IBM Proventia Management SiteProtector
Page Contents IBM Proventia Management SiteProtector Reporting Functionality Sample Report Index 2-25 Reports 26 Available SiteProtector Reports IBM Proventia Management SiteProtector Reporting Functionality The following reports are available from the IBM Proventia Management SiteProtector (SiteProtector) system. The examples show sample output and data available from various SiteProtector reports. Clients may utilize prepackaged reports available through the SiteProtector interface or create their own customized reports by setting multiple parameters and/or criteria. SiteProtector s flexible reporting features help clients meet a variety of business needs such as meeting regulatory compliance, detecting insider misuse, integrating security with ticketing and workflow, and prioritizing and tracking vulnerability remediation. For specific questions about SiteProtector s reporting options, please contact technical support at sales@iss.net or visit the online resource center at www.iss.net/support/index.html. Sample Report Index Note: Not all SiteProtector reports or potential variations are shown below. A. Asset Detail B. Asset Summary C. Asset Event Details D. Attack Status Summary E. Attack Trend F. Attacks By Group G. Attacks by Protection Domain H. Audit Detail I. Desktop Protection Report J. Mail Filtering Executive Summary K. Permission Details L. Server Protection Report M. Ticket Time Tracking N. Ticket Trend O. Top Attacks P. Top Sources of Attacks Q. Top Targets of Attacks R. Top Vulnerabilities S. Vulnerabilities By Asset T. Vulnerability Differential U. Vulnerability Names by Asset V. Vulnerability Remedies by Asset W. Vulnerability Summary by Asset X. Vulnerable Assets
Page 2 Report A: Asset Detail Overview: Identify the severity, specific nature, and remedy for assets posing a risk. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. The Asset Detail report provides the list of vulnerabilities and services for each asset, including vulnerability remedies and references. Key business questions addressed by the report:. What is the security risk(s) to my organization? 2. In which way do these assets pose a security risk(s)? 3. How do I fix the security risk(s) posed by these assets? 2 3
Page 3 Report B: Asset Summary Overview: Summary listing of risks and their severity. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. Key business questions addressed by the report:. What is the security risk(s) to my organization? 2. In which way do these assets pose a security risk(s)? 2
Page 4 Report C: Asset Event Details Overview: Lists asset events and vulnerability details. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. Key Business Questions Addressed by Report:. Which attacks are hitting my assets? 2. Which assets are at risk for being hit by these attacks? 3. Whose assets are most at risk for being hit by these attacks? 2 3
Page 5 Report D: Attack Status Summary Overview: Displays attack status summary including Security Fusion and blocked events. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. Use SecurityFusion to perform automated correlation and prioritization of security data.. How many attacks are actually blocked by Proventia appliances? 2. What percentage of these attacks fail? 2
Page 6 Report E: Attack Trend Overview: Provides attack trend analysis by day, week, month, quarter, year or severity.. How can I better understand how my network is under attack today compared to yesterday? Last week? Last month? Last year? 2. Were these attacks minor or major attacks? 3. How can I better justify to auditors my chosen level of network security defense? In other words, how do I prove the risk level involved? 2 3
Page 7 Report F: Attacks By Group Overview: Compare attack counts across subgroups to evaluate which groups represent the highest level of risks. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. Which groups represent the most risk to the organization in terms of both total attacks and the severity of attacks? 2. What is the severity of attacks within a group? 2
Page 8 Report G: Attacks by Protection Domain Overview: Compare attack counts across protection domain for a selected group. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. Which protection domain represents the most risk to the organization in terms of both total attacks and the severity of attacks? 2. What is the severity of attacks for a given protection domain? 2
Page 9 Report H: Audit Detail Overview: Provides an audit trail of actions performed by SiteProtector users.. Is there a way to track the activities of my SiteProtector operators? 2. How can I track and document the responsibility and accountability of my SiteProtector operators based on their activity? 3. How can I review and ensure that my SiteProtector operators don t pose a security risk to my network? 2 3
Page 0 Report I: Desktop Protection Report Overview: Multi-page report counts assets protected and not protected with version details. Additional details provide a breakdown of version numbers by asset name and last user.. What percentage of the assets is not protected? 2. For identified assets, what is the breakdown of agent versions deployed and which assets should be upgraded? 2
Page Report J: Mail Filtering Executive Summary Overview: High-level summary of e-mails for actions taken, quarantined e-mails, or total e-mails.. For identified groups and time periods, what are summary counts and trends for actions taken?
Page 2 Report K: Permission Details Overview: Based on the roles and permissions defined, this report can show the permissions and policies in effect by user and user group.. Can I show all the roles and permissions within SiteProtector to demonstrate internal controls that will meet compliance requirements? 2. What capabilities do certain users and user groups have (e.g. all, actions, modify, manage user groups, manage user assets)? Items not shown include view permissions for reports, and users who can control Proventia Network Intrusion Prevention System logs. 2
Page 3 Report L: Server Protection Report Overview: Multi-page report counts assets protected and not protected with version details. Additional details provide breakdown of version numbers by asset name and last user.. What percentage of the assets is not protected? 2. For identified assets, what is the breakdown of agent versions deployed and which assets should be upgraded? 2
Page 4 Report M: Ticket Time Tracking Overview: Summary of working time by user for tickets. Report includes the total time elapsed, working time, and average work time available by both category and priority level of tickets.. How long does it take for users to solve tickets?
Page 5 Report N: Ticket Trend Overview: Tracks the types of incidents that are being worked on an average basis.. What is the trend for the average ticket time over a time period? 2. What is the ticket trend count over a time period? 3. What are the ticket details by time period (e.g. ticket status, priority, assigned user, etc.)? 3 2
Page 6 Report O: Top Attacks Overview: Lists the top attack names by frequency for a specified group and time period. Data is consolidated across IBM Internet Security Systems agents.. What are the most common attacks during a given time period? 2. How frequent and prevalent is each attack? 3. Are there significant and/or broad-based attacks on certain groups of assets? 2 3
Page 7 Report P: Top Sources of Attacks Overview: List of the top attack sources by frequency and severity for a specified group and time. Data is consolidated across IBM Internet Security Systems agents.. Who is attacking my network over a certain window of time? What is their source IP address? 2. Are these attacks severe attacks that I should be concerned about or just noise that can be ignored (e.g. what is the severity of the attack)? 3. How much of my total attack volume are they responsible for (available for identified time periods, groups, and asset types)? 3 2
Page 8 Report Q: Top Targets of Attacks Overview: Lists the top attack targets by frequency and severity for a specified group and time. Data is consolidated across IBM Internet Security Systems agents.. Who in my network is being attacked? What is their IP address? 2. Are these attacks severe attacks that I should be concerned about or just noise that can be ignored? 3. How much of the total attack volume are specific users getting hit with? 3 2
Page 9 Report R: Top Vulnerabilities Overview: Lists the top vulnerabilities by frequency for a specified group and time period. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. Which vulnerabilities could be responsible for the greatest risk exposure to my enterprise? 2. Which vulnerabilities should I consider remediating first? 3. What level of impact could remediating these vulnerabilities have on my enterprise s risk exposure (based on the volume of vulnerabilities)? 2 3
Page 20 Report S: Vulnerabilities By Asset Overview: Lists the top assets by number of vulnerabilities for a specified group and time. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. Which assets expose my enterprise to the most risk via software vulnerabilities? 2. How critical are these software vulnerabilities? 3. Do these assets carry the brunt of my enterprise s risk exposure via software vulnerabilities? 3 2
Page 2 Report T: Vulnerability Differential Overview: Provides management insight by contrasting asset vulnerabilities for two distinct periods of time. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software. ) How can I compare the progress of risk reduction between two time periods? Review the difference in vulnerabilities between two time periods and the counts for existing, fixed and new vulnerabilities.
Page 22 Report U: Vulnerability Names by Asset Overview: Lists of vulnerability names for each asset. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. How can I specifically list all of the software vulnerabilities for each asset creating risk for my enterprise? 2. How critical are these software vulnerabilities? In other words, which ones should I focus on first? 2
Page 23 Report V: Vulnerability Remedies by Asset Overview: List of vulnerabilities (with severity and remedy) for each asset. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. For each vulnerable asset, tell me what risk these vulnerabilities expose me to. 2. How severe is the risk of these vulnerabilities? 3. For each vulnerable asset, tell me what I need to do to remediate the risk associated with that asset. 3
Page 24 Report W: Vulnerability Summary by Asset Overview: List of vulnerabilities and their descriptions for each asset. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. For each vulnerable asset, tell me what operating system runs on it. 2. How severe is the risk of these vulnerabilities? 3. For each vulnerable asset, tell me what risk these vulnerabilities expose me to. 2 3
Page 25 Report X: Vulnerable Assets Overview: Communicates the vulnerability trend by day, week, month, quarter or year. The report highlights the total vulnerability count by status (existing, fixed or new) and by severity to demonstrate progress against existing risk and trends impacting the enterprise. Vulnerability assessment data is consolidated from IBM Proventia Network Enterprise Scanner or Internet Scanner software.. How can I see how my enterprise s risk exposure change over time? 2. How can I track when vulnerabilities are introduced into the enterprise? 3. Is an increase in risk due to a sudden spike in vulnerabilities, or from not remediating existing vulnerabilities? 3 2 3 3
Page 26 Available SiteProtector Reports Number Category Template Name Description Asset Detail Detailed list of vulnerabilities and services for each asset, including vulnerability remedies and references. 2 Asset Summary Lists discovered assets and identifies network services and vulnerabilities for each asset. 3 Operating System Summary Displays percentage and number of assets by operating system discovered during an automated network scan. 4 Operating System Summary by Asset Lists assets scanned and their operating system. 5 Service Summary Lists services discovered. 6 Service Summary by Asset Lists services discovered for each asset scanned. 7 Top Vulnerabilities Lists the top vulnerabilities by frequency for a specified group and time. 8 Vulnerability by Asset Lists the top assets by number of vulnerabilities for a specified group and time. 9 Vulnerability by Group Compares vulnerabilities across sub-groups of a selected group. 0 Vulnerability by OS Compares vulnerability counts by operating systems. Vulnerability Counts Lists detected vulnerabilities by total number and by percentage. 2 Vulnerability Counts by Asset Counts vulnerabilities discovered for each asset by severity. 3 Vulnerability Detail by Asset Lists all detailed vulnerability information available for each asset. 4 Vulnerability Names by Asset Lists vulnerability names for each asset. 5 Vulnerability Remedies by Asset Lists vulnerabilities and their remedies for each asset. 6 Vulnerability Summary by Asset Lists vulnerabilities and their descriptions for each asset. 7 Vulnerable Assets Lists assets by criticality for each vulnerability.
Page 27 Number Category Template Name Description 8 Vulnerability Differential Contrasts asset vulnerabilities for two distinct periods of time. 9 Asset Asset Event Details Lists asset events and vulnerability details. 20 Asset Asset Event Summary Lists a summary of asset events and vulnerabilities. 2 Asset Desktop Protection Report Displays counts of desktop assets protected and not protected with version details. 22 Asset Server Protection Report Displays counts of server assets protected and not protected with version details. 23 Attack Activity Attacks by Group Compares attack counts across sub-groups of a selected group. 24 Attack Activity Attacks by Protection Domain Compares attack counts across protection domains of a selected group. 25 Attack Activity Security Events by Category Provides the percentage and number of events by event category for a specified group and time. 26 Attack Activity Top Attacks Lists the top attack names by frequency for a specified group and time. 27 Attack Activity Top Sources of Attack Lists the top attack sources by frequency for a specified group and time. 28 Attack Activity Top Attacks by Severity Counts the top attack names by severity for a specified group and time. 29 Attack Activity Top Targets of Attack Lists the top attack targets by frequency for a specified group and time. 30 Attack Activity Top Targets of Attack by Severity Provides counts of the top attack targets by severity for a specified group and time. 3 Audit Audit Detail Provides an audit trail of significant actions performed by SiteProtector users. 32 Content Filtering Top Web Categories Lists categories with the number of assets and requests. 33 Content Filtering Web Requests Counts web requests by category or client. 34 Mail Filtering Daily Report Overview Displays count of daily reports generated and e-mails released. 35 Mail Filtering Traffic Report Displays email trends by hour. 36 Mail Filtering Top Responses Displays count of e-mails by responses. 37 Mail Filtering Executive Summary Provides a high-level summary of e-mail counts for actions taken, quarantined e-mails or total e-mails. 38 Mail Filtering Top Analysis Module Displays count of e-mails by analysis module.
Page 28 Number Category Template Name Description 40 Mail Filtering Top Recipients Displays top recipients by count or size of emails 4 Mail Filtering Top Senders Displays top senders by count or size of emails. 42 Management Attack Incidents Lists all attack incidents created for a specified time. 43 Management Attack Status Summary Displays attack status summary including IBM SecurityFusion module data and blocked events. 44 Management Attack Trend Displays attack activity by day, week, month, quarter or year. 45 Management Virus Activity Trend Displays virus activity by day, week, month, quarter or year. 46 Management Vulnerability Trend Displays vulnerabilities by day, week, month, quarter or year. 47 Permissions Permission Detail Displays total list of permissions. 48 Ticket Ticket Activity Summary Provides a summary of ticket counts and status time tracking. 49 Ticket Ticket Time Tracking Provides a summary of working time in tickets. 50 Ticket Ticket Trend Trend summary of tickets. 5 Virus Activity Top Virus Activity Lists the top virus names, infected files, and infected users. 52 Virus Activity Virus Activity by Asset Lists the top assets by amount of virus activity for a specified group and time. 53 Virus Activity Virus Activity by Group Compares virus activity across subgroups of a selected group. 54 Virus Activity Virus Prevention Benefits Summarizes virus infections vs. infections prevented and calculated ROI cost savings. 55 Virus Activity Virus Trend Details Charts and lists all virus activity across a specified time period.
Copyright IBM Corporation 2007 IBM Global Technology Services Route 00 Somers, NY 0589 U.S.A. Produced in the United States of America 06-07 All Rights Reserved IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Ahead of the threat is a trademark of Internet Security Systems, Inc. in the United States, other countries, or both. Internet Security Systems, Inc. is a wholly-owned subsidiary of International Business Machines Corporation. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. IBM assumes no responsibility regarding the accuracy of the information provided herein and use of such information is at the recipient s own risk. Information herein may be changed or updated without notice. IBM may also make improvements and/or changes in the products and/or the programs described herein at any time without notice.