cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

How Continuous Performance Monitoring Helps Secure Your IT Environment

Level 12

Last week, Omri posted a blog titled, What Does APM Mean to You? Personally, I think it means several things, but it really got me thinking about security issues related to APMhow they are of high concern in today’s IT world. Systems and application environments are specifically prone to denial of service attacks, malware, and resource contention issuescaused by remote attacks or other miscellaneous security issues.

     

I've always looked at continuous application or systems monitoring as something that goes hand-in-hand with security monitoring. If SysAdmins are able to provide security insights, along with systems and application performance, it will only benefit the security and operations team.  After all, IT as a whole works best when teams interface and collaborate with each other.

     

It’s not ideal to rely on an application performance monitoring software for IT security, but such tools are certainly designed with some basic features that deliver capabilities that are related to security use casesto complement your existing IT security software.

     

Here are some key security related use cases you get visibility into using an application and systems monitoring software.

    

Check for important updates that should be applied

Forgetting to install an OS or hardware update may put your servers and apps at risk. Your apps may be prone to attacks from malicious software and other vulnerabilities. OS updates will ensure such vulnerabilities are corrected immediately when they are discovered. In addition, you should report on the number of critical, important, and optional updates that are not yet applied to the server.  Remember, you can also view when updates were last installed and correlate that time period to performance issues.  Sometimes these updates cause unexpected performance impacts.

Windows Server.png

         

Keep an eye on your antivirus program

Monitor the status of your antiviruswhether it is installed or not, make sure to check if key files are out of date. When you fail to scan your antivirus software or monitor whether it’s up and running, then you increase your chances of security issues.

              

Ensure your patch updates are installed

Collects information related to patch updates, and answers questions like: are they installed, what’s their severity, by whom and when were they installed? You install patches so that security issues, programs, and system functionalities can be fixed and improved. If you fail to apply patchesonce an issue has been detected and fixed, hackers can then leverage this publically available information and create malware for an attack.

OS Updates.png

          

View event logs for unusual changes

Monitor event logs and look for and alert on potential security events of interest. For example, you can look for account lockouts, logon failures, or other unusual changes. If you don’t have other mechanisms for collecting log data, you can simply leverage some basic log collection, such as event logs, syslog, and SNMP traps. You can use these for also troubleshooting.

Logs.png

           

Diagnose security issues across your IT infrastructure

Troubleshoot security issues by identifying other systems that may have common applications, services, or operating systems installed. Say a security issue with an application or website occurs, you can quickly identify what systems were in fact affected, by quickly searching for all servers that are related to the website or application. 

Appstack.png

           

While these are just a few use cases, tell us how you use your APM softwaredo you use it to monitor key system and app logs, do you signal your IT security teams when you see something abnormal, or do you rely on an APM tool for basic security monitoring? Whatever the case is, we’re curious to learn from you.

9 Comments
Level 13

Very nice. I have to admit I've never really thought about fully leveraging SAM as a security tool. I'll have to put some thought into this.

Level 17

Lovin' it! Everything is a security mechanism if you leverage it properly. I am looking forward to doing this more in coming months.

Level 15

That is an interesting concept to utilize the "View" from SAM as part of the security model.  I was thinking about each step in the article and comparing the various applications that one must go into to get the information.  Look at WSUS for patches, The Anti-Virus web console, etc.  Having a uniform dashboard would be beneficial.

MVP
MVP

"After all, IT as a whole works best when teams interface and collaborate with each other."

This is a very true statement.

Not quite in topic, regarding anti-virus, make sure that your deployment server does not automatically deploy new pattern files...they have to be tested before release to the enterprise.  I hate it when McAfee marks svchost.exe as a virus...

Level 13

I was just reading this morning about some issues a while back with Avast detecting TrustedInstaller.exe as a trojan.

That said, in all but the largest environments, it's definitely a challenge to test pattern files as quickly as they get released.

Level 15

I find that a test VM with all software the organization uses to be a nice trial for the Anti-virus updates.  I deploy updates from the server to this test machine, perform a full scan, analyze, and then typically deploy to the rest of the enterprize.  Takes about 3 hours to perform but keeps my sanity in not getting false positives. 

Level 14

Very good summary.  Unfortunately, in my current environment, we have not been able to implement SAM in our production environment.  It sure isn't because we don't want to.  I have used it in the past and also when it was known as APM.  I still use it elsewhere on a smaller scale.  APM is very important and useful for many things.  Everything is application driven.  You must also know about the security of those applications.  Why not leverage everything that your APM software can do?

Level 9

Thank you karthik for this very wonderful post. It has so much information. I only wish some techies would consider monitoring as one of keys to securing the network. Better to be Proactive than Reactive.

Level 14

Yes, thank you karthik indeed.  Great food for thought.