. Okay. Very interesting. Thank you for participating in that poll.
Okay. Let's move on. Jeremy, what can you tell us about this? What are we looking at?
Jeremy: That's an interesting result, seeing those polls to come back as well too because what we're looking at here is a dashboard and a little taste of what you'll see as we go throughout the demo here. But a dashboard that's showing us five different solutions here, highlighting a number of KPIs or individual pieces inside of each of those solutions that we want to keep an eye on and monitor and watch. So we'll talk a little bit more as we go through these different dashboards here but as you can see putting an executive view dashboard in front of you with the KPIs you're interested in keeping, and as you can see here there are third-party solutions here, there are a number of different solutions that may exist in your IT environment showing you essentially KPIs, things that you want to keep an eye on, want to track and highlighting those things on a very simple dashboard to call out or basically call attention to things that might be trending out of a compliant state.
Melanie: Thanks, Jeremy. Great. I know we're gonna see more of this in a short while so this just gives everyone a taste of what to expect later in our demos. But let's get started. We talked about the first of the three dashboard views that we want to talk about and the first one is the CFD controls. And for those of you that don't know about the CDF controls, I'm sure most of you do but just in case, in 2008 the CIS controls, formerly known as the Critical Security Controls, were created and they were created in collaboration with the US government and the private security sector. And these controls are effective tactical defenses targeted towards stopping attacks. So the CFS controls are technical in nature and define specific tactical steps that an organization can take to stop the most common cyber threats from compromising your systems. And we will talk a little bit more about that with Jeremy. Can you tell us a little bit more about what they are and why we should be concerned?
Jeremy: Yeah, absolutely. These are...basically they're 20 prioritized and well vetted actions that, excuse me, organizations can take. Like you said they are technical so they...a great point to add there. But basically, actions you can take to improve your security state, your security posture in the environment. There's a number of folks that should be concerned with these two. I like to say everybody's concerned with these but specifically you'll see the tasks generally with security operations in IT. For example, senior management may provide the support and accountability for implementing those controls. IT operations and security may implement those controls, perform the gap analysis, perform the assessments, the audits, maintain sustainability, map the cyber defenses in the environment and of course educate. Educate the users. And when we say everyone it's every person that's responsible for adhering to the guidelines and practices as well. One of the things that we like to do is focus on and talk to focusing on those top five. The top five will ensure that an organization receives most significant benefits in implementing those highest priority controls first, getting a good start on the environment. And I think we'll talk through a couple of what those are if you'd like to switch the slide there.
Great. So the top five. And in fact, these were actually updated to seven I think last two weeks ago here. But aligned with basically the latest threat data and current threat environment. And what these are are unauthorized or authorized device inventory, unauthorized or authorized software inventory, a vulnerability assessment and remediation, controlled use of admin privileges and then secure configuration for the hardware and software.
Okay. So Melanie, why are these important?
Melanie: Okay. So, well, we talked about the top five and they're really important because they will help you to reduce the noise. But there's a constant stream of cyber security information and problems out there that's kind of unclear and it's overwhelming with all the regulations that you need to all adhere to. It's really hard when you're trying to do your day job and trying to cope with all of this information that's coming at you. There's also competing expert opinions out there. There were lots of cyber security experts and, you know, no one wants to knock any of them but this just gives you some almost best practices laid down by the government and those private organizations. So reducing the noise. It's also an effective defense. It allows you to defend against the most common cyber security attacks. It allows you to discover and detect inventory and it allows you to patch or prevent by patching vulnerabilities to reduce your initial risk. And then finally you're able to respond. You're able to remediate. You're able to isolate. You're able to isolate that infected area. So that's why these top five are important. There are more security controls but these are certainly the ones to go for first.
So, Jeremy, I'm gonna turn it over to you and ask you. Okay. So I've told you why they're important but tell us how Xtraction can help.
Jeremy: Yeah, absolutely. Well, given...really given the vast expanse of the systems involved and determining how you measure up against those CSCs you wanna get visibility into what those controls are and like we put that into a single dashboard as well. You wanna know exactly when and know when and how those things are affecting your organization. Insight. Insight providing...basically the patches are the greatest threats. How long was the environment at risk? What are those...what's the impact with a risk in the environment according or based on those patches? For example, admin rights. Who has admin rights? Should they have admin rights is really the question. And how can you run a...basically keep an eye on that so when that happens you need something that's going to provide to you real time what the environment looks like and who has rights that are changing of the environment for example?
With devices and applications, you wanna know if there's unauthorized devices or applications on the network and again this is a visibility key. You wanna make sure you understand when those are coming onboard, when they're turning up, when they're showing up. Applications, we talked to...we talked about the shadow IT in the past as well too. What applications are showing up on a network? Are those applications exposing or introducing vulnerabilities into the environment that are things you need to keep an eye on? Change control is another interesting one too. Is the change control process being followed? Are we seeing those things complete and go through the entire process before change is actually happening and being introduced to the environment? And then lastly is application access. Do you have unauthorized access based on roles? Are we seeing a role creep or a scope creep with users basically in the environment? So Xtraction provides us really frankly visibility and insight into the environment and showing us what we want to keep an eye on or what should we be keeping an eye on in an environment.
If we take a look at a sample dashboard here, I wanted to bring this one up here. This is our CSC executive dashboard and what you're seeing here with this dashboard specifically are a number of things that we're highlighting or calling out and even putting KPIs at the very top there. With whitelisting the number of denied executions. These are applications that have run and have been blocked or denied. And so quite a number there and we can keep an eye on those and even dig into those and see what's...what are those applications or who are the users that are running those and what's happening with those.
Device control. Being able to see the blocked devices. So we have six blocked devices there. We wanna see what was blocked, who was blocked, what timeframe was that blocked in and be able to see that in real time as well. So this dashboard that I'm seeing here is basically all being presented back to us in real time. That data's being updated as we refresh the dashboard basically.
The other one that's important is admin accounts. How many users out in the environment on their machine have full local admin rights? And that's exactly what was reported back here with...so we've got five users with full admin rights. That could be a problem. It's gonna allow them access to do things or work around controls that may be in place for whitelisting our device control for example.
Number of compliant machines. Obviously, we wanna make sure that we're keeping an eye on patches. How many machines are going unpatched? How long are they going unpatched? And how does that begin to create or identify basically a risk in that environment?
And even noncompliant. So the 42 with missing patches. So you can see kind of a nice detail here with some KPIs at the top and then some more details, some more breakdown with our Microsoft OS patches or Severity or third-party patches and how long it takes or a time to patch which is another nice indicator there with the dashboard.
Melanie: Great. Thanks, Jeremy. We're getting a couple of questions coming through and we can take those as you're doing the demo I think. We'll just ask that because I think they're relevant to that. So keep the questions coming. They're great. Thank you for that. So let's just move on a little bit to the next dashboard that we want to talk to you about. We saw that patching is important for the CSC controls but talk to us about this one.
Jeremy: So the next one is patch aging. So we've kind of talked about the CSC controls there. The next thing I wanted to talk to was patch aging. What is it exactly? Who is affected? Where does it occur? What's...why is it important as well? Let's take it into this a bit. Patch aging is basically the patch age which is the number of days since the patch was released through today. And what this identifies essentially is the exposure to that risk. For a security patch with a vulnerability in it that could be any number of days and you wanna take the number of machines that are affected as well and begin to identify what that risk looks like in that environment.
Who's it affected? Basically anybody with the operating...an operating system or an application. I mean, we...the vulnerabilities come in through either one of those channels and not having that patch there...the risk of not having that patch and being exposed if you will to that vulnerability is a problem and that basically affects your entire business and affects the entire environment whether it's machines or servers that may be critical parts of the infrastructure in the environment. And we'll see that appear. Basically, occur on endpoints and on servers and so if there is a virus or a breach, you wanna make sure that first and foremost we can contain it so we can understand what that risk exposure is and then can patch that vulnerability and remediate that risk essentially.
I'm sorry there. So with patch aging. Patching today is not a solved problem and knowing the age of those missing patches, the more information you know the better prepared you'll be to be able to address those and to report back on the risk, to report back on how quickly you can remediate the environment in that case.
The older the patch that is missing the more risk the endpoint and the network are a part of it. But of course, the age of patch that's missing is not necessarily enough. You need to understand other factors like the severity of the patch, which of your critical systems is affected and being able to put together that risk exposure if you will. So there's a number of things you wanna keep an eye on and let's take a look at how...I think I saw a preview there in the Xtraction side of the things can help with that. So Xtraction can provide a number of things and really the key piece of this is visibility. Understanding the visibility for missing patches that you need to be watching. You can sort these or group these by type, by severity, by vendor or product. Visibility for devices that you care about your environment. So things that are critical to the business and then group that by location, type, OS version, usage and so forth. And then lastly visibility into the security and IT operations tasks. Scans, for example, deployments. This may be going out in a phased approach for example and you wanna know when these parts of the business are going to be remediated essentially. So understanding what those patch windows look like and when those things can be addressed.
So let's take a look at the dashboard. One thing I wanted to know too...I just see a question come in. The dashboards that you're looking at here are a part of...are out-of-the-box content with these different solutions. So the executive user is seeing the demo that we do as well. I didn't wanna let you know that these are basically canned dashboards we're looking at that have been put together for you and provide this insight with...along with the connectors that you see with Xtraction. So the dashboards here, I wanted to talk to a couple of things with this one. The patch aging dashboard gives us an example of something that we've been able to pull back out of Xtraction and it's a little bit difficult to see there but basically I can see each of the different patches, the total that's missing and then I begin to break it down into these buckets that are grouped by a number of days. So greater than 90 days, these are the patches, this is the number of machines that have a risk with that. Sixty to 30 days, 30 to 60 days, or less than 30 days. And so very quickly I can get an idea with this dashboard, a canned dashboard I might add, that shows me how that patch aging report looks. What patches have the highest number of...or basically the greatest amount of exposure in the environment if you will and how long they're going before being addressed.
Down below then are a couple of things we talked about which are, you know, grouping this by patch type, by the patch security vendor, if you will, and then the number of machines that are missing the patches by age. So kind of a nice chart that'll show you a breakdown of that as well. These dashboards we'll get into with the demo as well but I did wanna add as some of the question came up. The data that I'm showing you here is drillable and I'll walk through some of that with the demo as well.
Melanie: Right. Thanks, Jeremy. Looking forward to that and please do keep your questions coming. But before we go on I've got one final poll for you all just to keep you on your toes. So you are seeing the question come up but just so that...for those of you that need it...we want to know do you use spreadsheets to aggregate and manipulate your data? We saw in the polls that well over 50% of you were using at least two solutions if not more to pool your data together. We're wondering how you're mixing that data together. So please do let us know. Are you having to use spreadsheets to manipulate the data from the various solutions? Just a quick yes or no. And we will get back to you with the scores as we go on.
So next up, we're coming to our final section now before we get onto the exciting demos from Jeremy. This is about proof of data integrity for compliance. Hence the question. So you may not have thought about it but proof of data is kind of an important part of compliance for you guys. So, Jeremy, I'm gonna come back to you. I know I'm asking you a lot at the moment but what do we mean by data integrity?
Jeremy: Yeah, absolutely. Data integrity for compliance. Basically, what we mean here is that we're looking at regulations such as HIPAA talked, NIST, PCI are just a few of the well-known ones that businesses are required to follow basically. And they also create a number of unique challenges for organizations as well. The key piece to these is being able to gain visibility and to understand where you're at with these particular...with any of these compliance standards if you will. And it does affect a number of folks in the organization. So I can kinda talk to a few of these too. Basically, the rules and policies will affect everybody in the organization at some extent being responsible to follow those things. But more specifically the CEO obviously will hold the responsibility for all of the folks below and following those things but then the CIO will be...they may be focused on things like shadow IT, looking for those applications that turn up in the environment that haven't gone through IT, that may have a risk exposure that may not be worth the risk of bringing that into the business. And so they wanna keep a track on those applications that are being used or being brought into the environment.
The CSO typically receive responsibility for the data inside of the environment. Typically, responsibility for the regulations as well ultimately before they report back to the CEO. They'll be focused on data for customers, the corporate, their employees, their vendors, their stakeholders. And then lastly the CFO is complexity and the lack of clarity related to the regulations cost concern for unanticipated consequences or costs of noncompliance. So there is obviously a cost there that if an audit fails on PCI, for example, there's gonna be a cost associated with something like that in the environment. So across the organization certainly a concern and certainly a need for as you're seeing the trend here this ability to each of these different parts of the organization as well.
Melanie: Okay. Great, Jeremy. So it affects everyone top down. So why is it so important to everyone?
Jeremy: It is. I mean, there's a couple of things that I wanted to call out with this. You know, the business efficiencies and sustainability, being able to reduce those obstacles, make sure it's consistent. When audits do happen that you do have a standard way of being able to self-check as well throughout the course of the audit. You don't wanna get to that last point in time where the audit begins and you're hoping for the best results out of that. You wanna be able to maintain a monitor and watch through the process how you're trending and be able to make those adjustments or those corrections before the time comes. Reputation and reliability. Showing your vendors and customers that you're safe to do business with and reducing any ambiguity, establishing credibility with them as well. And then lastly there's cost savings. Avoiding any financial penalties with those audits that I mentioned and avoiding costs that could result from a system downtime or breach or even for that matter risks.
Melanie: Oh, wow. Okay. So whilst that's been going on, Jeremy, and thank you for helping us on that point. We had the scores on the polls come in about these spreadsheets, the aggregate and manipulate and an overwhelming 90% of you are still using spreadsheets to aggregate and manipulate which, you know, as Jeremy just talked about, it's important to ensure that we've got data integrity. But I know we've got something that we can help with. So, Jeremy, take it away.
Jeremy: Absolutely. So the...you're gonna see kind of a trend here with the...as we're talking about this. This is visibility, being able to see some of these things that you need to monitor and watch that your compliance standards as you work through that. For example, with Xtraction we can provide graphs that show the high level KPIs. You'll see in a couple of examples of those as we talk through a few of the other sections there. I will show you some more here with the demo. Being able to record the detail. See the details behind those KPIs. It's so key to...I mean, it's great when you see a number or something there but you wanna get to a point where you have actionable data, something that you can go and take action on. And so seeing the details that made up that KPI or that chart or displaying, what machines were involved, what patches were involved, being able to take an export of that or even click through there to open the records or take action directly in that specific application.
And visibility criteria. So the results are only good as the perspective they come from. The out-of-the-box content, the dashboards that we're showing you are canned dashboards if you will but Xtraction provides another layer onto what we're showing there with just the basic reporting and dashboarding and that's the ability to go in and modify these dashboards. Once you pick these up they are essentially your dashboards. So you can certainly go in and edit those and modify those in any way you need to. That could be something as simple as a couple of changes or tweaks to it or even applying another filter to a specific component on one of those dashboards.
Essentially what this does is eliminate some of the noise. The spreadsheet results coming back, it's kind of interesting and we see that quite often as spreadsheets are used a lot. And with the spreadsheets they become noise unfortunately at the end of the day but having the dashboards, being able to filter on those and keep a consistent view of what's interesting or what you need to watch in the environment helps highlight those...basically highlights the signal and the noise essentially.
And then trust. Basically, the dashboards that we're showing can be set up as read-only for users in the environment. The other piece that I wanna note is it's real time data access. So ensuring that you're getting access to those specific systems and the data that's coming back from those systems. And so we'll show you a little bit more as we kinda go into the data, into the demo itself on what the real time does and some of the options you can use Xtraction for such as wobblers or even providing it out as a display for users to just go in and see.
Melanie: Okay. Well, I'm glad you mentioned demo, Jeremy, because your time is here. Whilst we pass over to you I'll...just a quick recap. Xtraction, it provides you insights. You can discover, you can take action, it aggregates your data from multiple solutions. What hasn't been mentioned yet or...is that we provide connectors for a number of security solutions. So you're pulling data into the Xtraction interface and you're leaving your data untampered as Jeremy said. You're not having to pull it into Excel and then manipulate it. You're bringing it completely untampered into Xtraction and then displaying it, displaying it in many, many forms which Jeremy is going to show you now I think.
Jeremy: Great. Thanks, Melanie. So here is Xtraction. I'm gonna take a look at and show you a couple of things, a couple of dashboards here and a few options to ensuring there's visibility in the environment. I'm gonna go ahead and start with that first one that we looked at. I wanted to revisit this one here just for a moment. And as Melanie mentioned, yeah, we do have a number of different connectors, third-party connectors, and that's how we're getting the data here on this dashboard specifically. This dashboard...so, for example, Microsoft SCCM, McAfee, Solar Winds, VMware vSphere, these are all third-party connectors that we do make available there.
As I'm looking through these there's a couple of things I wanted to note. This is really a great dashboard or even potentially a wallboard that could be placed up on a display and even set to see for refresh on an interval to keep the data fresh and keep it real time essentially.
Some of the things that you'll see here with this are that we can change the text of the tile, the screen itself there and that was one of the points we made earlier in being able to call out or see those things that I need to pay attention to. For example, I can see very quickly here with McAfee I have two critical threats and I can see very quickly that's red, it's been highlighted. Essentially what I've done is set a threshold on that particular number and when it reaches anything past one it's going to turn red. And when it reaches something past three it may change the background color to red and change the text to white. So you have the ability to call this out based on thresholds so it'll highlight on the dashboard and when it reaches that data in real time will then display to you those things based on the threshold that you've set with it. So kind of a nice view of the dashboards or a wallboard there.
The next one I wanted to highlight here was our GDPR dashboard and in this one here we've got a couple of things that we're calling out here specifically. Our blocked applications, our blocked devices, admin devices. And to answer your question earlier I wanna...the admin users, how we're pulling this information is actually specifically through active directory so I...we do have a connector for active directory and essentially what that's doing is reading those records from the active directory and then displaying back those things here you want to report on.
I mentioned earlier too that all of the dashboards are essentially drillable here in this case as well. So I wanted to...let's go ahead and take a look at this. If I drill into this, I basically can now see the data that made up that particular dashboard or that particular component on the dashboard. From the drilldown I've got a number of options. One of the things that we see oftentimes when you have a list of items here, let's go into our patch one for example. View records and as I drill into that I'll see a number of records there that made up that particular bucket and patch that we're talking about with the patch aging. From here I can also export this data and choose to pull this back out into a CSV and then take that back to somewhere else or be able to take action on that database on the export there. The information I'm seeing here, you have all the capabilities with the grid as well, being able to sort by a column or sort by a particular item and drill into the information that you need to find or that you may want to prioritize as actionable from this list here in that case.
So a couple of good examples there. The other thing I wanted to note too is basically being able to filter or highlight a couple of things on this particular dashboard. So I'm actually gonna change over to the next one here to show that. Missing patches with age detail. This is when we were talking about before here. I can see the 30 to 60 days here for example and in this case what I'm gonna do is actually go ahead and apply that as a filter to the dashboard itself. What will happen with each of the other components on there is they'll refresh and show me basically that information or that data with that particular filter, 30 to 60 days applied. So over on the far left my machines with missing patches, I'll see a little red eye there that has updated and down below are all the machines with 30 to 60 days. I can add the 60 to 90 days to that same filter if I want to compound that filter or simply replace the filter altogether. But now I'm seeing everything that is not the greater than 90 days but everything under 90 days essentially in these dashboards. So they'll refresh and they'll post that information or update based on that filter that's applied there and give me the ability to within the dashboard basically filter or slice that up any way I'd like to.
The great part about that feature is it's not necessarily something that's built for one specific dashboard. That feature's built into the product. And so as you're building those dashboards, if they're using the same data source to build that data from, you have that capability regardless of the dashboard whether it's the patch one or perhaps one of the other dashboards that we're showing here in that case. To clear that data, I'll simply just clear the filter and it'll update that and set it back to default for me so the next time I arrive in the page I'll be able to see most critical but not the moderate, low and everything that's there is not gonna filter each of those individual places.
All right. Let's take a look at another dashboard here. This one is our SCM and Ivanti patch for Windows. So similar to the other dashboards here we kinda have a style that we're setting up here with these. At the very top I see some of those KPIs, the patch time to patch, the admin accounts, number of missing patches, those types of things but...and then down below I see the different charts that'll break that down and show me kind of what that looks like. For example, the top 10 computers with missing updates or that down below the Microsoft required updates from SCCM and even our third party required updates over in the corner there. One of the things I wanted to point out with this though was being able to drill into this and actually get to that end node, that data that makes up that component if you will.
I have the ability to drill into any of these and that's built into the product again. But I also have the ability to drill in or outside...into an outside application for example. So if I took one of these records here and had that built in I can basically see what was...what made up that particular record for example. I'm gonna use this one here to show you kind of the link out to the patch information if you will for Microsoft in this case. So as I click in the missing patches here I'll see the different machines and patches here that are required for that. And I can click into one of these and open that software update into a URL. And what I will do is open that up on the Microsoft site for example and show me the description or details of that patch bulletin that that particular machine is missing.
This call outside can...is applied based on the different dashboards that are built and the component that you're using for example. So in the case of patch it was very easy to link that out to and show you how that links out to an outside article to see more information about it. In the case of a service management product for example what we can do is link over to that record and open up that particular record inside of service management and allow you to take action within the browser for that. It's a simple browser link is all that is but again getting to the point of taking action with the data that you're seeing with that particular dashboard.
And I've got one more here I wanted to land on is our executive dashboard here with patch again. This dashboard along with many of the others you've seen here today are all included as canned dashboards that come out of the box. So a good starting point but this gives me a nice view of combined data sets. I see my missing patch severity, my patch time to patch licensed software. So there's a little bit of my inventory if you will. Down below in the middle here are my incidents, all showing my incidents opened during the last two weeks. Now this perspective along with the patches I could begin to start looking for or seeing some trends here, begin to correlate that information with some of the other data that's on this...on the dashboard that's being displayed. I may see a spike for example on the Wednesday after patch Tuesday or the week following patch Tuesday for example and I want to dig into that and find out what's happening, what I'm seeing there with that. Again, it's just trying to boil up some of that...basically the signal from the noise. Boil up the things that are important, the pieces I wanna watch and keep an eye on so that I can identify the problem, identify the issue, and quickly get to a state of resolving that.
Great. So that's a...that completes my demo here for today. Melanie, I'll pass that back to you or see if there are any questions.
Melanie: Fantastic. Thanks, Jeremy. So just to get over that again we've got...you can create your own dashboards, you've got the canned dashboards, you can drill down, you can filter, you can see the underlying records, you can link out to patch information. What else did we show? We showed the different roles. So you can give your execs the summary dashboard, send it to them or you can...or you've got the operational dashboards if you guys need to use them yourselves. You can have different views and again that's without having anyone else going to the backend of your own security solutions. All of that data is safe. It's just sharing these particular views based on roles.
So okay. We're almost in the home stretch now. I know some people have been putting questions in. If you've got a few more, please add them. But let's just have a quick recap. So we've talked about the top three concerns. We talked about the critical security controls. We talked about patch aging as one of those security controls patching that's really important and we talked about data integrity, role compliance and we saw from the polls that over 90% of you are manipulating your data which is not a great place to be for compliance.
And, Jeremy, do you want to go on and talk to us a little bit about Xtraction again?
Jeremy: Yeah, to recap with Xtraction. It's visibility. Visibility to help reduce our security risks, remove the burden on resources, providing some of these canned dashboards if you will and providing some of that insight into the organization. Use of compliance reporting, being able to see these reports, to put it up on a wallboard for example, to give people access to these directly so they can access and unload them. And one thing I didn't mention is also, it's a part of that ease of compliance reporting is also being able to set up a weekly schedule. I have a dashboard I like to look at. I have a meeting each week that I need to report out on. Having that dashboard sent by email for example in your own company letterhead for example and using a document template is a great way to make sure you're getting that visibility and keeping that visibility and making it simple. This shouldn't be a task that requires time to go into or for...I saw on the blurb the poll results which were very helpful but requiring four hours or more to go and build these reports. These dashboards are real time, they're updated. It should be a simple task to go through and make sure they're available in everybody's inbox before the meeting starts for example. So yeah. Thanks.
Melanie: Great. Thanks, Jeremy. All right. Let's get a few questions from the chat, the Q&A so, okay. We've got a question. "How can we integrate...how do you integrate Xtraction with Ivanti patch, patching for Windows service?"
Jeremy: That's a great question. So integrating with patch for Windows service, it basically integrates with our patch. So I've mentioned, as we've gone through the presentation here a number of times, connectors and the connectors are essentially the integration point if you will. It contains all of the logic for integrating with a particular product. So we have a number of connectors available for Ivanti products. And, Melanie, I think you shared a link out as well with the connector lists right off our website. If you go to Xtraction right in the middle of that site, you can see the connector list. And these are basically all of the integrations that have been prebuilt and set up for you for Xtraction.
Melanie: Great, yeah. And we're constantly updating those so please keep checking back on that connector list. Every time a new connector is built we update that list. And so there's a direct link there in the chat or go to our website.
Okay. We had the...someone asked about which version of Xtraction was being shown.
Jeremy: Oh, great question. Yeah, so the Xtraction version that we showed in the demo including the live demo here was our latest release, 2018.0. Not really specifically. Just to give you a few details on that. So it's fully HTML5 and thus...and you saw kind of the different...a few changes with the screens there as we transitioned away from a Flash technology with the older versions.
Melanie: Great. Thanks, Jeremy. I think we talked about this earlier but just, can you confirm what you were showing or what we were showing on the PowerPoint and also in Xtraction? All of these canned reports, are they available, do they need to be created manually?
Jeremy: Yeah, great question. So most of those reports were all canned reports. I think the exception was that the multivendor dashboard which we saw on the very beginning just to lay that one out. That was a one we put together. Building these reports, we have done some more of ours in the past and continue to provide additional updates I think as we move forward but building them is very easy and we can kinda dig into that on a future one as well too on how to actually go through and build those with those data sources.
The other reports you saw though or dashboards that you were looking at were all canned. And so when we can these dashboards with the connector itself we'll include basically what we're calling an out-of-the-box dashboards ZIP file. And that file goes along within each one of those different products for example will have anywhere from 5 to 10 to 15, I think, for our service management different out-of-the-box dashboards all of which you...were canned and part of those out-of-the-box dashboards.
Melanie: Great. Thanks, Jeremy. Okay. I'm not seeing any more questions and we're almost at the top of the hour so I just want to wrap up and let you know that, you know, we're here to help you. So please do go look at our website page. There you can request a free trial so you can have a play with what Jeremy showed yourself and you can see some of those dashboards or contact us and we'll give you a personal demo. If you've got specific requirements around specific connectors or if you're not seeing a connector in the list and you want to ask us about how we can get you that information then please do contact us and ask us for a personal demo or just a chat, just to have a chat with us and we'll see. Let us know what's possible.
Okay. All right. So on that note I will say I think we are through our Q&A. Well done. So thank you very much everyone for joining. If you missed any part of this or you want to return to it, this has been recorded so watch out for the recording. And watch out for us on the next webinar. So thanks again all and have a good day. Bye.