Security is about time. The time between the beginning of an attack and the beginning of containment is the most important. You need to realize that you’re being exploited or attacked. You need to decide on appropriate countermeasures as soon as you can to contain the damage. The more informed you are about the situation as soon as humanly possible, the more likely you are to avoid complications and severe damage in your system.
You need to have a way to get the information you need soon. You have to be able to filter out the noise quickly and get the basics so you can start the remediation and containment process. What you really need is Security Information and Event Management (SIEM) software. These tools are the gold standard for collecting all kinds of information and filtering through it to provide you the kind of reports you need to uncover problems and start your response. However, if there’s one thing that SIEMs are notorious for, it’s being “reassuringly expensive” as my friend Greg Ferro has said in the past. SIEMs can give you lots of information when you need it, but they are complicated to deploy and expensive to license. If you’re in a role in an SMB, how can you afford something as critical as a SIEM?
Path to Greatness
Thankfully, the answer has come. Back at RSA 2020, PathSolutions released their TotalView Security Operations Manager. PathSolutions has always had a great dashboard dedicated to giving network operations teams the information they need to get their network back on track. But network errors and problems aren’t security issues. Finding a problem with OSPF is important but not critical. Finding out you have incoming VPN connections from a hostile organization is one of those things you want to know about RIGHT NOW.
PathSolutions recognized that security operations folks need information more rapidly than typical ops teams. SecOps teams don’t need all the information about a problem right now. What they need is a condensed version of what’s going on with enough detail to get them going on their course of action. Diving into the details can wait until the threat is dealt with or at least contained to the point where lateral movement is not going to be an issue.
Instead, TotalView Security Operations Manager gets you what you need as soon as possible. How quickly? How about a minute? Like a literal sixty seconds. As soon as something pops up on the dashboard, PathSolutions can tell you where it is, who is running it, and if it’s talking to something else outside your network. That’s the kind of information that can help you make instant decisions. Delivered to your console in a minute. If you’ve ever had to deal with alert fatigue or being overwhelmed by a wall of text in an email that came in way too late, you know how important timely information can be, but also how important timely, concise information can be in making decisions right away.
As you can see in the above overview, TotalView Security Operations Manager is not designed to boil the ocean. You’re not going to be able to feed it all of the different applications and telemetry programs in your thousand-node enterprise. Nor would you want that. Because one of the things that drives the price up for those massive SIEM deployments is their ability to connect to every piece of software under the sun. And those connectors require development time. And that development time costs money that has to be recovered somehow. Guess where that usually comes from? Yep, licensing costs!
Bringing It All Together
TotalView Security Operations Manager is the perfect solution for a small or medium enterprise that needs to provide security for users or applications. You need rapid reaction without rapidly draining your bank account. You can get this solution in quickly and make it work for your needs without a massive undertaking. You can be up and running with it right away and get the benefits of having quick responses to potential security problems. And you’ll be able to use it for a long while before you ever outgrow it. Honestly, I don’t think you ever would get too big for a tool like this. Because your big bad SIEM can provide you the depth to your queries, but a tool like TotalView Security Operations Manager can give you the rapid answers you need.
For more information about PathSolutions and their TotalView Security Operations Manager, make sure you check out http://PathSolutions.com