Security Summary dashboard (Limited availability)
The Security Summary dashboard (Dashboard > Security Summary) provides analytics and gives you visibility into the security of your network. It offers a risk score that measures your network’s security posture and assesses how vulnerable your network is to threats such as phishing, command and control communication, DNS exfiltration, and more.
The Security Summary dashboard includes recommendations and mitigation steps to help you improve your organization’s network security. It also presents data that lets you investigate threats, make informed decisions, and ultimately take action against known or potential threats in your network.
The Security Summary dashboard is currently in limited availability. To see this dashboard, contact your Akamai representative.
The dashboard includes these tabs:
- Threat Summary. Provides a risk score that's determined by the severity of detected threats, devices SIA suspects are at risk, deployment of clients and connectors, policy configuration, and more. Based on your score, security recommendations are listed to help you mitigate threats and lower your risk score. This area of the dashboard also includes key information on DNS traffic with malicious activity and blocked threats. To learn more, see Threat Summary.
- Threat Analysis. Allows you to view data on threats that were blocked in the last 24 hours, 7 days, and 30 days. Information is shown on the related categories that produced these threats, top devices at risk, top malicious domains, actions taken on threats, and active threat campaigns. To learn more, see Threat Analysis.
- Shadow IT Analysis. Shows the top categories that produced Acceptable Use Policy (AUP) events. The categories that are known and suspected to host harmful content are also shown. Separate widgets on this tab also list the top applications and top categories that were accessed by users. To learn more, see Shadow IT Analysis.
- Traffic Analysis. Lets you review DNS queries in your network, the number of deployed Zero Trust Clients, the number of deployed Security Connectors, the number of DNS queries that occurred in a geographic region, and the SIA locations that produced the most DNS queries and threat events. To learn more, see Traffic Analysis.
Like other reports in SIA, you can filter data by date and time. You can show data from the last 24 hours, 7 days, the current month, or from the last 30 days. You can also specify the start and end date within a 30 day period, the start and end time based on a 24-hour clock, and the time zone.
Risk score
This risk score is a rating that measures the security posture of your network. It appears on the Threat Summary tab of the dashboard along with a visual gauge that lets you see at a glance whether your network requires immediate attention.
The risk score is calculated based on these factors:
- Malicious traffic. Traffic that SIA identified is malicious and a risk to your organization.
- Severity of threats. Severity level assigned to threats. Threats with a critical or high severity level have a larger impact on the risk score.
- Devices at higher risk. Devices that are associated with malicious traffic. These devices are likely a security risk to your organization.
- Device attribution. Devices that SIA can identify by user. If device attribution is not detected, your risk score also increases.
- Deployment of Zero Trust Client and Security Connector. Considers whether the client and Security Connector are installed on user devices. If no client or Security Connector is installed or functioning, this can also impact your score.
The rating assigned to each of these areas is used to calculate the risk score. A lower risk score indicates your network is more secure and at a lower risk for threats or attacks.
The gauge on the dashboard is a visual representation of your score and its corresponding risk level. This table shows the risk scores that apply to each level.
Level | Risk Score Value |
---|---|
Very Low | 0-20 |
Low | 21-40 |
Moderate | 41-60 |
High | 61-80 |
Very High (Critical) | 81-100 |
To strengthen network security and lower the risk score, complete the steps in the security recommendations.
Threat Summary
This tab provides a complete overview of your network’s health. It includes a risk score that assesses and rates the health of your network. The Threat Summary tab also provides mitigation steps to help your organization improve its security posture.
This area of the dashboard includes these widgets:
- Current Risk Score. Shows the numerical risk score and a visual representation of the score on a gauge. The gauge shows whether your organization’s risk score is at a very low, low, moderate, high, or very high level of risk. For more about the risk score, see Risk score.
- Security Recommendations. Based on your risk score, a prioritized list of recommendations is provided. This list contains industry standard recommendations, as well as recommendations that are specific to your environment.
- DNS Traffic of Malicious Activity. Shows the percentage of DNS traffic that’s malicious within your organization.
- Blocked Threats. Shows threat categories and the total number of threats that were blocked in each category. You can click the magnifying glass icon to go to the Threat Events report and investigate threats further.
Threat Analysis
The Threat Analysis tab of the Security Summary dashboard lets you view data on blocked threats, malicious domains, devices at risk, and active threats in your network. Interactive widgets direct you to more information in SIA reports where you can further investigate these threats.
This area of the dashboard includes these widgets:
- Total Blocked Threats. Shows threats that were blocked in the last 24 hours, 7 days, and 30 days. The dashboard calculates whether there was an increase or decrease of blocked threats during these time periods. This widget shows the number of blocked threats and the percentage of blocked threats that resulted from DNS queries. The widget also includes a table of categories for these threats and further identifies how many blocked threats were found in these categories during these time periods. The percentage of threats that were found in DNS queries is also listed.
- Top Devices at Risk. Shows devices that accessed domains SIA detected to be part of threat campaigns with a high or critical severity. These devices are reporting the most number of events. The devices and the number of times a device attempted to access these campaigns are listed. You can click the device name to view more information about this device in the Threat Events report. The widget also shows the number of categories that were violated based on the configuration of your SIA policies.
- Top Malicious Domains. Shows domains that were used for malicious activity and the number of requests that were attempted to these domains. Malicious activity includes phishing, DNS exfiltration, malware, and command and control (C&C) communication. You can click a domain name to view more information about that domain in the Indicator Search.
- Action Taken on Threats. Shows the action that was taken on threats based on your policy configuration. The table shows the action taken on threats with a critical, high, medium, or low severity level. If traffic was directed to Security Connector as a sinkhole, the Security Connector name is included with the list of actions. A link is also provided that takes you to the Policies page where you can review your policy configurations. For more information on severity level, see Severity levels.
- Active Threat Campaigns. Shows the number of threat campaigns that exist in your network. A donut chart shows active campaigns based on known categories. Clicking a category in the chart brings you to the Threat Events report where you can view more data on this category.
For all these widgets, you can also click the magnifying glass icon to view more details about this data in the corresponding SIA report or if applicable, you are directed to the Indicator Search page.
Shadow IT Analysis
The Shadow IT Analysis tab of the Security Summary dashboard provides details on AUP categories that produced events. This tab also shows data on categories that are known to host harmful content and categories that are suspected to host harmful content. Interactive widgets direct administrators to the Access Control events report or the DNS Activity report.
This area of the dashboard includes these widgets:
- Top Categories with AUP Events. Shows the top categories that produced AUP events. Analytics show how many categories from the total number of categories in SIA violate your policies. The total number of AUP violations are also listed. Data tables show the top categories that host harmful content and categories that potentially host harmful content. The number of attempts to access these categories is also shown. You can click a specific category anywhere in the widget to view more information in a separate report. Depending on the category you click, you may be directed to the Access Control report or the DNS Activity report.
The categories that potentially host harmful content are currently allowed in your environment. You should review your SIA policies and consider restricting or blocking access to these categories.
- Top Accessed Applications. Shows the applications that were accessed the most in your network. Data appears in an interactive donut chart where you can hover over the chart and click its data. You can also click data in the corresponding data table to view more details in the DNS activity report. The widget additionally shows the number of categories that were violated as part of accessing these applications.
- Top Accessed Categories. Shows the top categories that were accessed in your network. The total number of requests and the number of requests for each of these categories are also listed. Data appears in an interactive donut chart where you can hover over the chart and click its data, or you can click data in the corresponding data table to view more details in the DNS activity report.
For all these widgets, you can also click the magnifying glass icon to view more details about data in the corresponding SIA report.
Traffic Analysis
The Traffic Analysis tab in the Security Summary dashboard shows the total number of DNS queries, deployed Zero Trust Clients and Security Connectors, the top geographic regions with the most DNS queries, and the SIA locations with the most queries.
This area of the dashboard includes these widgets:
- DNS Queries. Shows the total number of DNS queries. The interactive widget allows you to hover over a date (based on the time period you're using in the filter) to view total number of queries.
- Akamai Zero Trust Clients. Shows the number of installed Zero Trust Clients and their current status. A donut chart shows the status and the corresponding key lists the number of clients that are in that state.
- Security Connectors. Shows the total number of Security Connector that are deployed in your network and the state of each connector.
- Top Geographic Regions. Shows the top geographic regions for DNS queries in a bar graph. You can hover over a bar in the graph to view the exact number of queries for each region.
- Top Locations with Threat Events. Shows a bar graph with the locations that had the most DNS queries and threat events.
For all these widgets, you can also click the magnifying glass icon to view more details in the corresponding SIA report or in the SIA page that applies. For example, clicking the magnifying glass for the Akamai Zero Trust Clients widget directs you to the Akamai Zero Trust Client page, while clicking the magnifying glass icon for the Top Geographic Regions directs you to the DNS Activity report.
Review the Security Summary dashboard
Complete this procedure to review the Security Summary dashboard.
To review the Security Summary dashboard:
- In the Threat Protection menu of Enterprise Center, select Dashboard > Security Summary.
- Filter data based on date and time.
- In the Threat Summary tab:
- Review the risk score and the data that’s presented for blocked threats and DNS traffic with malicious activity.
- Complete security recommendations to improve your organization’s risk score. The security recommendations contain industry standard recommendations and recommendations that are specific to your environment.
- In the Threat Analysis tab, review data on threats, including devices at risk, malicious domains, categories of threats that were blocked, and more.
- In the Shadow IT Analysis tab, review data that’s related to access control. This includes the AUP categories that produced the most events, the top accessed applications, and more.
This tab also shows categories that potentially host harmful content and are currently allowed by your policies. You should review your policies and consider restricting or blocking access these categories. - In the Traffic Analysis tab, review data on your network’s DNS traffic, including the top locations that produced events and the overall status of Zero Trust Clients and Security Connectors deployed in your network.
Updated 20 days ago