Machine-generated logs rarely have the contextual information needed to make decisions. While other IT Operations tools depend on human beings to continually input contextual information into the system, AccelOps discovers its own automatically.

AccelOps discovers information from various sources (e.g. SNMP, WMI, SSH, LDAP, VM SDK, etc.) and at various levels (e.g. physical, virtual, network, storage, user, application) and combines them to create a Machine Intelligence Database (MIDB) that depicts an accurate picture of the infrastructure – not just individual systems, but also interrelationships.

The discovered information is automatically categorized into functional asset and application classes and corresponding MIDB objects are created. The MIDB objects can be used in searches and rules.

Advanced threat management is achieved from security devices, as well as sFlow and NetFlow data. Security device information gives information on attacks, vulnerabilities, malware and account information.

sFlow and NetFlow data provide anomaly information on traffic and ports being used within the organization. Relationships are understood from AccelOps auto-discovery to map the applications to devices. Machine Intelligence Database classifications allow for complete understanding of infrastructure applications, business service and compliance mappings. Statistical Anomaly Detection uses baseline information to understand what is running on a device, port, protocols in use and who is communicating to the device.

CPU, disk, memory and network performance is also tracked to find anomalies and malware. Threat feeds from several online sources are also utilized and updated on a user-defined frequency in order to detect any malicious activity.  Advanced rules are based upon device and rule groups to facilitate monitoring dynamic cloud environments such as Amazon (AWS) and Google (Compute).

Multi-tenant capabilities allow for service providers or enterprises to cross-correlate multiple organizations or locations from a single visual interface.

AccelOps offers powerful event correlation for connecting patterns of events over time across all IT domains. Bad behavior in machine data can be encoded in rules.

Discovered Machine Intelligence Database objects can be used to sharpen rule conditions. Dynamic contextual metadata such as geo-location are automatically appended to events and then used in rule definition. Rule parameters can be learned from statistical profiling that is continuously being updated in the background.

AccelOps event correlation architecture is unique in two ways:

The entire streaming mode computation is done in memory and does not depend on
      creating index first.

Real-time rule evaluation is done in parallel over multiple AccelOps nodes using patented
      algorithms.

AccelOps cross-domain context-aware event correlation helps predict security threats and IT operational issues. The rules can correlate any machine data and adapt to changing conditions because of profile driven parameterization. Rule computation can instantly scale to increased loads because of the distributed architecture and virtualization platform.

AccelOps stores all original raw log messages untampered, along with parsed attributes with enhanced data elements. All logs are hashed to ensure data has not been tampered once it is stored in AccelOps. Data can be searched in real-time or historically from within the same solution.

Data can be purged, archived and trended over time. Searches can be simple like a Google-like search, complex using regular expression, or via a structured SQL-like query statement. There is no system limitation on the amount of data that can be processed or stored within AccelOps.

AccelOps is the only Security Incident and Event Management (SIEM) solution that provides discovery-driven, real-time situational awareness to security logs, resulting in quick IT response. The awareness comes from dynamic usage profile of infrastructure assets, their current configurations, recent changes, dynamic asset to business service mappings, user discovery from Active Directory and OpenLDAP databases, identity and location of every IP address involving mobile devices and statistical baselines of network traffic, system and application metrics.

The awareness also comes from continuously updated external threat intelligence sources in the form of IP reputation, domain reputation, malware user agent and malware hashes.
The situational awareness is appended to logs and enables AccelOps rule engine to correlate the information in real time to generate accurate actionable intelligence alerts and reports.

No matter the data type, whether performance metrics, database logs, security logs or configuration changes, AccelOps pre-processes all data into searchable events.

AccelOps allows both Google-like keyword and regular expression based searches on unstructured machine data, as well as field-based searches on structured machine data. Searches can be executed in real-time on streaming data or on stored historical data. Discovered CMDB objects can be utilized to help facilitate search conditions to narrow results.

One-click drill-down capabilities for refining search criteria streamlines root-cause analysis. Searches can be executed in parallel on multiple AccelOps nodes for fast results. The results can be visualized as time trends, pie and bar charts, scatter plots, bubble charts, heat maps, geo maps and tree maps.

AccelOps’ unique multi-tenant design enables Managed Service Providers (MSPs) and enterprises that run their business as service providers to do their jobs more efficiently. By sharing compute, bandwidth and storage resources across organizations and seeing their customers’ environments from a single pane of glass, service providers using AccelOps can achieve tremendous efficiencies.

AccelOps allows multiple organizations to be defined within the same instance, both remote hosting/colocation and remote management. Each organization can see and interact with its own data, while service providers can cross-correlate all data across their customers.

Hundreds of rules and reports can run either in the context of a single organization or across all organizations. 

Traditional dashboards focus on only a few metrics by showing TopN devices for each of those metrics. After a dozen or so metrics, the dashboard becomes congested with too much detail. What if a particular device has a problem and you need a bird’s-eye view of all the metrics for that device?

AccelOps provides a unique dashboard that enables users to instantly compare any number of metrics for any number of devices –  both current values and trends over the current day. This Infinite Matrix View, powered by an in-memory time-series database, enables customers to visually drill down on the root causes of issues quickly.

In a large organization with different kinds of equipment, it is important to constantly understand what is a normal baseline.

How many connections are typically permitted or denied by the firewall?

How many errors are typically seen on servers?

How many logons are there to the domain controller or the database servers?

What is the IO rate from storage systems?

Once baselines are known, deviations can be detected. AccelOps can baseline any collected performance metric or flow data and create alerts when anomalies are detected. Fine-grained baselines are created on an hourly basis for each distinct hour of the day and separately for work and non-work days.

The baselines are learned automatically and updated continuously in an attempt to learn the new normal. AccelOps enables baselines on any metric and allows users to customize the amount of deviation they want to see from normal behavior.

Dynamic Watch Lists allow IT to keep a tab of frequent security policy violators:

Accounts that get locked out often, countries that scan your network most often, or workstations that frequently turn off anti-virus programs, for instance.

AccelOps alerts administrators about these bad actors, who may violate one or more policies. Watch Lists can be dynamically populated when a rule triggers.

AccelOps provides a list of 20 common Watch Lists connected to one or more of AccelOps’ system rules. Users may customize these lists or create their own, depending on their needs.

AccelOps provides an innovative approach to role-based access control. A role can constrain both what portions of the GUI can see/edit/execute and what data can populate the GUI areas. The data constraints are determined by writing a query, similar to writing a report. This provides a flexible approach to creating roles for analyzing data on shared device, such as different access for IT and executives.

While traditional built-in roles such as help desk, database administrator and network administrator are provided, administrators can create their own roles by customizing the GUI view and data constraints. For service provider scenarios, users can have any combination of roles for any combination of organizations.

Role-based access control combined with a flexible external authentication via LDAP directories provide a very solid foundation for large enterprises and service providers.

Would you like the flexibility to detect an issue at a remote location that you are monitoring?

AccelePort Remote Access allows administrators to launch a secure terminal session from a browser and resolve the issue immediately without the need for a jumpbox. AccelOps multi-tenant architecture gives users a secure, one-click method to access remote devices. Simply select a remote device and AccelOps will know the associated AccelOps Collector and build a remote SSH tunnel from that Collector to the Supervisor node without the need to open an inbound firewall port.

AccelePort works natively for protocols for which browser plugins are available, e.g., SSH/Telnet, VNC, RDP, HTTP(S) and more.

The modern data center can operate completely on-premise, in the cloud or a combination of both. An on-premise deployment could be a traditional data center or private cloud. A service could be deployed between public and private clouds.

AccelOps provides an innovative architecture that seamlessly collects data from any component regardless of the deployment scenario, correlating the data and presenting the results in an integrated manner.

AccelOps also makes it easy to test a feature in a public cloud, as well as manage a migration from a public to a private cloud.

AccelOps provides users the ability to define a Business Service as a “smart container” of systems and applications serving a specific business purpose. A setup wizard that uses discovered information, including network topology, installed applications and traffic flow, guides users to create a business service.

AccelOps then tags every incident with the impacted business service, making it easy to prioritize tickets. AccelOps also computes Business Service health based on the health of all the component systems and applications, enabling trending against past values. 

Traditional compliance tools fail because they simply look at logs without any context of the surrounding network, systems and applications.

But how about detecting unauthorized devices on the network? Or unauthorized software or default passwords in configurations? Or unauthorized configuration changes?

AccelOps analytics, whether for compliance or security threat mitigation, is rooted in the product’s world-class, dynamic and automated discovery. Once discovered, all devices and applications are approved so that the next discovery process catches unapproved systems and applications. Similarly, AccelOps discovers network device configurations and alerts to changes.

A good way to monitor Business Service health is to take a user’s perspective.

AccelOps Synthetic Transaction Monitoring enables IT to create tests that reflect the way a user would use a system. The tests could be against the web front-end, against the database engine or against the email system that reports problems. AccelOps allows users to create detailed tests that reflect real-life usage.

For example, AccelOps allows users to test a website (e.g. Salesforce.com) by recording a series of user actions via Selenium browser plugin and then playing it back in AccelOps via a headless browser. For email component, AccelOps sends an email and receives the same email.

AccelOps Synthetic Transaction Monitoring can catch problems before they show up in any internal performance metric. In addition, by combining synthetic monitoring test results with performance metrics periodically collected by AccelOps, it is easy to determine the root cause of a problem without too much follow-on investigation.

AccelOps demonstrates to security auditors that collected logs have not been tampered with while at rest within the AccelOps system. To achieve this, logs are cryptographically signed immediately upon arrival at the AccelOps point of entry.

The checksums are stored in a database. An auditor can verify the log integrity from the AccelOps GUI simply by choosing a time period and running a check. If some logs have been found to be tampered with, AccelOps can identify the time period for of the affected logs.

Device support is automatically provided after AccelOps analyzes, discovers and automates a given environment.  

If a new device is added to the environment, AccelOps automatically discovers, maps and supports that device as part of the overall environment.

AccelOps offers deep storage monitoring for direct attached, network attached storage (NAS) and storage area networks (SAN).

Using vendor-specific APIs, AccelOps can discover detailed storage architecture, including hardware details and host to LUN to Storage Pool to Physical Disk mappings. By combining storage usage metrics from the host, virtualization and NAS/SAN layers, AccelOps can also calculate critical performance metrics such as latency, read and write rates at host, LUN and Storage Pool levels.

These usage patterns can be baselined on a hour of day and day of week basis and anomalies can be quickly detected

AccelOps enables enterprises to gracefully manage the migration to a public cloud such Amazon Elastic Compute Cloud (Amazon EC2). AccelOps seamlessly conducts deep analytics on compute, network and storage resources, whether on-premise or in the Amazon EC2 cloud, either partially or wholly. AccelOps allows users to monitor their Amazon EC2 activity and EC2 resource usage from the same console that they monitor their on-premise datacenter. The basic performance metrics as provided by AWS CloudWatch services can also be obtained. By deploying a native AccelOps Collector inside the EC2 cloud, much deeper information can be collected at fine-grained time intervals. By defining a composite business, including on-premise resources and cloud resources, the end-to-end behavior can be captured.

Using VMware’s API, AccelOps understands relationships from physical servers, ESX hosts, guest operating systems and virtual connectivity.

AccelOps generates visual representation of an ESX environment. Relationships are mapped in the CMDB to give layer-2 and layer-3 topography. Guest operating systems are mapped to physical ESX host and clustered servers.

Real-time dashboards show current statuses and alerts while historic searches provide detailed information on the VMware infrastructure.

AccelOps scales simply by adding more virtual machines (VMs) to a cluster. AccelOps can handle enormous workloads. Powered by multi-threaded architecture and in-memory real time data sharing, an 8-core AccelOps node can handle up to 10,000 events per second – that’s 1 terabyte of events a day. AccelOps then collects and parses the events, runs 50 in-line system reports for populating dashboards, and checks  against 400 real-time rules. Simply add AccelOps Collectors to offload parsing and rule/report processing to increase real-time event processing demands. Simply add disks if more storage or IOPS is needed.  Resources on the virtual machines can be increased and new virtual machines can be spun up in minutes and added to the AccelOps cluster. There is no data migration needed and minimal downtime.

As a virtual appliance, AccelOps has the easy-to-maintain advantages of a hardware appliance, yet can be quickly deployed in any data center environment. AccelOps is optimized to run on all major hypervisor platforms – VMware ESX, Red Hat Kernel Virtualization Manager (KVM), Microsoft Hyper-V and Amazon EC2 Xen. AccelOps runs in any public cloud infrastructure, including Amazon Web Services (AWS), Google Compute Engine and Microsoft Azure. As the needs and scope of AccelOps expands in an organization, AccelOps can be seamlessly moved from the current physical machines to more powerful machines, or from private clouds to public clouds or from a public cloud to another public cloud.