Tag Archives: Management

Remote monitoring and management: Netgear Insight Pro debuts

Netgear has launched Insight Pro, a cloud-based remote monitoring and management platform that the company said will bring managed service providers more network management capabilities, as well as attractive revenue opportunities when they resell the service.

Netgear executives said Insight Pro is a multi-tenancy platform designed for MSPs that want to manage numerous customers remotely. This is a change from the previous version of the product, called Insight, which was designed to manage the network ecosystem of only one small or medium-sized business.

The networking company, based in San Jose, Calif., introduced Netgear Insight Pro in August in North America and Asia, and it featured the product earlier this month at the CEDIA Expo conference in San Diego.

John McHugh, general manager and senior vice president for Netgear’s commercial business unit, said Insight Pro can help MSPs and their customers build a better business relationship. The aim is to help those parties gain transparency, greater efficiency and control over network operations.

Remote monitoring and management reporting

Once an MSP buys a Netgear Insight Pro subscription at $15 per device, per year, and resells the subscription service, customers that sign on can see a read-only view of their network. The remote monitoring and management offering generates reports that give users details on power usage, data consumption and storage utilization, among other usage statistics that show the health and vulnerabilities that exist across the network. 

“Insight will detect a hardware failure, bandwidth or loading issues and configuration problems,” McHugh said. “It will also help the MSP determine what the ‘peak’ loading is, which is critical to provide customers with guidance on where they might need additional capacity either now or in the future.”

Customers don’t want to commit to a cloud model and then get stuck in an arrangement that’s unaffordable.
John McHughgeneral manager and senior vice president for Netgear’s commercial business unit

To guard against network slowdowns, mitigate the impact of outages and protect the network against security breaches, Netgear Insight Pro is supported by a suite of Netgear products that include apps, firmware, wireless LANs, storage devices, network security tools and switches that run on Amazon Web Services’ cloud computing platforms.

As the cloud subscription model continues to reduce the need for value-added resellers to install hardware at customer sites, the Insight Pro product will help VARs transition to a service provider business, according to McHugh. He said many VARs are intimidated by the idea of managing a customer’s network on a 24/7 basis under a subscription model.

“In the case of a VAR who is becoming an IT service provider, they don’t have to purchase any equipment, and they don’t have to stand up a 24-by-7 data center or call centers to manage their customer’s network. All the notifications and alerts go straight to their phone,” McHugh said.

Netgear Insight Pro: Toggling the cloud

Another feature of the remote monitoring and management product: MSPs using Insight Pro can switch access to the cloud on or off. Once an MSP has authenticated itself and started a subscription, McHugh said, the MSP will have the option to choose whether it wants to manage a customer’s network locally or manage it through the cloud.

“Customers don’t want to commit to a cloud model and then get stuck in an arrangement that’s unaffordable,” McHugh said. “Partners and their customers demand that they have this flexibility as they work through their concerns over user experience and the cost of operations. Customers of Insight Pro only pay for what they use.”

Panzura tackles multi-cloud data management

Panzura is expanding beyond cloud file services to multi-cloud data management with its new Vizion.ai option, which is designed to enable customers to search, analyze and control data on premises and off premises.

The Campbell, Calif., company’s CEO, Patrick Harr, said the vendor built its Vizion.ai software-as-a-service (SaaS) offering on a new hyperscale multi-cloud data engine orchestrated by Kubernetes. Vizion.ai embeds machine learning and policy functionality for data analytics and control. It features an open API for third-party developers to use the Panzura technology with their own applications, such as internet of things and security monitoring.

Panzura initially focused on helping enterprises shift from legacy file-based NAS systems to object storage in public and private clouds. The vendor sells Freedom NAS filer appliances that cache active data in flash drives for fast access, while shifting colder data to object storage. Users can also run the software in virtual machines (VMs) on their own hardware or on public cloud servers.

With the new Vizion.ai SaaS option, Panzura consolidates and centralizes metadata to facilitate fast indexing in its Freedom NAS products, third-party NAS filers, SaaS applications and public cloud storage. The company integrated open source Elasticsearch technology to enable the distributed search capability.

“We’ve had a lot of requests in the past for how to search data in a multi-cloud fashion. And when I say multi-cloud, I’m not only talking Amazon, Azure and Google. I’m also talking about private cloud,” Harr said.

Visibility into third-party storage

Harr said the Vizion.ai multi-cloud data management service gains visibility into third-party storage through connector technology the company is offering to the open source community. Users download a small VM and plug the software into their Dell EMC, NetApp or Windows filers. The software crawls the NAS systems, takes a snapshot of the metadata and uploads the indices into the Vizion.ai service, Harr said.

Panzura plans to support a private managed option for customers to use the Vizion.ai index, search and analytics capabilities on premises in secure environments, the CEO added. That support is expected by the end of 2018.

Panzura built algorithms for machine learning to examine data access patterns to let the software recommend the most cost-effective storage location, Harr said. Users can look at heat maps of hot, warm and cold data. And they can use the technology for audit purposes, because they can see who has accessed the data at specific times, he said.

The Vizion.ai capabilities extend to restoring data from snapshots and cloning data for test and development. A customer might want to move a select workload’s data to the optimal cloud, such as Google for machine learning, Harr said.

Panzura’s multi-cloud data management effort

Harr said Panzura started designing its new hyperscale multi-cloud data management platform two years ago to be able to service billions of files and objects across multiple clouds. So far, more than 100 customers tested a private beta version of the Vizion.ai service.

Panzura opened its Vizion.ai beta to the public this week. When the service goes live in October, Vizion.ai multi-cloud data management will be priced based on gigabytes of data indexed and managed, Harr said. The company will have a free version for customers to index and search 1 GB of metadata.

Beta tester Prosper Funding, a San Francisco-based peer-to-peer lending company, started using Panzura’s hybrid cloud technology in 2016. Fabian Duarte, a senior storage engineer working out of Prosper’s Phoenix office, said the company deploys Panzura to make content available for collaboration from any data center and for long-term archiving on AWS.

Prosper tested Vizion.ai by uploading streams of content from AWS tiers, where it stores 3 PB of data, Duarte said. Prosper asked Panzura for access to hotter data in the local cache through a URL-enabled link that a user could click to open the file. The system downloads and rehydrates the file into the Panzura platform’s retrieval folder, Duarte said.

The Vizion.ai service looks promising, Duarte said, and Prosper will likely purchase it. He said its index and search could benefit customer service representatives who need to access call logs for training, playback or other purposes. The Vizion.ai service could also assist departments that deal with access log and audit information for compliance and risk management. Duarte said Prosper has been testing the uploading and manipulation of content inside the file system to track usage patterns.

“We’ve already gone through the route of using tools like Active Directory for multifactor authentication,” he said. “But now, to have the visibility to see who’s working on files, moving files, trying to access files allows us a greater level of granularity to bring an additional level of security.”

The usage-tracking info collected by Vizion.ai could show the cost to rehydrate archived content and determine which content is a good candidate to move to cheaper cloud storage, Duarte said.

Panzura Vizion.ai architectural diagram
Where Panzura Vizion.ai fits in.

Hybrid cloud data management

“With Vizion.ai, Panzura has the potential to evolve from the traditional cloud storage gateway use case toward global hybrid cloud data management,” Gartner research director Julia Palmer wrote in an email.

Legacy gateways and other hybrid storage products, until recently, have focused on backup, archiving and tiering data to the cloud, Palmer said. They wrote data in a proprietary format that other vendors’ technology couldn’t use.

Steven Hill, a senior analyst at 451 Research, said Panzura’s traditional competitors include cloud NAS and gateway companies such as Actifio, Ctera Networks, Microsoft’s Avere Systems, Nasuni and SoftNAS, along with Dell EMC, Hewlett Packard Enterprise and IBM.

“Today, there are dozens of vendors in the secondary storage market that are merging file and object as part of a more advanced storage architecture that focuses on the problems of information management, security and protection, rather than providing traditional ‘dumb’ storage,” Hill wrote in an email.

Box Activity Stream embeds Salesforce, Slack in Box viewer

SAN FRANCISCO — With Box Activity Stream, the content management software vendor is bidding to make its cloud platform a collaboration hub for all Box users’ daily communications by integrating with popular third-party apps like Slack, Salesforce and DocuSign.

Unveiled at the BoxWorks 2018 conference here, Box Activity Stream enables users to use apps in the file preview pane of the Box user interface, where users tag each other about file sharing and exchange messages.

As well as giving users the ability to share and post links on non-Box apps, the new feature also recommends apps for people to use in conjunction with a file they are working on in Box. The app recommendations are customized according to how often a user chooses them, their popularity in the company, and the file type with which they are most frequently associated.

Announcement-beta cycle

Box Activity Stream is expected to see beta release next year, following a pattern of Box product releases being announced the year before they are available in beta.

Analysts familiar with Box Activity Stream said the technology is a useful addition to the Box platform, but that it also puts Box in the position of competing with a host of software platforms to be the go-to hub for enterprise users, and could also lead to notification overload.

“It helps Box go from cloud file storage to being an interactive user experience that involves content. It makes it a more collaborative workspace,” said Alan Lepofsky, an analyst at Constellation Research.

Vendors vying to be digital hub

“In theory, it’s a great concept,” Lepofsky added. “But everyone wants to be the digital hub. Everyone wants to fight for everybody’s attention and eyeballs and to do that they want to bring in all the other products.”

Everyone wants to be the digital hub.
Alan Lepofskyanalyst, Constellation Research

Meanwhile, the company views Box Activity Stream as a key part of its digital workplace strategy to redefine content management, workflow and services as digital first, said Faizan Buzdar, senior director of product management at Box.

While modern SaaS enterprise applications have accelerated time-to-market and time-to-adoption rates, they have also created a sort of scattering of content, Buzdar said.

“It’s an awesome trend, but at the same time it creates a challenge. How do I know what’s happening, how do I know where all that content lives?” he said.

Box Activity Stream enables users to, say, create a document in response to an email, send it to a collaborator for editing, send it to someone else over Slack and then attach it to an account in Salesforce or NetSuite.

With that process, Buzdar said, “our goal is to avoid content fragmentation and segmentation and let enterprises apply the same security and compliance layers across all their content from the perspective of the touch points that their end users have.”

Buzdar said Box has seen demand for this kind of capability among users in CRM, sales and ERP.

Screenshot of new Box Activity Stream feature
Box Activity Stream showing integrations with Slack, Salesforce and DocuSign

Google integrations

In addition to Box Activity Stream, Box on the first day of the conference said its previously announced Box for G Suite and Gmail integrations are now available for public beta use.

Box enterprise users have been calling for Google integrations more and more, Buzdar said.

“We love Google. We work closely with Google,” Buzdar said. “Customers are coming in who are basically deciding to standardize on Google. If you’re a big company, say with 100,000 employees, somewhere in the organization you have Google.”

The company also said Box Feed, which was announced at BoxWorks 2017, will also now go into public beta. The machine learning feature provides personalized updates, activities and recommended Box content.

A primitive precursor to Box Activity Stream was rolled out in 2011 when Box added a collaboration feature to its then mostly cloud document storage-focused platform, which it termed “activity streams.”

Mobile and desktop screenshots of Box Feed system
Box Feed displaying content trends, activity

Possible confusion, more engagement

As for Box Feed, Karen Hobert, a Gartner analyst, said with Box Activity Stream, Box runs the risk of confusion between the two.

“One would think a user might want them combined as long as they could control the experience. But maybe the different UI experiences — Activity Stream in viewers, Feed in Box UI — will mitigate any confusion,” Hobert said.

But Hobert said she sees value in Box Activity Stream in terms of smoothing what can be a sometimes disjointed experience toggling between apps and Box.

“Basically, I see it as a way to keep employees engaged in Box throughout the day. Certainly users will like not having to bounce around from app to app,” she said. “Activity Stream clearly makes a more seamless experience with Box and content in other apps. In the end, Box wants to — and needs to — be a destination that users won’t live without.”

Hobert also questioned Box’s record on delivering on new systems and features, noting that there were “significant delays” in two earlier products, Box Relay and Box Sync, and that Box Feed and Box Skills, the company’s high-profile AI play that was announced nearly a year ago, are still in beta.

Lepofsky said he expected significant news at the conference about the much-touted Box Skills system.

“Otherwise, they’re going to look bad,” he said.

Nice inContact adds analytics, omnichannel support to CXone

Nice inContact has expanded the analytics and quality management capabilities of its flagship cloud contact center, CXone, as businesses increasingly look to such tools to boost sales and customer satisfaction.

CXone Quality Management Analytics Pro uses speech and text analytics to monitor customer-agent interactions. It lets companies make sure agents are saying the right things — for promotional or regulatory purposes — and flags inappropriate behavior.

The system also identifies trends by tracking conversations based on keywords, categories and the sentiments being expressed by customers. The trend discovery should help managers coach agents and develop customer engagement plans.   

In addition to the analytics and quality management system, Nice inContact added to CXone omnichannel support for Instagram and the Japanese messaging app Viber, while also giving businesses the ability to schedule tweets and Facebook posts. 

The vendor announced the changes this week as part of its summer 2018 update to CXone, a contact-center-as-a-service platform the vendor launched one year ago. The vendor said 250,000 agents in more than 100 countries now use the platform, including some employed by Fortune 100 companies. 

The summer update also gave businesses more tools for complying with the General Data Protection Regulation, such as automated and manual controls over which customer interactions get recorded, retained and deleted. 

Contact center analytics gets results for businesses

In a recent survey, 700 IT and business leaders cited analytics as the top technology for transforming customer experiences, according to Robin Gareiss, president of Nemertes Research, based in Mokena, Ill.

Businesses that had already deployed agent performance analytics credited the tools with a 121% increase in customers won, a 68% increase in self-service use, a 45% improvement in customer ratings and a 41% increase in digital sales, Gareiss said.

“Nice inContact is focusing where our research says it should focus,” Gareiss said. “Specifically, Nice inContact is focusing on agent analytics, where our research showed significant success correlations.”

Nice inContact competitors, including Five9, 8×8, Cisco and Genesys, have also been investing heavily in AI-powered analytics and management for contact centers. Google also recently entered the fray, with the release of an AI platform designed to integrate with the products of any vendor.

Beyond analytics, this year, cloud contact center vendors have been focused on delivering intelligent call routing — a tool for finding optimal customer-agent pairings — and using AI to give agents better information faster during customer conversations.

M-Files cloud subscription turns hybrid with M-Files Online

To reflect the desire for flexibility, and regulatory shifts in the enterprise content management industry, software vendors are starting to offer users options for storing data on premises or in a cloud infrastructure.

The M-Files cloud strategy is a response to these industry changes. The information management software vendor has released M-Files Online, which enables users to manage content both in the cloud and behind a firewall on premises, under one subscription.

While not the first ECM vendor to offer hybrid infrastructure, the company claims that with the new M-Files cloud system, it is the first ECM software provider to provide both under one software subscription.

“What I’ve seen going on is users are trying to do two things at once,” said John Mancini, chief evangelist for the Association of Intelligent Information Management (AIIM). “On one hand, there are a lot of folks that have significant investment in legacy systems. On the other hand, they’re realizing quickly that the old approaches aren’t working anymore and are driving toward modernizing the infrastructure.”

Providing customer flexibility

It’s difficult, time-consuming and expensive to migrate an organization’s entire library of archives or content from on premises to the cloud, yet it’s also the way the industry is moving as emerging technologies like AI and machine learning have to be cloud-based to be able to function. That’s where a hybrid cloud approach can help organizations handle the migration process.

Organizations need to understand that cloud is coming, more data is coming and they need to be more agile.
John Mancinichief evangelist, Association of Intelligent Information Management

According to a survey by Mancini and AIIM, and sponsored by M-Files, 48% of the 366 professionals surveyed said they are moving toward a hybrid of cloud and on-premises delivery methods for information management over the next year, with 36% saying they are moving toward cloud and 12% staying on premises.

“We still see customers that are less comfortable to moving it all to the cloud and there are certain use cases where that makes sense,” said Mika Javanainen, vice president of product marketing at M-Files. “This is the best way to provide our customers flexibility and make sure they don’t lag behind. They may still run M-Files on premises, but be using the cloud services to add intelligence to your data.”

M-Files cloud system and its new online offering act as a hub for an organization’s storehouse of information.

“The content resides where it is, but we still provide a unified UI and access to that content and the different repositories,” Javanainen said.

M-Files Online screenshot
An M-Files Online screenshot shows how the information management company brings together an organization’s content from a variety of repositories.

Moving to the cloud to use AI

While the industry is moving more toward cloud-based ECM, there are still 60% of those in the AIIM survey that want some sort of on-premises storage, according to the survey.

“There are some parts of companies that are quite happy with how they are doing things now, or may understand the benefits of cloud but are resistant to change,” said Greg Milliken, senior vice president of marketing at M-Files. “[M-Files Online] creates an opportunity that allows users that may have an important process they can’t deviate from to access information in the traditional way while allowing other groups or departments to innovate.”

One of the largest cloud drivers is to realize the benefit of emerging business technologies, particularly AI. While AI can conceivably work on premises, that venue is inherently flawed due to the inability to store enough data on premises.

M-Files cloud computing can open up the capabilities of AI for the vendor’s customers. But for organizations to benefit from AI, they need to overcome fears of the cloud, Mancini said.

“Organizations need to understand that cloud is coming, more data is coming and they need to be more agile,” he said. “They have to understand the need to plug in to AI.”

Potential problems with hybrid clouds

Having part of your business that you want more secure to run on premises and part to run in the cloud sounds good, but it can be difficult to implement, according to Mancini.

“My experience talking to people is that it’s easier said than done,” Mancini said. “Taking something designed in a complicated world and making it work in a simple, iterative cloud world is not the easiest thing to do. Vendors may say we have a cloud offering and an on-premises offering, but the real thing customers want is something seamless between all permutations.”

Regardless whether an organization is managing through a cloud or behind a firewall, there are undoubtedly dozens of other software systems — file shares, ERP, CRM — which businesses are working with and hoping to integrate its information with. The real goal of ECM vendors and those in the information management space, according to Mancini, is to get all those repositories working together.

“What you’re trying to get to is a system that is like a set of interchangeable Lego blocks,” Mancini said. “And what we have now is a mishmash of Legos, Duplos, Tinker Toys and erector sets.”

M-Files claims its data hub approach — bringing all the disparate data under one UI via an intelligent metadata layer that plugs into the other systems — succeeds at this.

“We approach this problem by not having to migrate the data — it can reside where it is and we add value by adding insights to the data with AI,” Javanainen said.

M-Files Online, which was released Aug. 21, is generally available to customers. M-Files declined to provide detailed pricing information.

Arista CloudVision gets multi-cloud, NSX security features

Arista Networks has added to its CloudVision management console the ability to apply security policies across virtualized switching fabrics running on Amazon Web Services, Google Cloud and Microsoft Azure.

Arista also introduced this week an integration between Arista CloudVision and NSX, VMware’s software for provisioning virtualized networks. The combination lets engineers take security policies created in NSX and apply them to Arista switches running in the data center.

The latest features come about a year after Arista introduced a virtualized version of its network operating system, called vEOS, for AWS, Google and Azure. At the time, Arista added some vEOS controls to CloudVision, which competes with Cisco CloudCenter.

The new multi-cloud feature within Arista CloudVision lets engineers modify the access control lists (ACLs) in vEOS switches, said Jeff Raymond, vice president of EOS product management. The capability, which the vendor calls Zone Segmentation Security, eliminates having to worry about the unique security mechanisms in each of the three public clouds.

Companies often create virtual networks in the public clouds to deliver security, load balancing and other services to applications. Amazon and Google call the networks Virtual Private Clouds (VPCs) while Microsoft refers to them as virtual networks (VNet).

Arista has integrated its Zone Segmentation feature with Zscaler’s cloud-based web gateway. The integration lets companies use Zscaler to apply security policies for traffic heading from a campus network or remote office to the cloud provider. Arista CloudVision applies policies to traffic flowing between and within virtual networks.

Overall, Arista is using CloudVision to address a trend toward more collaboration between corporate networking and security teams, said Shamus McGillicuddy, an analyst at Enterprise Management Associates, based in Boulder, Colo. A recent EMA survey found that 91% of security and network infrastructure teams were working together using shared or integrated tools.

The latest Arista offerings also show the vendor recognizes its customers need security that stretches from the private data center to the public cloud, said Bob Laliberte, an analyst at Enterprise Strategy Group, based in Milford, Mass. “Building out a strong security ecosystem will be critical, and delivering a capable management platform for hybrid cloud environments will be important for its customers to effectively manage those hybrid environments.”

VMware NSX integration with Arista CloudVision

The NSX integration bridges the gap between VMware virtual networks and Arista physical switches in the data center. With CloudVision, engineers will be able to take security policies created for NSX environments and apply them to workloads running on the hardware.

NSX policies define the network resources accessible to groups of workloads and applications running on the virtual network. CloudVision applies those policies to an Arista fabric by converting them into a format that can become a part of the switch’s ACL.

As a result, engineers can save time by using just NSX for creating security policies, according to Raymond.

New hardware-based encryption in Arista routers

Finally, Arista plans to release four routers with built-in support for encryption standards. For the enterprise WAN, Arista embedded hardware-based IPSec in the 7020SRG for site-to-site virtual private networks. The router is a 10 GbE platform.

For the data center interconnect, Arista will provide MACsec encryption in the new 7280CR2M and the 7280SRAM. Both routers offer wire-speed encryption with 10 GbE and 100 GbE for up to 100 kilometers. For MACsec encryption up to 2,500 km, Arista introduced the 7280SRM, which has 200 GbE Coherent interfaces for metro and long-haul links.

Arista plans to release all the new technology by the end of September.

Arista sells its products primarily to tier-one and tier-two service providers, financial institutions and high-tech companies, including Microsoft, Amazon and Facebook.

Recently, however, the company has aimed some new hardware at enterprises with more mainstream data centers. In May, for example, the company introduced switches for the campus LAN.

SIEM evaluation criteria: Choosing the right SIEM products

Security information and event management products and services collect, analyze and report on security log data from a large number of enterprise security controls, host operating systems, enterprise applications and other software used by an organization. Some SIEMs also attempt to stop attacks in progress that they detect, potentially preventing compromises or limiting the damage that successful compromises could cause.

There are many SIEM systems available today, including light SIEM products designed for organizations that cannot afford or do not feel they need a fully featured SIEM added to their current security operations.

Because light SIEM products offer few capabilities and are much easier to evaluate, they are out of the scope of this article. Instead, this feature points out the capabilities of regular SIEMs and can serve as a guide for creating SIEM evaluation criteria, which merit particularly close attention compared to other security technologies.

It can be quite a challenge to figure out which products to evaluate, let alone to choose the one that’s best for a particular organization or team. Part of the evaluation process involves creating a list of SIEM evaluation criteria potential buyers can use to highlight important capabilities.

1. How much native support does the SIEM provide for relevant log sources?

A SIEM’s value is diminished if it cannot receive and understand log data from all of the log-generating sources in the organization. Most obvious is the organization’s enterprise security controls, such as firewalls, virtual private networks, intrusion prevention systems, email and web security gateways, and antimalware products.

It is reasonable to expect a SIEM to natively understand log files created by any major product or cloud-based service in these categories. If the tool does not, it should have no role in your security operations.

There are many SIEM systems available today, including light SIEM products designed for organizations that cannot afford or do not feel they need a fully featured SIEM added to their current security operations.

In addition, a SIEM should provide native support for log files from the organization’s operating systems. An exception is mobile device operating systems, which often do not provide any security logging capabilities.

SIEMs should also natively support the organization’s major database platforms, as well as any enterprise applications that enable users to interact with sensitive data. Native SIEM support for other software is generally nice to have, but it is not mandatory.

If a SIEM does not natively support a log source, then the organization can either develop customized code to provide the necessary support or use the SIEM without the log source’s data.

2. Can the SIEM supplement existing logging capabilities?

An organization’s particular applications and software may lack robust logging capabilities. Some SIEM systems and services can supplement these by performing their own monitoring in addition to their regular job of log management.

In essence, this extends the SIEM from being strictly a centralized log collection, analysis and reporting tool to also generating raw log data on behalf of other hosts.

3. How effectively can the SIEM make use of threat intelligence?

Most SIEMs are capable of ingesting threat intelligence feeds. These feeds, which are often acquired from separate subscriptions, contain up-to-date information on threat activity observed all over the world, including which hosts are being used to stage or launch attacks and what the characteristics of these attacks are. The greatest value in using these feeds is enabling the SIEM to identify attacks more accurately and to make more informed decisions, often automatically, about which attacks need to be stopped and what the best method is to stop them.

Of course, the quality of threat intelligence varies between vendors. Factors to consider when evaluating threat intelligence should include how often the threat intelligence updates and how the threat intelligence vendor indicates its confidence in the malicious nature of each threat.

4. What forensic capabilities can SIEM products provide?

Forensics capabilities are an evolving SIEM evaluation criteria. Traditionally, SIEMs have only collected data provided by other log sources.

However, recently some SIEM systems have added various forensic capabilities that can collect their own data regarding suspicious activity. A common example is the ability to do full packet captures for a network connection associated with malicious activity. Assuming that these packets are unencrypted, a SIEM analyst can then review their contents more closely to better understand the nature of the packets.

Another aspect of forensics is host activity logging; the SIEM product can perform such logging at all times, or the logging could be triggered when the SIEM tool suspects suspicious activity involving a particular host.

5. What features do SIEM products provide to assist with performing data analysis?

SIEM products that are used for incident detection and handling should provide features that help users to review and analyze the log data for themselves, as well as the SIEM’s own alerts and other findings. One reason for this is that even a highly accurate SIEM will occasionally misinterpret events and generate false positives, so people need to have a way to validate the SIEM’s results.

Another reason for this is that the users involved in security analytics need helpful interfaces to facilitate their investigations. Examples of such interfaces include sophisticated search capabilities and data visualization capabilities.

6. How timely, secure and effective are the SIEM’s automated response capabilities?

Another SIEM evaluation criteria is the product’s automated response capabilities. This is often an organization-specific endeavor because it is highly dependent on the organization’s network architecture, network security controls and other aspects of security management.

For example, a particular SIEM product may not have the ability to direct an organization’s firewall or other network security controls to terminate a malicious connection.

Besides ensuring the SIEM product can communicate its needs to the organization’s other major security controls, it is also important to consider the following characteristics:

  • How long does it take the SIEM to detect an attack and direct the appropriate security controls to stop it?
  • How are the communications between the SIEM and the other security controls protected so as to prevent eavesdropping and alteration?
  • How effective is the SIEM product at stopping attacks before damage occurs?

7. Which security compliance initiatives does the SIEM support with built-in reporting?

Most SIEMs offer highly customizable reporting capabilities. Many of these products also offer built-in support to generate reports that meet the requirements of various security compliance initiatives. Each organization should identify which initiatives are applicable and then ensure that the SIEM product supports as many of these initiatives as possible.

For any initiatives that the SIEM does not support, make sure that the SIEM product supports the proper customizable reporting options to meet your requirements.

Do your homework and evaluate

SIEMs are complex technologies that require extensive integration with enterprise security controls and numerous hosts throughout an organization. To evaluate which tool is best for your organization, it may be helpful to define basic SIEM evaluation criteria. There is not a single SIEM product that is the best system for all organizations; every environment has its own combination of IT characteristics and security needs.

Even the main reason for having a SIEM, such as meeting compliance reporting requirements or aiding in incident detection and handling, may vary widely between organizations. Therefore, each organization should do its own evaluation before acquiring a SIEM product or service. Examine the offerings from several SIEM vendors before even considering deployment.

This article presents several SIEM evaluation criteria that organizations should consider, but other criteria may also be necessary. Think of these as a starting point for the organization to customize and build upon to develop its own list of SIEM evaluation criteria. This will help ensure the organization chooses the best possible SIEM product.

Mavenlink M-Bridge tether professional services automation silos

Embedded API integration is a significant trend across the software management universe that’s used by marquee-brand independent software vendors, like Salesforce and Red Hat, to break through data access and delivery barriers. Now, API integration has arrived in professional services automation platforms.

Designed for service organizations, such as law firms and nonprofits, professional services automation (PSA) software provides resource management, project management and project billing capabilities for enterprise applications. Organizations typically implement PSA platforms in silos and invest in integration PaaS (iPaaS) or integration middleware to connect with enterprise applications via prebuilt integration APIs.

Mavenlink, a cloud PSA platform provider in Irvine, Calif., hopes to bridge this connectivity gap with M-Bridge, an OpenAPI integration platform to help businesses standardize the data flow between operational platforms. Partner or customer integrations built into Mavenlink using M-Bridge are approved and added to other packaged integrations for other customers to use.

Systems of record, such as sales and financial systems, are typical uses for M-Bridge prebuilt integrations. Examples include integration with an accounting system to help manage and monitor expenses, project billings and a project burn rate; or link with a customer relationship management system to provide alerts about critical needs, such as new staffing requirements for delivering a project.

Streamlining application integration should help companies include more integrations in the initial phase of the implementation.
John Ragsdalevice president of service technology research, TSIA

Most PSA vendors publish integration APIs and packaged integrations to enterprise applications, such as Salesforce and Microsoft Dynamics. M-Bridge fills PSA users’ need for standardized API-based integration, which can allow reuse of integration models from one project to another, said John Ragsdale, vice president of service technology research for TSIA, an IT research firm in San Diego.

Connecting API integration to software management tools hits business users’ sweet spot for functionality and pricing, which sits between a simple set of published integration APIs on the low end and enterprise-level iPaaS and integration middleware on the other. PSA is the latest sector of software management tools enhanced with enterprise-level API integration. Earlier this year, Salesforce added standardized API integration capabilities to its software line with its MuleSoft acquisition, and Red Hat fused integration capabilities into its 3Scale API management product.

M-Bridge is the first domain-specific integration platform in the PSA market, Ragsdale said. Other PSA vendors include FinancialForce, Kimble, Upland, Workday and others.

API integration increased reusability, speed

Ragsdale said he frequently hears PSA software adopters complain about unmet ROI expectations, the causes of which are blamed on siloed data, too many applications and lack of adoption by employees averse to navigate them.

“Streamlining application integration should help companies include more integrations in the initial phase of the implementation, boosting time to value for the project, as well as employee adoption,” he said.

M-Bridge’s prebuilt integrations will help reduce the time to link the Mavenlink platform with other software platforms, said Kim Bernall, product manager at Talisys, a financial sector independent software vendor in Golden, Colo., which uses Mavenlink for resource management during project delivery lifecycles. Each Talisys development project involves the same repetitive tasks; Mavenlink PSA already allows the company to standardize process across projects and monitor and track project activities.

“M-Bridge is going to help us organize the API calls that we’re using now in a more integrated fashion,” Bernall said. Talisys started using OpenAPI over a year ago and with Mavenlink’s support created documentation for use cases. “I am so much more self-sufficient in looking at the documentation and creating calls on my own,” she said.

LinkedIn Sales Navigator refresh adds deals pipeline

A LinkedIn Sales Navigator refresh adds a deals management feature, smoother search experience and mobile deal pages to the social media giant’s social sales platform.

The revamp injects an array of new ways to search, manipulate and process LinkedIn’s vast troves of personal and consumer data and data from CRM systems and puts LinkedIn in a better position to monetize the information — coming off a hot quarter for LinkedIn, which reported June quarter earnings of $1.46 billion, up 37% from Q2 2017.

These upgraded features represent the next step in AI-assisted sales and marketing campaigns in which B2B companies mash up their own customer data with information on LinkedIn.

Microsoft banking on LinkedIn revenue

Microsoft bought LinkedIn in June 2016 for $26.2 billion. While Microsoft doesn’t always announce how AI is assisting automation of sales-centric search tools in Sales Navigator, a premium LinkedIn feature that also integrates LinkedIn data to CRM platforms such as Salesforce and Dynamics CRM, some experts have noted how AI subtly manifests itself in the search. 

The LinkedIn Sales Navigator refresh was unveiled in a blog post by Doug Camplejohn, vice president of products for LinkedIn Sales Solutions.

The new “Deals” web interface extracts and imports sales pipeline data from the user’s CRM system and enables users to update pipelines considerably faster, Camplejohn said in the post about the LinkedIn Sales Navigator refresh.

“Reps can now update their entire pipeline in minutes, not hours,” he wrote.

Adobe Sign connector added

Meanwhile, a new feature in Deals, “Buyer’s Circle,” pulls in and displays opportunity role information to streamline the B2B buying process. Users can see if any “key players” such as decision-maker, influencer or evaluator, are missing from deals, according to LinkedIn.

We all live in email.
Doug Camplejohnvice president of products, LinkedIn

The vendor called another new function in the LinkedIn Sales Navigator refresh — Office 365 integration — “Sales Navigator in your inbox.”

“We all live in email,” the blog post said. “Now you can take Sales Navigator actions and see key insights without ever leaving your Outlook for Web Inbox. “

LinkedIn also touted what it called a “new search experience” in the Sales Navigator update, saying it redesigned the search function to surface search results pages faster and easier.

Also as part of the LinkedIn Sales Navigator refresh, LinkedIn added mobile-optimized lead pages for sales people working on mobile devices. LinkedIn also named Adobe Sign the fourth partner to its Sales Navigator Application Platform (SNAP). Other SNAP partners include Salesforce, Microsoft Dynamics and SalesLoft.

SIEM benefits include efficient incident response, compliance

Security information and event management systems collect security log events from numerous hosts within an enterprise and store their relevant data centrally. By bringing this log data together, these SIEM products enable centralized analysis and reporting on an organization’s security events.

SIEM benefits include detecting attacks that other systems missed. Some SIEM tools also attempt to stop attacks — assuming the attacks are still in progress.

SIEM products have been available for many years, but initial security information and event management (SIEM) tools were targeted at large organizations with sophisticated security capabilities and ample security analyst staffing. It is only relatively recently that SIEM systems have emerged that are well-suited to meet the needs of small and medium-sized organizations.

SIEM architectures available today include SIEM software installed on a local server, a local hardware or virtual appliance dedicated to SIEM, and a public cloud-based SIEM service.

Different organizations use SIEM systems for different purposes, so SIEM benefits vary across organizations. This article looks at the three top SIEM benefits, which are:

  • streamlining compliance reporting;
  • detecting incidents that would otherwise not be detected; and
  • improving the efficiency of incident handling

1. Streamline compliance reporting

Many organizations deploy the tools for these SIEM benefits alone, including streamlining enterprise compliance reporting efforts through a centralized logging solution. Each host that needs to have its logged security events included in reporting regularly transfers its log data to a SIEM server. A single SIEM server receives log data from many hosts and can generate one report that addresses all of the relevant logged security events among these hosts.

An organization without a SIEM system is unlikely to have robust centralized logging capabilities that can create rich customized reports, such as those necessary for most compliance reporting efforts. In such an environment, it may be necessary to generate individual reports for each host or to manually retrieve data from each host periodically and reassemble it at a centralized point to generate a single report.

Many organizations deploy the tools for these SIEM benefits alone, including streamlining enterprise compliance reporting efforts through a centralized logging solution.

The latter can be incredibly difficult, in no small part because different operating systems, applications and other pieces of software are likely to log their security events in various proprietary ways, making correlation a challenge. Converting all of this information into a single format may require extensive code development and customization.

Another reason why SIEM tools are so useful is that they often have built-in support for most common compliance efforts. Their reporting capabilities are compliant with the requirements mandated by standards such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS) and the Sarbanes-Oxley Act.

By using SIEM logs, an organization can save considerable time and resources when meeting its security compliance reporting requirements, especially if it is subject to more than one such compliance initiative.

2. Detect the undetected

SIEM systems are able to detect otherwise undetected incidents.

Many hosts that log security breaches do not have built-in incident detection capabilities. Although these hosts can observe events and generate audit log entries for them, they lack the ability to analyze the log entries to identify signs of malicious activity. At best, these hosts, such as end-user laptops and desktops, might be able to alert someone when a particular type of event occurs.

SIEM tools offer increased detection capabilities by correlating events across hosts. By gathering events from hosts across the enterprise, a SIEM system can see attacks that have different parts on different hosts and then reconstruct the series of events to determine what the nature of the attack was and whether or not it succeeded.

In other words, while a network intrusion prevention system might see part of an attack and a laptop’s operating system might see another part of the attack, a SIEM system can correlate the log data for all of these events. A SIEM tool can determine if, for example, a laptop was infected with malware which then caused it to join a botnet and start attacking other hosts.

It is important to understand that while SIEM tools have many benefits, they should not replace enterprise security controls for attack detection, such as intrusion prevention systems, firewalls and antivirus technologies. A SIEM tool on its own is useless because it has no ability to monitor raw security events as they happen throughout the enterprise in real time. SIEM systems use log data as recorded by other software.

Many SIEM products also have the ability to stop attacks while they are still in progress. The SIEM tool itself doesn’t directly stop an attack; rather, it communicates with other enterprise security controls, such as firewalls, and directs them to block the malicious activity. This incident response capability enables the SIEM system to prevent security breaches that other systems might not have noticed elsewhere in the enterprise.

To take this a step further, an organization can choose to have its SIEM tool ingest threat intelligence data from trusted external sources. If the SIEM tool detects any activity involving known malicious hosts, it can then terminate those connections or otherwise disrupt the malicious hosts’ interactions with the organization’s hosts. This surpasses detection and enters the realm of prevention.

3. Improve the efficiency of incident handling activities

Another of the many SIEM benefits is that SIEM tools significantly increase the efficiency of incident handling, which in turn saves time and resources for incident handlers. More efficient incident handling ultimately speeds incident containment, thus reducing the amount of damage that many security breaches and incidents cause.

A SIEM tool can improve efficiency primarily by providing a single interface to view all the security log data from many hosts. Examples of how this can expedite incident handling include:

  • it enables an incident handler to quickly identify an attack’s route through the enterprise;
  • it enables rapid identification of all the hosts that were affected by a particular attack; and
  • it provides automated mechanisms to stop attacks that are still in progress and to contain compromised hosts.

The benefits of SIEM products make them a necessity

The benefits of SIEM tools enable an organization to get a big-picture view of its security events throughout the enterprise. By bringing together security log data from enterprise security controls, host operating systems, applications and other software components, a SIEM tool can analyze large volumes of security log data to identify attacks, security threats and compromises. This correlation enables the SIEM tool to identify malicious activity that no other single host could because the SIEM tool is the only security control with true enterprise-wide visibility.      

Businesses turn to SIEM tools, meanwhile, for a few different purposes. One of the most common SIEM benefits is streamlined reporting for security compliance initiatives — such as HIPAA, PCI DSS and Sarbanes-Oxley — by centralizing the log data and providing built-in support to meet the reporting requirements of each initiative.

Another common use for SIEM tools is detecting incidents that would otherwise be missed and, when possible, automatically stopping attacks that are in progress to limit the damage.

Finally, SIEM products can also be invaluable to improve the efficiency of incident handling activities, both by reducing resource utilization and allowing real-time incident response, which also helps to limit the damage.

Today’s SIEM tools are available for a variety of architectures, including public cloud-based services, which makes them suitable for use in organizations of all sizes. Considering their support for automating compliance reporting, incident detection and incident handling activities, SIEM tools have become a necessity for virtually every organization.