At Sightline we’ve specialized in performance data management. We realize, though, that with performance data you can do so much more than just monitor the performance of your infrastructure. With that in mind, we’ve developed the Sightline Knowledge Quadrant.
There are four main areas in the Knowledge Quadrant:
You can then monitor and set alerts, so if an event occurs you can be aware of it very quickly. You have the data and tools for automated Root Cause Analysis. You can diagnose and alert the proper group, to stop the activity and return to the established baseline.
By integrating traditional security practices with real-time performance monitoring, you can establish a baseline for normal utilization, and therefore unlock the potential to be aware of all threats known and most importantly unknown. Being able to receive data quickly on potential threats from irregular activity throughout your infrastructure adds an extra layer of protection that was previously unavailable.
There are several categories of key security metrics that you might deal with on a day to day basis. Sightline can provide real-time insight into unknown vulnerabilities. Using Sightline, you can identify unusual behavior by establishing the baseline of activity on your system and by providing a list of active processes on the system. Incident management becomes easier using alerts, where information is provided about processes that are using more system resources than expected. Sightline alerts are tracked and reported, and provide an entry point to deeper analysis.
Sightline provides vulnerability management by showing the percent of systems without known severe vulnerabilities, as well as the number of known vulnerability instances that you’ve seen in the environment.
Sightline ACE provides configuration management through continuous scans for configuration changes, and offers real-time insight into the effects of configuration change. By integrating ACE with Clairvor, Sightline provides real-time drill down into incident occurrences.
From the Clairvor report of an alert, you can see the dashboard of not only the event data on the alerting system (process level information), but correlation results from other systems in the environment and the top five configuration changes that the issue might be related to.
In a nutshell, the Sightline solution for continuous monitoring tells you both what you know and what you don’t know. To wrap up, we can help with the things you know are going to happen, and help you guard against the things that you don’t know that you don’t know.
Questions? Comments? Suggestions? Ask John! If we use your input in a future newsletter, we’ll send you a $10 Amazon gift card!