"This dashboard can be called a vulnerability management dashboard or antivirus dashboard, but not a security dashboard," says Khalid Kark, an analyst at Forrester Research Inc. "A real security dashboard would need to look at security controls in a comprehensive fashion and generate reports on it."

Koppelman has evaluated going to a more complete dashboard but says that what he has now meets his company's needs. But at VeriSign Inc. in Mountain View, Calif., a higher degree of control is needed for protecting the root servers for the .com and .net domains, as well as providing managed security services to thousands of enterprises. VeriSign must protect thousands of production and enterprise servers and hundreds of firewalls and intrusion-detection systems (IDS).

"There were too many places to look for information," says Ken Silva, VeriSign's chief security officer. "The idea is to centralize that into a common console so you really have only one place to look."

VeriSign selected a security management suite from OpenService Inc. in Marlboro, Mass., because of its extensibility. It provided about 80 percent of the needed functionality out of the box.

"We had the whole system up in about two weeks, and most of that time was spent fine-tuning for the other 20 percent that it didn't do out of the box," Silva says. "There are some events that we uniquely have at our company that obviously couldn't be preprogrammed into the system."