Enhanced Security Posture Reporting with Superset

Customer Profile

This case study features a leading cybersecurity company specializing in Security Posture Management (SPM) solutions for Network & Cloud resources. They faced challenges with their existing reporting and visualization tool, Looker, hindering their ability to deliver insightful data to their customers.

Challenge

The client encountered several issues with Looker:

  • Limited Reporting Capabilities: Looker’s functionalities fell short of effectively presenting Network & Cloud inventory and compliance data, a crucial aspect of their SPM product. Customers needed a more granular view of their security posture.
  • High Cost of Ownership: Looker’s software licenses significantly increased the overall cost of the SPM solution, impacting both the client and their end-users.
  • Lack of On-Premise Flexibility: Looker offered limited support for on-premise deployments, which didn’t align with the client’s preference for a self-hosted solution within their infrastructure.
Solution

The project team identified Superset, an open-source BI platform, as a compelling alternative due to its technical strengths:

  • Open-Source Advantage: Superset eliminated ongoing licensing costs, providing a significant financial benefit compared to Looker.
  • Intuitive Interface and User Empowerment: Superset’s user-friendly interface with a no-code visualization builder empowered security analysts to create informative reports and visualizations without extensive coding expertise.
  • Extensive Data Source Support: Superset seamlessly integrated with the client’s existing data infrastructure, ensuring smooth data access for security posture analysis.
  • Rich Visualization Library and Customization: Superset offered a comprehensive library of pre-built visualizations along with the ability to customize existing visuals and create custom plugins. This flexibility allowed for the development of visualizations tailored to specific security posture metrics.
  • On-Premise Deployment with Kubernetes: Unlike Looker, Superset offered on-premise deployment compatibility through Docker and containerization, aligning with the client’s preference for self-hosting within their Kubernetes environment.
Implementation

Following a collaborative discussion and client approval, the team embarked on a 3-sprint migration process:

  • Data Source Integration: Data pipelines were established to seamlessly transfer network inventory and compliance data from the original Looker sources to Superset’s data store.
  • Custom Security Posture Visualizations: Leveraging Superset’s capabilities, the team crafted custom dashboards utilizing tables, trendlines, tiles, and bar charts. These visualizations provided a clear and insightful view of various security posture metrics like vulnerabilities, misconfigurations, and compliance gaps.
  • Security Integration: The team ensured proper security configurations within Superset to align with the client’s existing access control protocols and user authentication mechanisms.
  • Knowledge Transfer: Training sessions were conducted to equip security analysts with the necessary skills to effectively utilize Superset for report creation and data exploration.

 

Technology Stack
  • Cloud Infrastructure (assumed): AWS (based on the presence of Kubernetes)
  • Development Framework: Java with Spring Boot (for building any custom components needed for the migration)
  • Business Intelligence Tool: Superset
  • Container Orchestration: Kubernetes (for on-premise deployment of Superset)
Impact

This migration to Superset demonstrates significant benefits:

  • Superset’s open-source nature translates to substantial cost savings compared to traditional BI tools, making it an attractive option
  • The user-friendly interface empowers security analysts to create reports and visualizations independently, reducing reliance on development teams and accelerating time-to-insight.
  • Superset’s rich visualizations enable clear communication of complex security posture data to customers, fostering better understanding and informed decision-making.
  • Superset’s on-premise deployment with Kubernetes ensures data security within a company’s infrastructure and facilitates future scalability to accommodate growing customer needs.
  • The active open-source community around Superset provides ongoing support, potential contributions for further development, and a platform for innovation within the SPM domain.
Conclusion:

By leveraging Superset’s open-source nature, user-friendliness, and customization options, the project team successfully delivered a cost-effective and scalable solution. This empowered the client to provide their security posture management product with enhanced reporting features, ultimately improving customer experience and communication of critical security insights.