Is Your Security Really Secure?
Unified Monitoring as a
Meta Security Tool
Many hot trends in IT follow the trajectory of a firework on the Fourth of July: A loud bang, burst of light and it's over. Security is not one of those trends. Since the early days of networking, IT-security has been a critical issue, and that remains true now more than ever. In 2015, a survey conducted by Paessler revealed that 58% of all surveyed IT administrators named security as one of their key tasks and constant challenges. In the past, a firewall and a virus scanner were sufficient
to protect the network of an SME, but today, a number of interconnected solutions are needed to counteract the ever-evolving threats. All these IT security tools can only provide comprehensive security if their function is ensured and if the overview of all measures is guaranteed. This requires a comprehensive security strategy that identifies potential hazards, sets up appropriate tools as preventive protection, and controls and maps all this within one central solution.
IT Security Threats
The Classic Villains
Viruses and Trojans are no less dangerous today, just because they have been around since the dawn of the Internet. Again and again, new malware creates headlines and the ever progressing integration of everything and everybody constantly opens up new doors. Therefore, antivirus, firewall and intrusion detection systems are still justified.
Not only malicious attackers threaten your data: failures or misconfigured devices and applications can also cause data loss. It is not about building lines of defense, but rather setting up a monitoring and early warning system which constantly monitors all critical components and immediately takes action on an error or, ideally, can already see the first signs of impending problems and warns you before the situation becomes critical.
Bring Your Own Device (BYOD) and Internet of Things (IoT) create new opportunities for malware intrusion by expanding the threat vector. Previously, a simple ban on private disks, CDs or USB flash drives was sufficient, but today there are too many devices connected to the network. A general ban is neither practical nor sensible in most companies, because many employees use smartphones, tablets or laptops both privately and professionally. Even IoT creates new gateways, integrating numerous devices into the network which do not belong to IT and which come with a risk that is often difficult to assess. IT has to find the right compromise between new opportunities and greater flexibility while ensuring the necessary security.
IT is threatened by more than systemic risks. Physical disasters such as fires, floods, heat or theft should not be disregarded in a comprehensive safety concept. The best antivirus software can’t protect you from a flood in the data center, or an air conditioning failure in the server room.
For virtually every threat there is the right "antidote". Virus scanners and firewalls protect against malware, backup tools assure data, environmental sensors control humidity and temperature, and surveillance cameras have unwanted intruders in view. As long as all these systems operate reliably, your IT is relatively safe. But how do you make sure that everything works? And most of all: How do you keep track of the number of systems that are essential for the security of your IT? For a comprehensive security concept you need a monitoring solution as a kind of meta-security tool for the monitoring and control of individual measures.
of Meta Security
Control of Security Tools
Are the virus definitions up to date? Are backups valid? Is the firewall online? Security only works when the security tools are working. The meta security solution must be able to monitor traditional security tools input and to ensure its correct functioning.
Fallback if Conventional Tools Fail
What happens when a virus is not detected or a Trojan bypasses the firewall? A suitable monitoring solution detects unusual behavior, such as the proliferation of traffic, the memory reaching capacity or atypical email traffic, and will notify you accordingly.
Ensuring General Functionality
Monitoring solutions continuously monitor performance and function of all components of your IT infrastructure, no matter whether it comes to hardware, software or data streams, in order to help prevent data loss and ensure optimum working conditions for your colleagues.
Monitoring of Physical Control Devices
A suitable monitoring solution is able to monitor physical sensors, as well as video cameras, to ensure that all systems are running. It also notifies you when defined thresholds have been hit so you can react accordingly.
Keep the Overview
The essential aspect of a comprehensive security concept is clarity. Only if you are able to quickly and easily view all your security measures in real time, without having to call up each solution individually, can you keep track of the entire security situation. The monitoring solution needs to integrate all tools used and map them, with minimal effort, into a central overview.
Not every monitoring tool is able to fulfill all these tasks. Some do not offer the necessary functions, while others are too expensive, too complex or too resource heavy. Below is an overview of the criteria you should consider when evaluating a comprehensive monitoring solution.
The ideal Monitoring Solution
in 6 Steps
No monitoring solution can monitor your entire IT out-of-the-box because modern infrastructures are far too complex and heterogeneous. It is important that the right solution possesses all the necessary functions to monitor the entire IT infrastructure, including as many of the common protocols as possible: SNMP, Ping, FTP, http, NetFlow, sFlow, jFlow, WMI or packet sniffing.
In conjunction with a well-documented API, almost all devices and applications can be connected – as well as other security tools, sensors, surveillance cameras, etc. and when all this can be done easily with the help of templates and examples, then you’ve found the most appropriate solution.
Many monitoring systems are offered as a kit and require paid add-ons for almost every feature, often at a significant cost. The right monitoring solution will offer as many options as possible in the most basic version. When doing price comparisons between monitoring tools, be sure to include the cost of add-on modules.
Naturally, you have to be able to define individual limits for notifications and alarms in your monitoring solution. In addition, the software should be smart enough to recognize unusual behavior even if the defined limits are not reached.
SQL databases are not the best fit for storing monitoring data. A monitoring solution should store data in RAW format for precise long-term research to identify vulnerabilities.
Publication of Data
Ideally, the monitoring solution provides built-in reporting, as well as customizable dashboards and maps. It’s beneficial being able to generate custom HTML maps on which all elements of the security concept can be clearly displayed.
The intuitiveness of the software should be at the top of the list. Sometimes it might even be worth doing away with additional features if it's going to affect user adoption.
Price and Licensing
Are all costs included? Is the licensing straight forward? There are sometimes hidden costs in the form of 'add-on' modules or due to over-complicated licensing models. Transparency is paramount.
Test the Software first!
PRTG Network Monitor
With PRTG Network Monitor Paessler offers a monitoring solution that fulfills all requirements for a meta-security solution: from functionality to usability. See for yourself with our free trial version.