In my experience in working across many different security vendor products, reporting always seems to be an after thought. This has always puzzled me as the question I would think that should always be asked is “what value is this product adding to my environment?” Sometimes this is easy to explain among security professionals, but usually a much more daunting task when needing to articulate this to the C-Level or the Board of an organization.
With Central Park reporting enhancements, I feel that we have hit the sweet spot in reporting by providing the necessary and critical details to both the security teams and budgetary decision-makers with the organization.
Below is a listing of reports available within our Central Park Release:
Executive Insights: A brief report that provides details of threats for a given time period, overall threat landscape, and most at risk workstations. Also, this report can be generated for a specific group or site only. Below is a screenshot of Key Findings, which are further detailed in the report.
Application Insights – This report provides details around the applications discovered within the environment. The data is categorized around “Top Applications All Time” within the environment and “Top New Applications within Reporting Period”.
Mitigation & Response Insights – A report on mitigation and response actions taken within the environment over a given timeframe. Here is a screenshot of a diagram found in this report that details the mitigation actions taken.
Threat Insights – As the name states, this report will provide details around threats discovered within the environment. It provides details such as convicting engines, detections by OS, threat landscape, and top devices and groups at risk. Below is a screenshot of the Detecting Engines portion of this report.
Reporting never seems to be something to be excited about, but I’d have to say our reporting enhancements in Central Park are truly just that. The reports not only provide deep insights into what is happening in the environment, but also answers the question to the budgetary decision makers of “why are we spending money on this solution”?
*** This is a Security Bloggers Network syndicated blog from SentinelOne authored by Gary Mello. Read the original post at: https://www.sentinelone.com/blog/central-park-feature-glance-enhanced-reporting/