Two disjointed activities
The monitoring and the control of security still remain two disjointed activities from the performance and the availability monitoring of information systems. Several reasons are behind this separation. Historically, performance monitoring is already an old activity under the operating team's responsibility. The control of the security appeared more recently and has started within teams of experts and security consultants not involved in the daily operation of infrastructures and networks.
The compartmentalization is an omnipresent principle in security, it has contributed to separate those activities. Finally, SIEM solutions has been originally developed by specialized in security companies that did not had expertise in the field of performance monitoring and operations in a broad sense, which contributed to the compartmentalization.
The convergence advantages
Many arguments plead for the connexion of these two activities:
- Whether the failure's cause is due to an intrusion or a dysfunction, the consequences for the company are equal. It is sometimes even difficult to differentiate between a malicious act and an unvoluntary incident. It is therefore incoherent, when to monitor the same effects, to separate those two activities.
- Closely related concepts: monitoring, correlation, alert or alarm management, workflow, etc.
- These two activities also share many tools: inventory management, tools downloading, knowledge base, etc.
- Common data in the both environments: detail of the inventory, equipment criticity, network topology, recovery logs, network traffic analysis, etc.
- Each network device has dual data, which are solicited or managed, sometimes duplicated, due to lack of the treatment's convergence.
- Performance monitoring has a proven a longstanding expertise from that security monitoring could greatly take advantages.
- The most expensive item in monitoring remains in human resources. It is absurd today, in a period of tight budget to multiply Level 1 monitoring and operating teams.
- Prelude SIEM for security monitoring
- Vigilo NMS for performance monitoring
By choosing our complete solution offer, you take advantage of:
- Cost rationalization, in terms of product license, with exciting shared offers
- Operating cost rationalization with common modules, opportunities pooling capabilities for level 1 teams
- Improved efficiency of the entire system: sharing tools and streamlined method enables to reduce overall operating costs while improving efficiency. The global information is directly available to improve the contextualization of the incidents, the errors of interpretation are no longer possible, the complete chain of treatment is better mastered, etc.