Archive for April, 2013

 Meet Carol and Frank

A pain in the neck. A killer with a silencer mode, firing right at all the company productivity. Yes, it is what we called as downtime. The word is “utilize” to refer to time when a system is unavailable. As known as outrage duration, the word too refers to a period of time that a system fails to provide or perform their primary function. The term is commonly applied to networks and servers, as far as concern the common reasons for unplanned noise are system failures for instance like crash or communication failures.

Firstly, the impact of downtime is business cost for enterprises with revenue models that depend solely on the data centers’ ability to deliver IT and networking services to customers – such as telecommunications service providers and e-commerce companies – downtime can be particularly costly, with the highest cost of a single event topping $1 million (more than $11,000 per minute) (Understanding the Cost of Data Center Downtime: An Analysis of the Financial Impact of Infrastructure Vulnerability).

Next, downtime impact the reputation and loyalty include lost business with customers (both short term and long term), employee time panning away to other tasks to get the IT systems operating again, employee overtime expenses, the value of lost data, emergency maintenance fees specifically if it occurs during off hours and additional repair costs that may go on even after service has been restored, and many more.

The final impact as illustrates at the picture above is the employee productivity. It can be measured in terms of the salaries, wages and benefits of workers that are made neglected by system downtime. After a downtime event, investigative actions are often required to correct the damage.

To prevent from the outcome of downtime, an application performance management(APM) is a must for an organization to need it. APM strives to detect and diagnose application performance problems to maintain an expected level of service as well to counterpart quickly before downtime arouse. With WhatsUp Application Performance Monitor, it can unifies systems, network, and application monitoring – and gives the capabilities to ensure that application performance meets user expectations and business priorities.It provides the full insight and customization to find and assess the impact of issues, isolate the cause, and restore performance levels.

For more information on Whatsup Application Performance Monitor, please don’t hesitate to talk with us.

You may also be interested in:

1. Whatsup Gold Application Performance Management (APM) Insights

2. SIEM Security Concerns

3. Trends for Cyber Security in 2013

4. How to instant session hijack other people Facebook and Twitter user account?

5. Protect Business From Cyber Attacks

Read Full Post »

WhatsUp Gold APM

Graphic Illustration of Whatsup Gold Application Performance Management

Dear readers,

As mention on the thread Application Performance Management (APM) trend, challenges and solution, the advantage is greater perspective into the nature of performance problems, and in how to utilize the data information that will let the users earn access to accept benefits for instance like improving software quality. The advantages that gain interest to stakeholders will change as the organization evolve in the use of performance information. The points to realizing the benefits of APM are to get the clear view of the applicability and limitations of the various tools as well as suitable processes to fully utilize the information. With this perspective, it will gain all of the APM benefits. A tool which being use poorly or not proper will give a lot of difficulties in getting full value.

As old saying “time is money” by Benjamin Franklin, an application downtime arguably gives both of the headache; time and money. Based on the graphic illustration above, 80% of Managers reported that an application downtime cost exceeds $50000 per hour and surely the employee productivity will be decrease greatly. Simply monitoring in production alone will not heavily impact the number of incidents. With introduction of Whatsup Gold APM earlier, either during user-acceptance testing or stress tests, in order to provide chances to tackle performance issues prior to the production utilization. APM visibility has its greatest impact. The users can get insights of the problem, get to detect problems before operational. Furthermore, the users too will get to validate the performance monitoring configuration (dashboards, reports, alert thresholds) that the operations team depends on.

E-SPIN is a WhatsUp Gold (by Ipswitch) value-added regional partner for end to end enterprise network, server, application management products, software and services. As an solution integrator, E-SPIN provide best of breed solutions WhatsUp Gold product. Establishing partnerships with E-SPIN is valuable to your organizationfor ensuring you have the right combination of resources to meet project requirements and operations.

You may also be interested in:

1. Bring Your Own Device (BYOD) Trend, Security and Management Challenges and Solutions

2. Security Information and Event Management (SIEM) – trend, challenges and solutions

3. Protect Business From Cyber Attacks

4. Security Information and Event Management (SIEM)

5. Take Care in Handling the Results of Your Web Application Testing

Read Full Post »

Typical SIEM Dashboard

Typical Hybrid Approach for SIEM

In the field of IT, Security Information and Event Management (SIEM) solutions are a combination of the formerly disparate product categories of SIM (security information management) and SEM (security event manager). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.

The acronyms SEM, SIM and SIEM have been used interchangeably, though there are differences in meaning and product capabilities. The segment of security management that deals with real-time monitoring, correlation of events, notifications and console views is commonly known as Security Event Management (SEM). The second area provides long-term storage, analysis and reporting of log data and is known as Security Information Management (SIM). As with many meanings and definitions of capabilities evolving requirements continually shape derivatives of SIEM product categories. The need for voice centric visibility or vSIEM (voice security information and event management) is a recent example of this evolution.

SIEM 3D visualization for complex and advance security analysis

SIEM 3D visualization for complex and advance security analysis

The term Security Information Event Management (SIEM), in general, describes the product capabilities of gathering, analyzing and presenting information from network and security devices; identity and access management applications; vulnerability management and policy compliance tools; operating system, database and application logs; and external threat data. A key focus is to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response.

To be truly SIEM solution, need to meet the following criteria:

  • Data Aggregation: SIEM/LM (log management) solutions aggregate data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.
  • Correlation: looks for common attributes, and links events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. Correlation is typically a function of the Security Event Management portion of a full SIEM solution
  • Alerting: the automated analysis of correlated events and production of alerts, to notify recipients of immediate issues. Alerting can be to a dashboard, or sent via third party channels such as email.
  • Dashboards: SIEM/LM tools take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.
  • Compliance: SIEM applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.
  • Retention: SIEM/SIM solutions employ long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements. Long term log data retention is critical in forensic investigations as it is unlikely that discovery of a network breach will be at the time of the breach occurring.
Pure SIEM Typical Dashboard

Pure SIEM approach, typical SIEM Dashboard

For the enterprise, corporate and government context, as the numbers of network device, security device, server, critical system and business critical applications growing, so do the need for the centralise security event log monitoring and archive is always there for the minimum. Some client will go for low cost point solution, end up with lot of manual work to get the reporting and incident investigation or auditing work to be done, while other will go for the systematic approach to get the things done in the way simplify their time and allow them to focus on get the real intrusion and act on it, as well as for other department user to get their things done (i.e. typical team work and multi user system).

Typical Point Solution for Event Log Management Interface

Typical Point Solution for Event Log Management Interface

For the coming technology session, E-SPIN will arrange series of related solution to use as the hand on and to look into the common Security Event Log Management, from set up to automatically collect, store, archive, back-up, analyse and report on Syslog, Windows events logs, or W3C logs generated by said Web Application Servers, Load Balancers, Firewalls, Proxy Servers or Content Security appliances. Add Event Log Monitoring to secure network and protect key information.

We will look into how to reduce exposure to security breaches, malware, loss or damage, and protect your organisation against costly financial penalties and legal liabilities.

In specific, we look into “how-to” aspect to run Security Operation Center (SOC) context:

  • automatically collect, store, archive and backup all log files with the intent for multi year data storage, cryptographic hashing
  • monitor windows event and syslog data in real-time to receive alerts and notification at the first sign of trouble
  • filter, analyse and report on log data to verify the success of internal security policies, and demonstrate regulatory compliance
  • generate compliance-centric reports for IT personnel, security and compliance officers, and even law enforcement agencies
  • spot check and review log files much faster to quickly respond to an emergency incident, and
    the practical matter that most vendor want to hide from you regard the following matter – how to do about it:
  • integration and share the data with Network Operation Center (NOC) / Security Command Center or other 3rd party Network Management System (NMS) / Intrusion Detection and Prevention System (IDS/IPS/IDP) System integration / Passive Real time vulnerability detection and Active Vulnerability Scan / Regulatory Compliance

Please stay tune to our newsletter and how to register for the series of events. If you have yet subscribe for E-SPIN newsletter, it is the good time to subscriber for. Non-sense and truly value added newsletter with practical information and came with event with the specific theme or area of focus your may involve and participate.

Read Full Post »

Application Performance Management (APM) and Monitoring in Action (screen capture)

Application Performance Monitoring (APM) in live, screen capture, it can be either integrated into unified dashboard or standalone.

In the fields of information technology and systems management, application performance management (APM), is the discipline that focuses on monitoring and managing the performance and availability of software applications. The goal of APM is to detect and diagnose application performance problems to maintain an expected level of service. APM is the translation of IT metrics into business meaning (value).

There are two main methods by which application performance is assessed. The first method is measuring the computational resources used by the application. The second method is measuring the performance as seen by a user of the application, which has two components. The first component, sometimes called bandwidth, is the volume of transactions that are processed by the application per unit time. The second component, sometimes called latency, is time required for an application to respond to a user action.

Measurement of these quantities establishes an empirical performance baseline of the application in use. The baseline can then be used to detect changes in performance. Changes in performance can be correlated with external events and subsequently used to predict future changes in application performance.

The use of APM is common for web applications, as the whole world is transited from client/server to centralised management web application, such as common one like Enterprise Resources Planning (ERP), Customer Relationship Management (CRM), Supply Chain Management (SCM), Intranet Portal Application, and various Private hosted Cloud application. In addition to measuring response time for a user, response times for components of a web application can also be monitored to help pinpoint causes of delay. There also exist HTTP appliances that can decode transaction-specific response times at the web server layer of the application.

In the cutting edge technology, we are talking about end to end application performance monitoring, where in common have the following five dimensions:

  • End user experience monitoring (Active and passive)
  • Application runtime architecture discovery and modelling
  • User-defined transaction profiling (or also called business transaction management)
  • Application component monitoring
  • Reporting & Application data analytics

Previously, it is still consider APM is their own domain during emerging, but as time goes by, now reaching the mature stage for the product. Clients now days always ask they want to extend their current System Management System (SMS), widely adopted for infrastructure, datacenter, Network Operation Center (NOC) and WAN/LAN network, server and system monitoring, whether physical or virtual infrastructure plus adoption of in depth end to end application performance monitoring functionality into single unified dashboard to achieve the best for the both world, and at the same time reduce total cost of ownership, since it is only one set of system to maintain, and it is future proof in architecture design and your can grow your infrastructure without much integration challenges.

For the coming, E-SPIN will shared series of practical and technical know how experience article and open series of informative and technical how to seminar to educate and share on the approach on the matter. For those who interest on those, please ensure you are currently subscribe for the E-SPIN newsletter, since only newsletter subscriber will be entitlement for the various resources given earlier.

Stay tune.


Read Full Post »

BYOD Bring your own device

BYOD Bring your own device

Bring your own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) means the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and use those devices to access privileged company information and applications. The term is also used to describe the same practice applied to students using personally owned devices in education settings.

BYOD is making significant inroads in the business world, with about 75% of employees in high growth markets such as Brazil, Malaysia, India, UAE and Russia and 44% in developed markets already using their own technology at work. In most cases, businesses simply can’t block the trend. Some believe that BYOD may help employees be more productive. Others say it increases employee morale and convenience by using their own devices and makes the company look like a flexible and attractive employer.

Like it or not, now days most of the enterprises adopted a BYOD policy, and it did bring along benefits and managing issues if you do not did it right. For instance, BYOD has resulted in data breaches. For example, if an employee uses a smartphone to access the company network and then loses that phone, untrusted parties could retrieve any unsecured data on the phone by possess the stolen phone or phone get that forgot or get lost somewhere.

Another type of security breach occurs when an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device.

For the managing infrastructure perspective and ensure employee productivity, as well as without engage in too much personal and social media activities, all the BYOD access while the wireless network and any sign that will potentially abuse company bandwidth for non productivity matter that will result in degradation of the mission critical application performance is also an areas widely engaged area came to us for the solutions. Company now days is keen and intent to know who consume how many bandwidth and intent to manage BYOD on their access activity, create threshold for the alerting for exceed allocate bandwidth and perform proactive management action.

For the coming, E-SPIN will arrangement series of article complement with informative and solution how to  seminar to educate the market on the management challenges and solutions related to BYOD.

Stay tune.

Read Full Post »