Video: How To Monitor High-Value OT Assets in Microsoft Power BI

July 13, 2020

Learn how to leverage Microsoft Power BI and Industrial Defender for executive level dashboarding, high-value asset identification and enhanced insight into OT operations.

Video Transcript & Slides

Thank you everyone for joining the Industrial Defender webinar which focuses on how Industrial Defender is enhancing the end user experience with its Microsoft Power BI Industrial Defender templates. In release 7.0, Industrial Defender introduced its custom reporting module. The module enabled the creation of modified reports to meet the specific needs of individual security and compliance customers and provide flexibility to the end user to develop and modify reports as they saw fit. In addition to the ability to customize reports, the custom reporting module also enabled the integration of Industrial Defender to 3rd party service desk and SOAR applications and tools via the Industrial Defender API.
By now, I’m sure you know that I’m George Kalavantis and that I head up the operations group at Industrial Defender. With me is Peter Lund, our well-known Director of Product Management. Peter will be taking you through our new Microsoft Power BI templates which focus on vulnerabilities, security events, compliance, asset insights, removable media and authentication. Take it away Peter.
Thanks George. We had met with many of our customers and they had asked how they can get more enterprise visibility to this great compliance and security data set. Once we had built the custom reporting views, we found it pretty easy to get things into Splunk, like you have seen in the previous videos. Now we can do the same thing with Power BI.
If I took a look at this dashboard, this was kind of inspired by our compliance dashboards on Industrial Defender, where you’re able to see the age of a baseline. You can see the age of an individual exception with Industrial Defender, so you can see that we’ve got some older exceptions that are starting to turn red as we approach those NERC deadlines for dealing with exceptions. You’ve got your asset details and their ages. You can filter this down into individual groups, locations. All of it is pretty flexible. These templates are configurable and programmable and really just tie back to those custom reporting views and stored procedures. Also on this dashboard, we have just a little breakdown of authentication events as well as some user account activity, so other things you might want to see on your NERC-style dashboard. You can also take these sliders and look at the volume of security events change over time. They do update real-time.
I’ll take us through another one, which is more of what we call asset insights. This one is really looking at an individual asset holistically. We’ve selected one asset being monitored by Industrial Defender. You can quickly see all the security events that have occurred on the endpoint again with that same sliding scale window of dates. You get a quick view of the assets administrative properties, you know, where it’s located, who to call, when you see a problem. It’s basically just like you’re looking at Industrial Defender. You can pivot over to any vulnerable software titles on the endpoint. You can see I’ve got some vulnerabilities related to Dell, some vulnerabilities related to some older versions of McAfee that are running. We’ve got some outstanding software patches that close those vulnerabilities. This is all being driven by our vulnerability monitoring service, which is great. We’ve got the raw CVE information if you want to dig in and look for a specific CVE. We can look the raw exception data. Before we were just looking at counts. Now we can see the actual baseline deviations related to new versions of Google Chrome, the McAfee agent being updated, the Zoom plugin being updated. We can see that the networking details have changed on this endpoint, the gateway, DNS.
Another really neat thing with Power BI is they give you some powerful phone and mobile options. If we switch over to the mobile-style layout, you can see that you’ve got a quick heads-up asset-centric view of what’s going on with this individual asset. The same thing applies to the compliance dashboard. If you could have that running to a phone or a tablet using a Power BI central server. We’re pretty excited about these dashboards.
I’ll switch back here to the presentation to give a little more info about them. How are these available and how are we making them accessible to customers? These are included with the Custom Reporting Module that we released in 7.0. That includes access to the SQL views, the stored procedures, and API access. Those are all tested and validated release to release, so when you build your customizations, you don’t have to worry about them breaking. This also will include periodic updates. We’ll update the views and stored procedures with new features within Industrial Defender. Really these are just templates. You can tailor them to your specific users need, your specific executives needs. They’re really a great starting point, they give a tremendous amount of visibility. It’s kind of limitless as to how you can customize it.
Hey Pete, that was great information. These new templates are just scratching the surface of Industrial Defender’s custom reporting capabilities. I know the entire team is excited to see the insight the Industrial Defender Power BI templates will bring to our customers when combined with our new 7.3 enhancements of NETFLOW and risk analytics. Additionally the customers that are leveraging custom reporting and the Industrial Defender Power BI templates will no longer have to wait for new releases for reporting enhancements. As new data sets are embedded in Industrial Defender, the Industrial Defender reporting team will quickly create new Power BI templates and have them published to the support community. I would like to thank you for taking us through the presentation and for our audience for listening in. In closing, I would like to say that Industrial Defender is well-positioned to enable both our present and future customers, high-value asset identification programs, and executive-level transparency to the OT security operation. Thank you everyone and please stay safe.