Security dashboard

From the Security dashboard, you can monitor general information about potential security threats on your network.

Each chart in the Security dashboard contains visualizations of protocol metric data, organized by region. You cannot edit or delete the Security dashboard. However, you can create your own custom dashboard to monitor specific metrics that are relevant to you.

The following information summarizes each region and its charts.

Alerts

See which alerts were issued most recently in your environment. For more information about configuring and interpreting alerts, see Alerts concepts.

SSL - Weak Ciphers

See the number of active SSL sessions with weak cipher suites on your network. You can also see which clients and servers are participating in those sessions along with which cipher suites those sessions are encrypted with. DES, 3DES, MD5, RC4, null, anonymous, and export cipher suites are considered to be weak because they include an encryption algorithm that is known to be vulnerable. Data encrypted with a weak cipher suite is potentially insecure.

SSL - Certificates

See which SSL certificates in your network are self-signed, wildcard, expired, and expiring soon. Self-signed certificates are signed by the entity that issues the certificate, rather than a trusted certificate authority. Although self-signed certificates are cheaper than certificates issued by a certificate authority, they are also vulnerable to man-in-the-middle attacks.

A wildcard certificate applies to all first-level subdomains of a given domain name. For example, the wildcard certificate *.company.com secures www.company.com, docs.company.com, and customer.company.com. Although wildcard certificates are cheaper than individual certificates, wildcard certificates create a greater risk if they are compromised because they can apply to any number of domains.

DNS

See which DNS servers are most active on your network and the total number of reverse DNS lookup failures those servers have encountered. A reverse DNS lookup failure occurs when a server issues an error in response to a client request for a pointer (PTR) record. Failures in reverse DNS lookups are normal, but a sudden or steady increase in failures on a specific host might indicate that an attacker is scanning your network.