None of us are really normal. But when our tools make the things in our professional lives "normal," they make things a whole lot easier. What I'm talking about is a process commonly know as normalization. Normalization is the way in which a software program takes information from a variety of sources and translates it into a format that's much more reader-friendly. For example, a log management program consumes logs from all of your devices, even across vendors, and parses the data into a common set of columns and fields. That way, when you're looking at the logs from your Cisco and Check Point firewalls side-by-side, you'll actually be comparing apples to apples instead of apples to kumquats.

 

Another example is how SolarWinds Firewall Security Manager normalizes firewall and network configuration files so you can compare them in a meaningful way, even when your devices span several vendors.

 

But normalization doesn't just make things look pretty. Normalization can also facilitate things like event correlation and cross-vendor migrations. For example, with Log & Event Manager, you can create countless rules and filters to alert you immediately when specific conditions are met, even if those conditions are reported by more than one device. One way LEM uses this is in its port scan rule: It looks for a specific number of TCPTrafficAudit alerts, which can come to LEM from a variety of devices in a variety of formats. As long as the alerts come from the same source and are hitting distinct ports, LEM can escalate them to let you know you could be getting scanned.

 

To learn more about how SolarWinds uses normalization, check out these products: