animind - Fotolia
System management vendors target full-stack oversight
This week, bloggers explore a new breed of system management vendors, networking takeaways from the VTech breach, and endpoint detection and response.
In a recent post, Stephen Hendrick, an analyst with Enterprise Strategy Group Inc., in Milford, Mass., explored a few of the trends in present-day application development and deployment, including the rise of system management vendors. Today, scalability, virtualization, agility and manageability are key factors. The last of these -- manageability -- is among the hardest to achieve. Challenges arise with the arrival of hyper-convergence, software-defined storage and software-defined networking, and these necessitate a full-stack management approach -- complete with real-time data collection.
To that end, Hendrick highlighted "a new breed" of system management vendors, including Sumo Logic. Along with other system management vendors, Sumo Logic focuses on real-time, continuous data collection, and draws on log data from a wide range of applications, as well as the network, servers and storage. According to Hendrick, Sumo Logic follows a software as a service approach to take advantage of scalable infrastructure. When it comes to manageability, large-scale monitoring and data collection are essential, Hendrick wrote.
Read more of Hendrick's thoughts on manageability.
Network monitoring to detect breaches
Many realize the importance of network security when networks operated by big retailers and big banks are successfully attacked. But this week, Tim O'Neill, a blogger with LoveMyTool, reminded us that breaches can affect small companies as well. This was demonstrated dramatically by a breach at VTech Holdings Ltd., which suffered a SQL injection attack that netted names, home addresses, pictures and email addresses of 5 million parents and their children. More than 200,000 children's names, gender and chat data were also leaked. VTech failed to notice the attack, in spite of large outflows of data, until Motherboard broke the news.
According to O'Neill, even though VTech is a $2 billion company and had the resources to fortify its network, it had failed to encrypt its mail system and had used weak MD5 encryption for its stored data. He reminded all companies to begin with the belief that they have been hacked, and work from there to address leaks. O'Neill added that network security teams must consider maximum network oversight and setting up a visibility plane, without relying too heavily on switched port analyzers. He added that many companies still don't recognize breaches in time, with more than 200 days typically passing by before a breach is noticed.
Explore more of O'Neill's thoughts on VTech's breach.
When does endpoint detection and response end?
Anton Chuvakin, an analyst at Gartner Inc., in Stamford, Conn., posed a few thoughts on endpoint detection and response (EDR), and what he calls "NG antivirus," or NG AV. According to Chuvakin, EDR was originally conceived as a visibility tool for incident response. By contrast, a new generation of endpoint security companies, referred to by Chuvakin's NG AV moniker, focus on prevention.
Increasingly, companies are claiming to offer both visibility and prevention. Chuvakin insisted that few tools truly offer both, and pointed out several endpoint security capabilities that may help. Among them are endpoint monitoring for anomalies, blocking malware, collecting data after an incident, as well as matching endpoint objects to threat intelligence data.
See Chuvakin's discussions about EDR and NG AV.