A Solid Foundation
Any risk number, visualization or data metric is only as good as the data driving it. So, if the data underneath all those visuals is incomplete or suspect, the derived risk numbers and everything else can only be trusted to a certain extent – or not at all!
There are several moving parts to this puzzle which NorthStar takes into account –and has already solved for you– along the way towards that top visualization tier:
- How confident am I in my data?
- How complete is my data?
- How should my Asset, Business App & Business Org data be constructed? Correlated?
- How should I structure Risk as it pertains to Assets? Criticality? User Access? Location info?
To answer those questions, we begin with a solid foundation. This all starts at the Data level. Specifically, in this case, Asset data. Many tools on the market today claim they can aggregate assets, but NorthStar’s approach is unique, extensible & comprehensive. NorthStar achieves superior results by querying many data sources such as Directories (ie: Active Directory), Security tools and manual entry tools (like a CMDB). The data is folded through our transformation engine (patent pending) to deliver a normalized & holistic asset record for each device in your environment.
How it Works
Data Sources for Assets can be configured in NorthStar – the more data sources, the more accurate & complete our list will be. Each data source has asset-type information inside of it. By aggregating all of these data sources, we can achieve a clearer asset baseline than if we were just pulling asset info from one source of record.
Each source is then ranked for its inherent accuracy, confidence & aging. For example, perhaps your AV solution defines the Operating System (OS) directly from the kernel, but your Vulnerability Scanner relies on a less reliable “fingerprinting” technology. We may pull the OS information from both sources, but we rank the AV source higher than the Vulnerability source. In this case, if we received OS info from both sources, we would use the AV source as our “source of record” for that field in the final dataset. And so on, for all asset fields.
Once all sources are reconciled, we end up with a master asset record in the Asset Superlist, with the most accurate data possible from all collected sources:
Knowing what you don’t know
Since NorthStar collects & analyzes data from many different sources, it can inherently tell you where you are missing security tools. After spending tens or hundreds of thousands of dollars on a security suite (ie: AntiVirus software), that tool alone can never tell you where it isn’t installed. NorthStar can:
Click on the gray area for any security tool and discover where it’s not installed/not covering. Or, better yet, subscribe to that information so you get a daily/weekly/monthly view of this missing coverage.
One View, All the Data
In typical environments, it is necessary to move from console to console to view disparate data. Perhaps one console will have all of your AV information, another for patching, yet another for vulnerabilities. You get the idea.
With NorthStar, all of that info can be attached around central “pivot points” (ie: an asset) and can also be interlinked together. So, while investigating 1 asset, you may decide to drill-in to IT Agent or IP details: