Capturing information about security incidents and threats is all well and good, but without a strong reporting capability it is simply "data," rather than actionable information. It is therefore essential to have a strong reporting capability. One that not only shows, in an easily comprehensible way, the history of what happened, but also allows interaction with that information. By looking at it from different perspectives, one should be able to highlight trends, identify weak spots and suggest where there are very serious or ongoing threats. This is the basis for actions - providing measurable and key performance indicators that can be used to set up mitigation strategies. In most organizations, location-based information and associated measures are critical. Where did the event occur, what business functions were affected, what was the impact and severity of the event?
Business Intelligence (BI), and its subset, Business Data Analytics, are a discipline in their own right, encompassing data mining, predictive analysis, statistical analysis, and any method that transforms data into useful information, identifies and anticipates trends and outcomes, and ultimately helps users to make smarter, data-driven business decisions. Data Visualization is a very important aspect and is an effective way to universally share complex concepts that may otherwise be difficult to convey just through, for example, lists of numbers.
TeamMacro has spent many years perfecting its BI solution, tailored especially to the needs of security professionals. We have tried most of the so-called BI solutions in the marketplace and have found, through trial-and-error, most of them deficient in terms of these needs. For example, our customers have demanded "pixel perfect" reports requiring them in their own corporate colour and logo standards. The same exacting standards apply to the exported report and, unfortunately, this is often not the case. Often reports, whilst looking good on-screen, are not as expected or not to the same quality when the report is exported in different formats. Also, the reports need to be presented in the language of the user. This preferably means one report automatically translated rather than having to manage different versions of the same report, which quickly becomes an administrative nightmare.
There is also the question of cost. Many BI solutions are relatively high cost especially where there is a per-user charge. Since we expect potentially hundreds if not thousands of users, such fees quickly become prohibitive. The exception is where an organization already subscribes to an existing corporate BI solution. Then there is no additional cost, and we can take advantage of that solution. A good example is Microsoft Power BI ™. Microsoft suggests more than 90% of Fortune 500 companies use this software, so we have included an interface to Microsoft Power BI ™ as standard. However, if not, we have an embedded BI solution that meets the exacting requirements mentioned above and it has no extra charge.
Dashboards are a very common way of interacting with data so we have introduced dashboards, designed with security professionals, that cover the types of queries and insights that they are seeking. In practice the number of dashboard types necessary is quite small to cover most security requirements. However, sometimes we encounter specialist requirements. A good example is in the area of data protection. Here it is critical to know when a breach is initially reported and to count down the time the report is outstanding before the correct actions are taken. Alerts are essential, because there is an overall timeline of 72 hours before the breach may need to be reported to authorities. Proving to authorities that a breach was addressed in a timely fashion is one aspect of their evaluation of the extent of any sanctions and fines they may ultimately impose. Another example is in the area of supply chain management. It is important to know if a particular link in the supply chain is being affected repeatedly over a short period. This may well indicate, say, a gang at work, targeting one location, one type of commodity, or a particular customer.
Finally, some customers want the ability to create their own reports and dashboards. Indeed, this is the main selling and market entry point of systems like Microsoft Power BI. "Self-Service" BI is all the rage, at least in marketing, if not in practice. Yes, business users do not want to refer to IT departments to get what they want, especially as they know better what they are trying to express but adding users into the design loop with a lack of knowledge in the subject area, is unlikely to be successful. So, we do provide the capability for specialist business users to create their own reports and dashboards. However, from our experience this is rarely successful, unless the user has the right mix of business knowledge, data analytic and technical skills. TeamMacro has those skills so it is better to work with us to create the new reports or dashboards, and indeed that is how all the standard ones we offer were created.