By Carol Swink, Senior Solution Architect
Learn about what you don’t know…
A starting point for managing a secure IT environment (whether in the cloud or on-premise) is to know what devices and applications are in your network. This blog is going to dive into the class of applications that are used for discovery, monitoring and managing your IT environment. Like an Olympic bobsledder, jump in, hold on and let’s learn a few things as we navigate our way through the twists and turns of IT environment management.
At some point, our clients recognize the need for additional visibility and security in their IT environments. Dasher regularly receives requests from clients to recommend applications for different purposes. In the security area, a changing threat landscape means our clients need to routinely reassess their company’s readiness to prevent, detect, and respond to threats. The burden on IT to manage and track IT assets has grown in the network management area due to an increasing diversity in devices and an ever increasing array of manufacturers. Performance monitoring and management of devices is necessary no matter if the devices are located in the cloud or in an on-premise environment because mountains of data are collected from these myriad of devices.
Application Requirements & Comparison Criteria
There is an old adage: “if you don’t know what you want, you won’t know when you get it.” In the same way, when evaluating the myriad of different network discovery, monitoring and management tools, if you are not clear about the requirements for your specific business need, you will end up with a product that doesn’t provide all the functionality you expect. The solutions I discuss in this blog have overlapping features and benefits, and many applications provide some basic functionality, but perhaps not the depth required to meet your specific business needs. Starting with a clear set of requirements is a must.
It can be difficult to start with a blank MS word document when determining your company’s requirements that will meet your business goals. In an example below, I discuss some of the steps that might help you during a requirements gathering/brainstorming session. I have personally installed many of these solutions in our demo lab and therefore Dasher has real world experience that we can apply to helping you refine your requirements.
As I investigated and evaluated the different categories and niche players producing applications and services, I strove to understand how the different tools and services fit together. Some services are wrappers around existing products, while other applications are niche tools that solve a specific problem. I created the following graphic to help me visualize how the large number of applications available in the various categories of IT discovery, monitoring and management fit together. The applications and services shown in the graphic below are examples of what is available, not a comprehensive list.
The base of the pyramid is the vendor-specific applications that are available with pretty much every network or security appliance you put into your network. These tools are effective for managing the specific devices, but don’t provide a wider view of what is happening in your environment. An organization with any number of network and security devices soon finds the discrete view and separate management plane the vendor-specific tools provide is too fragmented to be effective.
A number of vendors stepped in to provide a more consolidated view of the networking and security environment. The lure of these tools is to achieve “single pane of glass” management which eliminates the need for a disparate set of tools because all your devices can be managed from just one tool. To me, this is the category of applications that IT managers and engineers love to hate. These applications provide rich functionality and vendor-neutral monitoring and management, but can be complex to manage and require ongoing effort of tweaking parameters to be truly effective. Many companies do not have the expertise or staff to make full use of these tools. So while it is better to have one application than many, for many organizations this is still not an effective solution.
Network management platforms have also historically not provided adequate correlation of events when something happens and multiple devices raise an alert. SIEMs came into being to gather log files either from the network management platforms or directly from devices. The SIEMs perform correlation on the logs to provide a consolidated picture of what is happening in the network. These tools still require significant effort from your security and network staff to manage, and in fact, require you to maintain security and network engineers on staff.
Wrapped around the vendor-specific applications, management platforms, and log aggregators, are managed services. Rather than maintaining staff, managed network and security service providers augment or replace your security and network staff. The managed service providers perform all the same functions your own staff would perform: monitor the log files, investigate and respond to alerts, and maintain the network, but the services are performed remotely.
Off to the sides, there are niche applications and services, such as endpoint management and scanning IT asset management applications that are adjunct to applications and services that you may already have in your environment.
Finally, there are new categories of service providers such as managed detection and response providers (MDR) that provide a concierge-like, all-encompassing security service. In 2016, Gartner recognized managed detection and response service providers as a new category of service provider. These providers deliver a high-touch level of service including correlation of security events, directed remediation for security incidents, and advanced threat detection and prevention.
The landscape continues to evolve because the more traditional managed security services providers are expanding their scope to include managed detection and response; and the MDR providers are expanding their services to include the more traditional managed network services.
With so many options available, a clear picture of your requirements is critical.
Here are some of the fundamental requirements and decision points that guide the search for a network discovery, monitoring and/or management application.
- Should I purchase an application and an annual support agreement or subscribe to a subscription service?
- Should I have my IT team manage the solution or should I outsource this task to a managed service provider?
- Are most of my devices and applications in the cloud or on-premise?
- Do I want this discovery, monitoring and management solution to run in the cloud, on-premise, or should it have the ability to run in a hybrid deployment so I have a future proof solution?
- How many devices and applications do I want to discover, monitor and manage?
- Do I want the management to go down to the operating system level or stop at devices and applications?
Purchase or Subscription?
Do you want to purchase a product or use a subscription model? The buy/install approach is the more traditional approach, requiring you to purchase, install, and pay annual support charges in order to receive software updates and technical support for the product. The newer approach many of our clients have embraced is the subscription model where you still install the software, but by paying the monthly or annual subscription, you receive updates, technical support, and financial benefits of not overpaying for licenses you may not use when originally scoping your environment.
Self managed with my IT team or use a managed service provider?
Some companies have focused on security and network management staff. More often, there are one or two individuals performing implementation and support for the network and security infrastructure. In the former situation, the preference may be to purchase, install, and manage the tool within the security or network team. If the latter, there may be an interest to outsource the function to a service provider. The managed services industry is growing with new players and existing companies continuing to expand their offerings. Managed service providers typically provide notification of incidents as well as guidance on remediation, or may perform remediation themselves if authorized by the client. The key issue here is do you have the IT staff and expertise to bring this process in-house or do you want an expert to do it for you and provide reports and actionable information to your organization. The business models are interesting and both have pros and cons we can discuss in more detail if you would like.
On-premise, in the cloud, or hybrid cloud?
Ask yourself where your devices and applications reside and where you currently host your management applications. If your devices and applications are predominantly in the cloud, then it might make sense to look at a cloud based IT management solution, but don’t forget that to get to “the cloud” your company probably has campus network devices, wireless devices, internet routers, firewalls, maybe even SDN solutions or load balancers. You might be surprised that many of our clients that are “born in the cloud” actually have quite a few devices to keep an eye on. This also does not even take into account all of the laptops and mobile devices that are physically or wirelessly connected to your network – even down to printers! For example, Dasher uses Envoy for our lobby sign-in system, which talks to our Aruba ClearPass environment to give wireless access to our guests during their stay. We text and email each guest a unique set of credentials that grant them limited use of and time on our network. This allows Dasher to know who is on our network, what types of applications they are running and allows us to present our guests with our acceptable use policy.
If you are predominantly on-premise, it still may make sense to use a cloud service if you do not have the IT staff required to manage the management application. Or conversely, it may be a corporate security policy that no information about your IT environment leaves your company, so an on-premise solution is the right solution for you. Thankfully there are many options!
Dasher can help you qualify vendors & applications.
With a clear set of requirements, the next step is to identify and qualify potential vendors and applications. Dasher has researched and developed a number of very detailed comparison matrices for all of the applications that we have vetted. For applications we have not researched or installed already, we perform internet research and vendor interviews on your behalf. We have compiled our data, just as you would, by reviewing “top 10” lists, Gartner reports, previous engineering experience, and other client experiences.
We review our short-list of potential applications with the client and either in tandem or on the client’s behalf we meet with the software vendor to review the requirements and determine their fit. We recommend the client choose no more than three (preferably two) of the applications that seem to be the best fit and proceed with those applications to the next stage.
Kicking the Tires
With your candidate applications determined, the next step is to perform a proof-of-concept on one of the applications, or even more fun (if you have the time and staff), a vendor bake-off on two applications. Using evaluation copies of vendor applications, Dasher can either set up an environment in our lab or assist you to set up the applications in the your environment. Using a test plan that exercises or validates the requirements list, the applications are run through the paces you define. Dasher and vendor technical resources are involved to ensure the demo environment is representative of a production implementation. These resources assist with troubleshooting and verification of functions and feature use within the applications.
At the end of this phase, you should know which application best meets your company’s requirements, and can proceed with a greater degree of confidence that the application they choose will, in fact, meet their business requirements.
A Recent Example
Recently a client asked Dasher to help vet out an inventory management tool. The client had a detailed list of requirements.:
- Able to scan a QR code
- Ability to upload an existing excel file to the application database
- Ability to customize fields (Computer Name / Location / Application Installed)
- Deploy this solution to over 800 computers globally
- If a computer is moved from a location or has a field change that is different from the QR code, we would like the ability for the scanner to indicate this change. For example, highlight the information that has changed in red.
- Email alerts when inventory status changes for key assets
- Ability to export an inventory report
- Ability to filter fields in the inventory report export
- Report functions: Ability to show graphs/pie charts in regards to different fields. For example, identify how many computers are in a certain location, how many computers are of a specific model, etc.
- Web Based (Chrome / IE)
- Ability to have different levels of user accounts for the application general users (view only), power users (ability to modify some of the data), admins (all features)
- Audit Trail: Ability to audit what changes and who made changes to the database
With this list of requirements, we quickly determined the client was looking for an asset tracking tool. Using the client’s requirements, we were able to recommend several tools for further investigation, including tools from Samanage, Redbeam, and Agiloft. Dasher helped narrow down the tool to one, the client performed a proof of concept with that tool and ultimately invested in that tool.
Our goal is for our clients to be confident when making a choice that a software application contains the features and functionality they require or that they receive the right network management or security tool for a specific business purpose. For our clients, we refine requirements, perform research to produce a short-list of potential products, qualify potential products and assist as you kick the tires.