February EventSource Newsletter
By: Rich Ptak, Managing Partner, Ptak, Noel & Associates LLC
While there are still some who question the ‘relevance’ of IT to the enterprise, and others who question the ‘future’ of IT, those involved in day-to-day business activities recognize and acknowledge that IT operations is integral to business success and this is unlikely to change in the immediate future. Today’s IT staffer with security incident and event management (SIEM) responsibility must be able not only to detect, identify and respond to anomalies in infrastructure performance and operations, but also build processes, make decisions and take action based on the business impact of the incidents and events recorded in ubiquitous logs.
Since the earliest incarnations of IT infrastructure management, a lot of ingenuity and effort has been applied to detecting, identifying and notifying a responsible party to take action when something occurs that signals a potential problem. Competition, combined with creativity, led to a proliferation of tools able to monitor and alert to problematic events.
Consider how far we’ve come in the process from the old days of manual tracking and analysis. Isn’t the whole process, from detection through analysis to notification and even resolution, now fully automated for nearly all installations? Aren’t we long past the days when we had to worry about (and avoided) automated management solutions since they likely introduced more problems than they solved? Now, even compliance-related monitoring has been automated. And with the advent of Cloud computing, along with SaaS, PaaS and IaaS, has the user been isolated from the infrastructure underlying service delivery? Doesn’t IT have bigger, more pressing problems to concentrate on than SIEM?
Simply, “no.” While it is true that SIEM has evolved considerably over time, the fact remains that even with more sophisticated, intelligent and automated solutions – there remains the need for IT staff to mine data logs for more information and insight into infrastructure operations, and to understand the impact of that interaction on the delivery of business services and the experiences of the user. IT must be able to identify and inform business staff on risks toSLA and performance commitments. IT must also be able to contribute defining and taking the actions needed to eliminate or reduce those risks.
The increasing complexity of IT operations, resulting from the expanding diversity and distribution of infrastructure combines with an evolving, dynamic integration and interaction in the delivery of business services to escalate service disruptions. This means that avoidance of such disruptions is of increasing importance. The link between the service user and the performance of the infrastructure has become more critical. The need for SIEM and for the IT staff to obtain actionable information from these management solutions is the combination that drives convergence of the management discipline sassociated with Applications Performance Management (APM), Business Process Management(BPM) and Business Service Management (BSM). Once considered and treated as separate areas of expertise, their overlapping interests and interdependencies become apparent. They cannot succeed if treated as organizational silos. Integrated SIEM with their detailed end-to-end data collection and analysis helps to end siloed operations.
For example, BPM assures processes execute precisely and consistently to complete a specific task with all intervening steps. BSM tracks the proper functioning of involved infrastructure at all stages of the service delivery and business process to assure a satisfactory end-user experience. APM optimizes infrastructure utilization and performance. IT needs to understand the involvement and impact of infrastructure on service delivery – hence they need data from all three functions. This involves monitoring, analyzing and reporting on a staggering number of incidents and events to identify what is significant to initiate appropriate action. This is the environment in which today’s SIEM best solutions demonstrate their value.
Free, entry-level SIEM solutions (such as EventTracker Pulse) provide basic functionality to begin data gathering, analysis and reporting from multiple different sources. Such solutions eliminate error-prone and tedious manual efforts. They can also provide basic application and service management. More feature rich products such as EventTracker Enterprise offer sophisticated functionality like complex analysis and custom reporting of potentially problematic behavior.
High functionality SIEM solutions provide significant opportunity for IT to exercise and demonstrate its ability to contribute to business success. The ability to document that ability is even more necessary as virtualized infrastructures and Cloud proliferate as de facto operating models.
The idea that IT operates to support the overall success of the business, not simply manage infrastructure is no longer a matter of contention. Today, IT is also under increasing pressure to document and demonstrate its contributions to business success. The difficultly, in an environment filled with competing solutions, comes in deciding just how to do this most effectively without breaking the budget. The answer is found in leveraging cost effective SIEM solutions.