MONITORING

BUSINESS CASE:

The explosion of Web portal based applications in private or public cloud(based on 3tier architectures that are deployed in HA environments with database clusters), mobile devices, cloud applications, new IP class devices(non-traditional), has caused monitoring business cases to significantly increase.

Categories Include:

Datacenter Performance: Ability to detect the root cause of the performance challenge at the different application infrastructure layers in order to identify which team should own troubleshooting:

  • Application
  • Virtual
  • Datacenter
  • Security
  • Storage
  • Platform teams

Security:

DMZ: Detect Evasive Behavior attacks, enforce patching Identity: Verify and prevent privelige escalation attacks Security Event Management: SIEM/Logging solutions are overwhelmed and no longer able to accurately identify an attack methodology File Auditing/Change Mgt: Need to identify attempts at IP theft and Data Leakage from critical platforms

Data center

Unfortunately, when business-critical applications fail, the impact can be serious and you need tools that put you one-step ahead before your business is impacted,   or perhaps your network is clogging as you try to transfer large files across it for central analysis? Continuously and easily, troubleshoot network activity in real time with state of the art appliance products.

A change management plan should:

  • A single solution can detect known threats and look for unknown threats through analysis of massive volumes of activity data.
  • A scalable security intelligence platform has the flexibility to make tens of terabytes of data per day security relevant through comprehensive analysis capabilities that breaks down organizational data silos and data collection challenges.
  • Situational awareness dashboards give custom views of risk per domain, asset, or identity.
  • Incident reviews provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities.
  • Analysis centers provide indicators of unknown threats from traffic abnormalities.
  • Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity.
  • Statistical outlier detection tools aid anomaly detection.
  • Unified Threat Intelligence from many sources.
  • Data inputs provided for NetFlow, logs, RDBMS, APIs, & more.
  • Quickly capture, index, and store all data packets without the need for file transfers.
  • Troubleshoot problems faster.
  • Quickly identify the applications running on your network.
  • Monitor your virtual machine traffic.

Application Performance Management (APM)

Delve into the complex software framework and operating systems of modern servers to extract vast amounts of performance and forensic data to support all aspects of Application Performance Management (APM) from the server perspective. These solutions provide analysis for any type of application environment. The APM solution constantly monitors thousands of system and application metrics within each server, across all application tiers and automatically detects and ranks performance and behavior anomalies. Provide your IT team with the visibility and actionable insight to deliver the application performance users and your business demands.

Employ a real-time view and APM solutions will help to ensure the reliability and speed of business-critical applications in the following key areas:

  • Proactive early warning
  • Faster troubleshooting
  • Support for continual improvement efforts
  • Eliminate” finger-pointing” among IT teams with shared real-time visibility across all tiers of the application delivery chain, from the first DNS request to the last byte served from storage.
  • Solve problems quickly with real-time, transaction-level details such as URIs associated with HTTP 500 errors, slow SQL queries, or the location of corrupt files in network-attached storage and pinpoint code level root causes in multi-tier applications
  • Ensure successful application deployments and reduce the risk for new application rollouts with the ability to identify misconfigurations and other issues that are not visible to traditional APM tools.
  • Ensure the performance of business transactions and see application performance baselines, which are essential for making continual improvements, planning capacity, and architecting new application versions.
  • Scale monitoring and management automatically with passive 20Gbps solution with auto-discovery, auto-classification, and auto-dependency mapping.

Evasion Deterrence

The anti-evasion portfolio consists of unique technologies and solutions for organizations and enterprises of all sizes – from all sectors. Our edge is our 24/7, automated evasion testing environment – that runs 1-2 million AET test runs every day – and our dedicated team that collaborates with academics and test labs. If your organization has data assets of value to cyber criminals, you could be a target for AET-borne stealth attacks.

Cloud Monitoring

As major enterprise customers have moved partial application deployments to global SAAS datacenters, performance in between the datacenters has become difficult to monitor. Amazon AWS, Microsoft Office 365, Salesforce.com, internal datacenters, and partner datacenters, all are communicating over private and public links, as well as a rapidly growing population of mobile users.

Traditional infrastructure performance vendors required significant amounts of probes at key datacenters in order to verify infrastructure performance. Currently, a new generation of vendors with SAAS capabilities is enabling the visibility of the life of a transaction request from the mobile device, across the Internet, in and out of a SAAS datacenter and the corporate datacenter, and back.

Deploy private agents within the enterprise environment as a Linux package or virtual appliance, or use the Public Agent infrastructure to set up tests to collect performance metrics for HTTP, DNS, TCP, IP, as well as BGP from multiple locations. Examine the different layers of application delivery one by one with X-Layer and navigate from layer to layer to find the root cause of problems, whether inside or outside your network. See for the first time how BGP routing changes affect the network quality and affect the application performance. Visualize complex network problems using the interactive path visualization, generate custom reports, configure alerts, create dashboards and use our API to pull data for your custom analysis. Remove the finger pointing and time consuming manual data exchange process with interactive sharing capability that enables enterprises and cloud providers to see the same picture. Cloud providers can now interact with data shared by Enterprises and even set alerts on them.

Available statistics include:

  • Latency
  • Packet Loss
  • Capacity
  • Available Bandwidth
  • Routing Availability
  • Wireless Access
  • VoIP/Video
  • Desktop Virtualization (VDI)

These solutions provide End to End metrics layer with Layer 2- Layer 7 shareable information with a SAAS console, to be able to query all the different points/hops that a global, national, regional request takes in order to provide you with the exact device that is having performance challenges.

Infrastructure Change Management

Many organizations have no way to detect when:

  • Sensitive files are accessed or deleted.
  • Security groups, GPOs, and other Active Directory objects are modified or removed.
  • Unwarranted privilege escalations occur.
  • Permissions on sensitive directories are modified.

To answer these questions requires continuous and non-intrusive auditing of every single access event on your network. Today’s solutions offer the ability to detect critical events, notify the right people, provide the context needed to address potentially unauthorized access or changes and can helps CISO's make their risk management processes more efficient and effective. Improve your ability to detect possible security breaches, misconfigurations, and other issues in real-time by providing real-time alerting based on file activity, Active Directory changes, permissions changes, and other events. Alert criteria and output are easily configurable so that the right people and systems can be notified about the right things, at the right times in the right ways.

COMMON USE CASES:

  1. Monitor sensitive configuration files on Windows and UNIX/Linus servers.
  2. Detect changes made outside of change control windows.
  3. Alert on access to highly sensitive data.
  4. Alert on privilege escalations.

RECEIVE IMMEDIATE NOTIFICATIONS ON:

  1. File accessed, modified, and/or deleted.
  2. Group membership, group policy and other Active Directory changes.
  3. Permissions changes.

GET ALERTS THE WAY YOU WANT THEM:

  1. Syslog, Event Log, SNMP, Email
  2. Trigger the command line execution.
  3. Easily integrate with SIEM and network managed solutions.