The system pulls information from the server monitoring service, in-house applications that monitor the domain name service and IDS, IPS, firewall and router logs. All events are sent to a central Unix box that correlates them and synthesizes them into a common event.

Silva reports that network operations center staffers now monitor only a single console instead of a dozen, and they no longer have to dig through several logs to find what is triggering an event. They have been able to reduce mean time to detection by 30 percent to 50 percent.

"If done well," says Kark, "a comprehensive security dashboard can not only save a tremendous amount of time and effort for the organization, but also helps security managers get more visibility into their security posture."

Robb is a Computerworld contributing writer.