Two activities yet disjoint
The supervision and the control of the security still remain of disjointed activities of the supervision of the performance and availability of the information system. Several reasons are behind this separation. Historically the performance monitoring is a longstanding activity under the responsibility of operating teams. The control of the security is appeared more recently and has started within teams of experts and security consultants not involved in the daily operation of infrastructures and networks. The Partitioning being an omnipresent principle in security it also contributed to separate these two activities. Finally, the SIEM were originally developed by specialized security companies who had no expertise in the area of supervision performance and operations at large, which contributed to the compartmentalisation.
The convergence profits
Many arguments plead for the reconciliation of these two activities:
- Whatever the cause of a failure is due to an intrusion or malfunction, the consequences on the company are equivalent. It is sometimes difficult to differentiate between a malicious act and an involuntary incident. It is therefore incoherent, to supervise the same effects andpartition these two activities
- There are very close concepts: supervision, correlation, alert or alarm Management, Workflow, etc.
- These two activities also share many tools: Inventory Management, download tools, knowledge base, etc.
- Several data are common to the two environments: detail of the inventory, equipment criticicity, network topology, recovery logs, network traffic analysis, etc.
- Each network device has dual data, which are solicited or managed, sometimes duplicated, due to lack of convergence of treatments
- Performance monitoring has a proven longstanding expertise from which security supervision could greatly benefit
- The most expensive item in supervision remains human resources. It is absurd today, in a period of tight budget to multiply these teams (expert supervision and Level 1 operation)
From these observations and strengthened by its experience in the field, CS offers global convergence. For this CS relies on these two flagship tools of its supervision suite:
- Prelude SIEM for security supervision
- Vigilo NMS for performance supervision
By choosing for our convergent offer, you take advantage of:
- Cost rationalization, in terms of product license, with exciting shared offers
- Operating cost rationalization with common modules, opportunities pooling capabilities for level 1 teams
- Improved efficiency of the entire system: with sharing tools and streamlined method, you reduce your overall operating costs while improving efficiency. The global information is directly available to improve the contextualization of the incidents, the errors of interpretation are no longer possible, the complete chain of treatment is better mastered, etc.