Which monitoring tool is the favorite of the operator?

Clearing the Certification isn’t considered to be that much easy, you have to go through rigorous training and lots of Cisco 300-835 Dumps would be needed to go through unless you have some expertise training courses like such offered at the EveDumps.

Which monitoring tool is the favorite of the operator?

Refer to monitoring tools, open source, commercial, more than humid, from quantity and species, no shortage of tools, understand the person who uses these tools reasonably, but Nothing, first of all, what indicators need to be monitored? What can I monitor? Can you monitor what extent? Perhaps these problems have even difficult to make it clear. Let’s take a look at the status quo of the lucky brothers.

1. Operation and Maintenance Status

Computer operation and maintenance of traditional enterprises After the user discovers the failure during the computer, the operator will notify the operator, and then take the corresponding remedies. The daily time and energy of the operation and maintenance personnel are spent on the problem of simple and repetitive problems, and because the failure warning mechanism is not perfect, it is often handled after the failure occurs. This situation makes the operator’s work often in passive “Fire” state, this passive operation and maintenance mode makes the IT department exhausted. Many companies have blind construction and repeat the construction of operation and maintenance systems. How to improve the quality of operation? Can the production department have a satisfactory evaluation of the operations department?

We are currently lacking clear role definitions and responsibility divisions during operation and maintenance management, as well as the automated integrated operation and maintenance management platform, so that it is difficult to quickly and accurately after the problem occurs, and in processing There is also a lack of necessary tracking and recording after the failure.

2. The secret

network interface behind the traffic is hidden in the traffic, the size of the traffic is not required, and the current operation and maintenance troubleshooting is not met. We need to deepen traffic analysis more detailed.

Many vulnerabilities use attacks, shellcode attacks are mixed with normal traffic into the enterprise network layer protection card. To know what content is carried in each packet, the ordinary camera has been invalid, requires more powerful X perspective camera – to analyze, only accurately understand the essence of things, in order to symptom, Shellcode attack (the picture is Shellcode and Botnet Example) and various worms are also true.

3. New challenges under the era of big data age No.

operation and maintenance engineers in the era of big data, The following is a large number of network security events. If there is no effective tool, it is often unable to complete the analysis, and they often face the following challenge:

1) There is a huge number of security alarms every day, the administrator is difficult Respond to these alarms.

2) Diagnosis is serious, and the administrator cannot accurately determine the fault.

3) A large number of repetitions, disappeared, no regular alarms, a hacker’s attack action will trigger a alarm of different safety equipment at different stages, which causes a lot of repetition between time and space between the alarm data. Data, if the association process of security events is not implemented, the alarm quality cannot be effectively improved.

When these problems, these issues are operation and maintenance tools such as event monitoring and diagnosis, because if there is no efficient management tool support, it is difficult to get the fault event active and quickly. There are many lucky monitoring tools on the market, such as commercial versions of Cisco Works 2000, Solarwinds, ManageEngine, and WHATIP, in the open source field, MRTG, Nagios, CACTI, ZABBIX, ZENOSS, OPENNMS, GANGLIA, etc. Since they have no contacts, even if you deploy these tools, many operators have not truly free from it. The reason is that although the current technologies can obtain a computer equipment, servers, network traffic, and even alert information of the database, but Thousands of warning information is stacked together, and people have no way to judge where the roots of the problem, lack the ability to filter information, data mining, in fact, we are not lacking tools, business, and open source. , A big hand, why is it still good? It is really lacking that analyzing the intelligence of data.

Differently, our viewing various monitoring systems require multiple logins, viewing a wide range of interfaces, and updating the majority of work is manual operation, even if a simple system change or update is often required. Log in one by one, when the number of equipment reaches hundreds, the workload is ideally known. Such changes and inspection operations are often done every day in IT operation and maintenance, which will undoubtedly occupy a lot of operation and maintenance resources. Therefore, the operation and maintenance staff needs a unified integrated security management platform that is imminent.

In the past, only a few “technology big” came to the world, and the company did not meet the requirements. Enterprises need a safe operation and maintenance platform to meet the needs of specialization, standardization, and process to achieve operation and maintenance. Automation management. Because the integrated monitoring system can detect the problem of fault hazards in time, take the initiative to tell the user needs attention to the resources that need attention, and to sense the network threat, eliminate the fault in the germination. This greatly reduces the work burden of the operation and maintenance personnel, minimizing repair time, and improves quality of service.

4. Artificial integration open source tool

Since we can’t find it, we will integrate commonly used open source tools into a Linux platform. Is this not realizing a unified management platform?

Difficulties in artificial integration of open source monitoring systems:

software and dependence dependencies are difficult to resolve. </ p>

Duplicate verification and interface style problems in each subsystem interface. </ p>

Each subsystem data cannot be shared. </ p>

Unable to achieve the correlation analysis between data. </ p>

Unable to generate a report of a unified format. </ p>

lacks a unified dashboard to demonstrate important monitoring information. </ p>

Unable to detect network risks. </ p>

Each subsystem maintains difficulty, increasing operation and maintenance costs. </ p> </ ul>

What are the advantages and disadvantages of those open source monitoring tools? Let us come together to understand.

discovered in practice, this solution first encountered performance issues, some scripts periodically consumed more CPU and I / O resources, so they could not achieve real-time data analysis. I don’t think of a lot of manpower, time to develop an unknown monitoring platform?

5. The choice of integrated safety operation and maintenance platform

A good security operation and weighing platform needs to associate events with the IT process. Once the monitoring system finds performance over the standard or downtime, it will trigger relevant Events and pre-defined processes, automatically start the fault response and recovery mechanism. It also needs to screen out the operation and maintenance personnel to complete our daily repetitive work and improve operation and maintenance efficiency. To implement these functions are routine monitoring software CACTI, Zabbix cannot be implemented.

At the same time, it is also required to predict the threat of network worms. It can be alarm before the fault occurs, allowing the operator to eliminate the fault in the germination state, minimize the resulting loss. In general, the operator needs to be able to achieve asset management, distributed deployment, vulnerability scan, risk assessment, policy management, real-time traffic monitoring, abnormal flow analysis, attack detection alarm, association analysis, risk calculation, security incidents in a platform. Alarm, event aggregation, log collection and analysis, knowledge base, timeline analysis, unified report output, multi-user rights management function, is this integrated open source tool? Where is it going?

There are two products on the market to meet such requirements. At present, SIEM products on the market mainly include HP ArcSight (background hanging Oracle), IBM Security QRADAR SIEM and Alienvault OsSim USM, now the problem It is not lacking business SIEM solutions, OSSIM is best choice in open source software.

Many people are just superficial think OsSim just integrate some open source tools into a platform, in subriding innovation in OsSim is mainly either ease of use (easy to install, deploy, easy to use, almost no use of scripts), Distributed Monitoring System, Response Threat (OTX), Relation Analysis Engine, Visual Attack Show, etc.

Alienvault is divided into two types of OSSIM and commercial version of USM. Through this integrated monitoring tool, the constraints of user operating specifications and regularly monitor computer resources, including servers, databases, middleware, storage Backup, network, security, computer room, business application, etc., to achieve fault or problem integrated processing and central management through automatic monitoring management platform.

If you don’t want to buy expensive commercial software, you don’t want to invest a lot of effort to develop, then achieve the integrated security management platform OsSim is the only choice. Today I am studying the OSSIM project, which is likely to be you Things to do tomorrow.

Acquiring the certification isn’t going to be an easy task, but if you have the expertise help of the Cisco 350-401 Dumps offered at the EveDumps, you would be able to achieve it in a single attempt.

Leave a Reply

Your email address will not be published.