The Importance of Monitoring Your IT Ecosystem
“If you can’t measure it, you can’t improve it.”
- Lord Kelvin (1824-1907), British physicist and engineer.
Lord Kelvin, father of the absolute temperature scale now named after him, got it right more than a hundred years ago. Measurement is critical to improvement, whether it be a product or process. Even the management doctrine of “What cannot be measured cannot be managed” has its origins in Kelvin’s pronouncement.
Monitoring is a step up from mere measurement. In simple words, monitoring may be described as measurement of parameters and then comparing them against pre-established standards to determine variances, and whether those variances fall within or outside acceptable thresholds.
Today’s information-driven organizations face the fundamental challenge of balancing high availability of business-critical information with maintaining its integrity and security. They must do this in spite of an increasingly complex IT environment that often includes traditional physical infrastructure, virtualized infrastructure and cloud computing.
To put things into perspective, Gartner predicts information storage to grow from 40% to 60% annually, while new variants of malware, such as polymorphic attacks that evade anti-virus software and intrusion vectors like web attack toolkits, grow exponentially. However, older standards fall short of recognizing such threats.
This is where the SANS 20 Critical Security Controls (20CSC) come in. As this paper clearly demonstrates, the 20CSC represent “a prioritized baseline of information security and measures and controls.” This white paper has impeccable origins. John Gilligan, former CIO of the U.S. Air Force and the US Department of Energy, led the development of this document; it represents a consensus of government and nongovernment experts.
This paper is not merely a recitation of standards; it presents a comprehensive comparison of 20CSC with the ten-year-old Federal Information Security Management Act (FISMA) that has been the gold standard till now. Moreover, it also lays down guidelines for implementation at minimal cost. Download to get free access to this authoritative document.
It’s not enough to know what to compare yourself to; you must have the right monitoring tool in hand. That being said, I’m happy to offer you free and exclusive access to Netwrix Auditor. This tool monitors your IT infrastructure in its entirety, because even the smallest IT modifications can have serious repercussions. That’s why the product actively assesses your most critical systems 24×7, detecting, capturing and consolidating must-have IT infrastructure audit data to support configuration auditing and answer important questions like:
Who changed what, when and where?
What are current and past configurations?
By Sourya Biswas