OF YOUR INFORMATION SYSTEM
Security monitoring of your IS is still separated from performance and availability monitoring. There are several reasons for this separation. Historically, performance monitoring is an older activity under the responsibility of the operating teams. Security management has appeared more recently and has started with teams of experts and security consultants not involved in the day-to-day Is operation.
Since partitioning is an omnipresent principle in security, it has also helped to separate these two activities. Finally, the SIEMs were originally developed by security companies that did not have expertise in the field of performance monitoring and exploitation in the broad sense, which reinforced this dispersion.
The benefits of convergence
Faced with the urgent need to optimize operating costs while improving efficiency, there are many arguments in favour of combining these two activities:
- Whether the cause of a failure is due to an intrusion or a malfunction, the consequences for the company are equivalent. It is sometimes even difficult to distinguish a malicious act from an unintentional incident. It is therefore inconsistent, while monitoring all incidents, to separate these two activities.
- There are very similar concepts in both activities: monitoring, correlation, alert or alarm management, workflow, etc.
- These two activities also share many tools: inventory management, patch management, knowledge base, etc.
- Several pieces of information are similar to both environments: inventory detail, equipment criticality, network topology, log feedback, network traffic analysis, etc.
- Each device in the network has dual information, which is requested or managed, sometimes in duplicate, due to the lack of convergence of processing.
Like the ITIL method, the performance monitoring activity has an already long-standing and proven know-how which security monitoring could greatly benefit from.
The most expensive element in the operation of monitoring, be it availability or security, remains the human resources. Convergence between these two activities may in some cases allow pooling of level 1 resources, which has a significant impact on the overall cost of operating the IS.
Unity 360, unify your securities
Based on these observations and supported by its experience in the field, CS has been working for several years on the convergence of these two tools. The two solutions remain autonomous and independent but we have built the necessary framework for their simultaneous use within the Unity 360 pack.
Among the features offered by Unity 360, you will find:
- Use of a common portal for both applications.
- Use of alert and alarm tracking interfaces sharing the same techniques, look and feel.
- Availability of transversal modules: inventory management, ticket management, reporting tools.
- Ability of the two applications to communicate with each other to notify each other.
In the end, you have the same application to manage your two needs while succeeding in combining economy and efficiency!
By opting for our convergence offer, you enjoy:
A rationalization of your costs, in terms of product license, with interesting shared offers,
- Rationalization of your operating costs with common modules, possibilities to share level 1 teams,
- Increased efficiency of the entire system: by sharing rationalization, tools and methods, you reduce your overall operating costs, while improving efficiency. Global information is directly available to improve the contextualization of incidents, interpretation errors are no longer possible, the entire processing chain is better controlled, etc.