>Systems Monitoring and Enterprise Architecture

>

When we log on at work, most if not of us get some sort of message that logging on connotes acknowledgment to monitoring and that there is no implied privacy to what you’re doing when logged onto corporate IT assets.

Monitoring is a way of life at work. It is part of information security, management oversight, and ensuring systems are running effectively (and preventing a severe network outage).

Kenneth Klapproth in DM Review, 22 February 2008 reports that network management tools are able to collect date “across the shared network to present real-time and historical availability, performance, and configuration statistics on individual services and applications.”

Cross platform monitoring and event management and resolution are important to maintaining the availability of today’s complex networks that are vital for corporate communications (voice, data, and video).

  • ALERTS: Monitoring not only alerts IT personnel to when networks falter, but can also be set to provide alerts when certain fault tolerances are reached, so that IT personnel can take action before the network is brought down.
  • CAPACITY: Network monitoring identifies not only when the network becomes overloaded, but also when there is excess capability that can be more optimally used.
  • TRENDING: Performance is not monitored as snapshots in time, but also can provide historical trending that can provide valuable information based on usage patterns.
  • VISUAL REPORTING: “Dashboard and web displays deliver visually compelling and graphically concise reports [of key network and capacity utilization trends] that enable organizations to make the right decisions faster and with more confidence.”
  • QUALITY OF SERVICE: QoS is improved with monitoring. “Managers can see the current and historical use and performance of network resources, monitor and report on congestion, correlate QoS configuration with network performance, and use the information to improve traffic and service delivery.”

Additionally, many network monitoring tools have the ability for other key management features including self-discovery and healing. These features include: IT asset management, remote control, problem resolution, operating system set-up and configuration, software distribution, license monitoring, back-up and recovery, security, and lights-out management.

While network monitoring and management are more operationally focused, they are critical from an enterprise architecture perspective to ensure the delivery of core IT functionality for the enterprise: namely, a robust, sound, secure, cost-effective, state-of-the-art IT infrastructure upon which information can be delivered to the right people, anytime, anywhere.

Network management tools can also be helpful in building the enterprise architecture because of their asset discovery feature. With the ability to spider out over the network and touch anything with an IP address, these tools can help identify key enterprise architecture assets in order to establish the baseline and plan for future targets.

>Activity Monitoring and Enterprise Architecture

>

When you log on at work, many of you probably—know it or not–click on an acknowledgement that you consent to monitoring of your activities.

When you are working, your time and your “privacy” are not really your own!

Organizations routinely conduct various sorts of monitoring include network monitoring, intrusion detection monitoring, and now more and more, monitoring of employee activities online. This is an important part of the organization’s technical and security architecture.

  • Network focusedNetwork monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. It is a subset of the functions involved in network management.”
  • External focused–“An intrusion detection system (IDS) is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).” (Wikipedia)
  • Internal-focused–An activity monitoring tool, according to ComputerWorld Magazine, 7 April 2007, “monitors all activities on an end-user’s system to make sure that no data or computer usage policies are violated. If a violation does occur, the agent issues an alert to the company’s security team and begins collecting data for further review.”

While we all can understand the need for network monitoring and intrusion detection systems, many find internally-focused activity monitoring, a put-off, a display of lack of trust in the employees, or a violation of our privacy.

However, companies do actually have much to fear from their employees—especially the disgruntled or corrupt ones:

CyberDefense Magazine, August 2004, reports in “Beware of Insider Threats to Your Security” as follows: “Gartner estimates that 70% of security incidents that cause monetary loss to enterprises involve insiders…[that] recent FBI statistics show that 59% of computer hackings are done internally…[and that] a source inside the United states intelligence community stated that more than 85% of all incidents involving the attempted theft or corruption of classified data involved an individual who had already been thoroughly vetted and been given legal access to the data.

According to ComputerWorld, activity monitoring tools “features a video-like playback feature that lets security administrators view precisely what a user was doing before, during and after a policy violation was flagged. That can help the admins determine almost instantly whether the violation was an accident or the result of deliberate action…[Additionally, other tools] keeps an eye on all internal network traffic for sensitive or inappropriate material…[or] monitor database activity and check for improper access and other abuses.”

“Because the software [tools] can quickly correlate log even from practically every IT system, it also serve as both a “real-time alerting system and an after-the-fact forensic tool.”

Related products can actually be set up to quarantine a computer, when a policy violation is detected.

The architecture for monitoring the network and internal and external threats is becoming ever more sophisticated. While according to ComputerWorld, Gartner estimates that “less than 30% of Fortune 5,000 companies have installed such [activity monitoring] tools,” we can expect many more to adopt these in the near future.

These tools are vital in today’s information-rich environment where confidentiality, availability, and integrity are the backbone for our enterprise decision-making.