CIO Resolution #1: Cross-Correlate Data to Get To Root Causes Faster

We have officially dubbed 2014 “The Year of the Security Breach.” We rang in the year with the Target news, watched the autumn leaves change during the JP Morgan breach, and did our Christmas shopping amidst the bizarre and often amusing Sony hack.

In 2015, protecting our data has become part of our collective zeitgeist. The modern IT professional is part Indiana Jones, part General Patton … protecting us from enemies both known and unknown. As in any time of heightened danger, the tools and tactics we use to protect ourselves must change and adapt.

As we look towards 2015, we at AccelOps challenge the current state of security and monitoring tools. We’ve identified several key “must have’s” for the modern CIO to protect his data in today’s environment. We’ll address each of them in a daily blog.

Here goes the first one: CIO Resolution #1: Cross-correlate data to get to root causes faster

Problem: Tool sprawl

IT teams often solve point problems with point solutions as they deliver new business services. That behavior causes tool sprawl that ultimately leads to inefficient security and performance monitoring — or worse — poor decision-making.

The main problem with running multiple redundant tools is you can’t correlate what’s happening across the different data streams to understand the root cause of the problem. For example: one tool shows a CPU spike to 95% on a domain controller…another displaysa security event showing an abnormally high number of logins from the Ukraine… and a third alert from a config file confirms a firewall rule was changed.

Using three different monitoring tools is a recipe for poor execution. Any one of those pieces of data in isolation is notable but not actionable. When you correlate all three and apply complex event processing to the result you say, “Whoa, we’ve got an issue here. We’re under attack.” AccelOps eliminates tool sprawl to improve root cause analysis.

Solution: Cross-correlate your data to get to root causes faster 

AccelOps aggregates your data – events, logs, and config files – then correlates and normalizes it in one central repository. We enrich it with metadata to provide context then process it against more than 300 security, performance, and availability rules in system memory before writing sanitized, actionable information to disk.

Taking the example above, when the AccelOps rules engine sees a CPU spike and we get an event showing an abnormally high number of logins from the Ukraine followed closely by modifications to a firewall rule, a notification is triggered because that pattern of concurrent activity is suspicious.

Rather than getting inundated with alerts from separate tools, you receive actionable alerts that let you know there is an important breach or something that requires attention. All rules and alerts are configurable so you’re only alerted when issues you consider important occur.

 

Tomorrow we’ll discuss CIO Resolution #2: Use an Integrated Monitoring and Security Platform.

Authors

Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone

Try AccelOps FREE for 30 Days

 

Get a Live Product Demo

 

Tags

cloud security big data RSA analytics compliance Q&A PCI DSS HIPAA Sarbanes Oxley (SOX) Target breach

About Accelops

AccelOps provides the leading IT operations analytics platform for the modern data center. The virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.

 

AccelOps automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security, applications and users. AccelOps’ patented analytics engine with cross-correlation and statistical anomaly detection sends real-time alerts when deviations occur that indicate a security or performance-impacting event.

 

The AccelOps platform scales seamlessly and provides unmatched delivery of proactive security and operational intelligence, allowing organizations to be more responsive and competitive as they expand their IT capabilities. 

Keep Social

twitter facebook linkedin