Barking up the right tree: a dual-use approach to continuous monitoring
- By Chris LaPoint
- Jun 12, 2014
For the past several years, German shepherds have consistently ranked in the top 10 of the most popular dog breeds in the United States. There’s good reason for this. German shepherds are known to be fiercely loyal, relentlessly protective, easily trained, highly obedient and always watchful. They are not only “man’s best friend,” but considered by many to be the ultimate watchdogs.
Continuous monitoring systems are like the German shepherds of network administration. Like the beloved dogs, the systems have grown increasingly popular lately, particularly in government circles, as their value as network security guardians has increased. In fact, 63 percent of respondents to a recent survey by my company, SolarWinds, have implemented at least one continuous monitoring solution, and 87 percent of them feel that it’s been money well-spent.
And money is, as ever, a factor. Although we’ve moved on from the days of government sequestration, and federal IT purse strings have loosened a little, it’s not as if CIOs are seeing an avalanche of dollars headed their way. Budgets are still tight, and regardless of the effort to embrace continuous monitoring, the process must be done as economically as possible.
For efficiency-minded IT teams, continuous monitoring solutions are a godsend that have high potential ROI and effectively combine IT ops and InfoSec initiatives. The primary goal of any continuous monitoring solution is, of course, effective cybersecurity and compliance. But a wonderful and not-so-secondary offshoot is that organizations that implement the solution will also enjoy the ability to solve real-world issues and maintain uptime – often before a problem happens. I call this the “collect once, report to many” strategy, and it’s one that most federal IT teams find highly beneficial.
Those with continuous monitoring solutions in place are often able to respond to security threats or compliance issues quicker than those without. According to our survey, 46 percent of continuous monitoring users can detect inappropriate Internet access within minutes, compared to 29 percent of non-continuous monitoring users. They’re not only protecting their system, they’re keeping it operational.
In order to make sure this dual-use approach pays off, there are several things federal IT teams should consider when implementing a continuous monitoring system.
Design an alert strategy
Continuous monitoring systems are designed to automatically alert managers when something seems awry. But it’s up to the administrators to determine what kind of alerts they wish to receive.
Most continuous monitoring systems are highly customizable, allowing administrators to select and deselect alerts at will, depending upon the needs of the agency. Therefore, administrators will want to consider the things that are most important to them. These could include new or rogue device detection, unauthorized users trying to access the network, hardware device sensors and so on. Alerts can be adjusted to happen automatically and instantaneously, or at certain times of the day, depending upon their relevancy.
Identify rogue or unauthorized devices
This is particularly true for organizations trying to manage BYOD (i.e., everyone). As more smartphones and tablets make their way into the federal government, the chances for rogue or unauthorized devices “pinging” the network are increasing daily. But administrators can have their continuous monitoring solutions scan their networks on regular intervals and identify new devices. Those devices can then be closely monitored by the system, which can then alert administrators to any suspicious activity. The system can pinpoint which device – and, as an extension, user – is responsible for the behavior. Administrators can then protect the network against that device very quickly, averting potential disaster before it happens.
Configure your network appropriately
Continuous monitoring is just the first step; a full-fledged system should also incorporate some aspect of network change and configuration planning. While continuous monitoring can identify potential issues, network configuration planning tools can aid in managing them. Through configuration managers, administrators can automate backups, protect against unauthorized network changes, and receive reports on compliance violations. The tools can work hand-in-hand with continuous monitoring systems to create a complete package that both protects and enhances the network.
At the end of the day, it’s that ability to do both that makes continuous monitoring solutions the best friend of both network administrators and security professionals.
Chris LaPoint is vice president of product management at IT management software provider SolarWinds, based in Austin, Texas.