Visualizing Attack and Signal Trends Across Your Sites

We’re excited to announce the launch of the new overview page for your entire organization. As the central place for all high-level information about your sites, it provides the most valuable attack information like Signal trends and visualizations of attack traffic across your sites.

It’s always been our mission to help teams prioritize their scarce resources on the parts of the application that are actually under attack, and this new view makes the data even easier to consume.

Some notable new features include:

• Clean and simple charts showing total request volume over time, total attacks, and total blocked requests, so you can quickly see the value of actions taken by Signal Sciences.
• A list of all sites in your corp, blocking status, their attack traffic volume, and the most-used attack types so you can help teams focus on investigating and defending against specific attack vectors.
• A new Signals table that lists every attack and anomaly signal seen across your corp and the most-attacked sites.
• A new custom time range selector that allows you to choose between 1, 3, 7, or 30 days or any of the last three full months. This allows you to view trends or activity reporting on a month-over-month basis.

Empowering Customers with Actionable Data for Key Insights

So, how exactly did we decide to highlight these specific data points? One of our product principles is “data insights,” or in other words, turning data into information for our customers to help speed up their response and resolution times. So we spoke with customers and our technical post-sales services team to redesign the page with two goals in mind:

1. Provide executive stakeholders with high-level security trends.

Doing so required us to think about how we could improve our reporting features. The prior version of the overview page did not offer aggregate information or allow users to select custom time ranges, which made monthly reporting difficult. To enable monthly reporting, we added:

– Custom time range selection

– Aggregate traffic volume graphs

– Signal trends

Combined, these provide stakeholders visibility into what security trends are affecting their portfolio of apps corp week-over-week or month-over-month.

2. Enable security operations teams to use the Overview Page as an investigative launchpad in their day-to-day work.

The prior version of the page offered limited “linkage” to other parts of the dashboard and provided limited insight into attack trends across more than one site. To address this, we added the Signal table, so security teams can prioritize which attack types to defend against, and also graphs of attack track over time lists to aid in investigating security events across their app footprint.

Our customer-focused quest to provide actionable data—from the aggregate to the granular at the attack level—is constant.  This is an initial step towards creating data visibility across all the sites you have in production. Future iterations will highlight the most offensive bad actors across your portfolio of sites by including a “Top Flagged IPs” list, which is an aggregation of the IPs that cause the most events across all their sites.

As the only page in the dashboard that displays data from more than one site in a single place, this new Corporate Overview page will be a high-value touchpoint for security teams that need an initial “jump off” point to examine attack trends. The Signal table, traffic volume graphs for “Requests” and “Attack Requests” and “Blocked Requests, are all new data collections our engineering team created for this new iteration of the Corporate Overview Page.

In addition to continuing to listen to customer feedback, we’ll utilize this revision to test what cross-corp data customers find valuable and continue to provide deeper data on this page as we expand the data collections—all with the goal to best serve our customers’ needs to protect the apps, APIs and microservices that power their organizations.