Tom Pinou – BITS Data Center Operations Director
The idea of a single pane of glass has been appealing to IT and cybersecurity teams, as it has been unattainable. But before discussing some advantages and disadvantages, let’s start a with a definition of Single Pane of Glass or (SPOG).
SPOG is a phrase used to describe: a unified console or dashboard that integrates information from varied sources into a single display
Some use cases are:
In Network Management, (SPOG) provides visibility across the entire network for total management of network resources, services and users. This includes wired, wireless, physical and virtual sources.
In a Data Center, (SPOG) provides visibility into key IT performance indicators and links, operational metrics with business-critical uptimes for entire infrastructure.
In Cybersecurity, (SPOG) provides analysis and access to information needed to quickly create and modify access control, application usage and security policies.
The Unlimited Supply of Vendors: A recent study from Gartner found that companies are spending $124 billion on cybersecurity with much of this spending toward “multiple tools” to protect operational enterprises. In come the multiple vendors to the rescue. Each of them use the term single pane of glass. Some overuse it to the point it becomes another marketing term thrown around. They claim that their product is so well integrated and centrally managed that it can provide everything a company needs.
The SPOG adoption in the enterprise relies heavily on vendor solution promises. But of course, life is never perfect.
Background: Back in the day it sounded exciting. The idea of a central management ‘console’ to monitor, analyze, and respond to any issues in an environment. It’s been the critical concept for (NOC’s), spreading to aspects of IT and later to Security Ops as InfoSec rose to the surface to become its own vertical. There are about 1200 security vendors on the market today, averaging 3 products each, it’s nearly impossible to build a single pane of glass due to the shear complexity and wide scope of challenges specific to information security. Think about the development efforts alone to bring information and feeds from multiple vendors into a single place.
LOGS…The starting point: Log collection became somewhat of the inception for SPOG. This is because every system and every application produce logs, with timestamps, and syslog headers. Logs became easily searched and indexed and part of the reason they are used extensively in cybersecurity today. But logs don’t contain important things such as configurations, relationships or security privileges which is needed for single pane of glass.
Next…The SIEM: SIEM solutions (security information and event management) followed Logs by providing context on “assets” (hosts) and then on “identity” (user account info). SIEM fell short due to its relational databases and was difficult to scale.
Other attempts…UEBA: UEBA or (user entity and behavior analytics) became the marriage of user modeling with anomaly detection on top of a normalized event. UEBA fails to address the visibility into configurations, vulnerabilities, or security standards.
Let’s…SOAR: SOAR (Security Orchestration, Automation, and Response). According to Gartner’s “Market guide for Security Orchestration, Automation and Response Solutions” – SOAR platforms do have a library of out of the box use cases, but they are not Plug-n-Play.” Every organizations technology and processes are different and require a lot of professional services to implement.
Single Pane of Glass: The Pros Most employees use a dozen or more programs every day to do their jobs. Let’s suppose a company starts off with 50 employees, then grows to 500 employees after 10 years. Then an internationally company is acquired, and you now have 5000 employees. A single pane of glass solution, one that allows for single sign-on, or a unified view of the various programs being used, in this case it could be a game-changer.
Single Pane of Glass: The Cons If all this sounds too good to be true, many would argue it is. There is an ongoing debate that a single pane of glass solution is a myth, or at least not quite the be-all, end-all solution we’ve been led to or sold to believe. Reasons for this are that is because the pace at which cloud-enabled platforms have adapted and changed makes this kind of solutioning impossible going forward. How could one ever stay up to date on the support the SPOG offers if the various systems it supports are constantly changed and updated.
Other challenges include:
Mark Balch, director of product management at Cisco for unified computing stated in an interview on whether SPOG solutions are truly feasible; “There is no single pane of glass for every conceivable function of an IT environment.” He also stated that; “Certain elements of unification are possible and if achieved, can become a value add.”
Single Pane of Glass: The Reality The idea of a dynamic solution that can bring in data from multiple inputs, layer it with analytics and AI, produce an output which is actionable all in one unified single pane view, in easy to access and understand data… It’s hard not to get caught up in the promise of the single pane of glass solution especially since on the surface it’s so appealing. But whenever the industry is talking about something that sounds too good to be true, we should to take a step back and assess what’s really going on.
Summary: Customers are inundated with cybersecurity vendor claims for the ultimate single pane of glass. The challenge is, until they can they deliver on that promise in a working solution to the security industry, it will continue to be a myth.
However, there may be a SPOG-like solution out there that makes sense for the needs of a client, but there also might not be. We don’t know the answer until we dig into the problem they are facing and think through how to solve them.
So, for the time being, cybersecurity teams must maintain multiple ‘single panes of glass’. The idea of a SPOG covering all aspects of daily cybersecurity management is still out of reach. To make this possible a hypothetical ‘Cyber Console’ it would need to support and process the following: inventory of security applications, infrastructure, vulnerabilities, risks, critical events, followed by the ability to discover, validate and remediate misconfigurations and other actionable items.
For now, the response from many professionals is; “We are half-way there.”
Join BITS’ Security Services Manager Kevin Gemmell, CISSP, CISA, CISM, as he discusses what is Single Pane of Glass Security and how your community bank can implement various information security defenses in a pragmatic, efficient, and cost-effective way. Join BITS as we present a layered defense model in a simplified management interface.