If we have learned nothing else in the past few days of revelations of major data breaches around the world, it should be that the time between detection and mediation seems to be appalling long. 

Part of this is attributable to targeted companies and governments lack of protection. Part is due to the unfortunate ingenuity and sophistication of the bad guys as they take advantage of known vulnerabilities and exploit new ones as vector planes expand.  And, part is because targets do not have the visibility they need, specifically in their data centers which have become the hearts and souls of their organizations, to see in real-time everything that needs to be protected so that IT can quickly detect, protect and even proactively deter malicious activities ASAP. 

With the above as context, if you happen to be in London, England for the InfoSecurity Europe, Gartner Security Summit event, you might wish to have a chat and demo with AccelOps. The reason is the company has launched enhancements to its integrated IT security and operational intelligence platform.

For those not familiar with AccelOps, the company’s flagship product is its virtual appliance software, which monitors security, performance and compliance in cloud and virtualized infrastructures. The platform automatically discovers, analyzes and automates IT issues, and uses its patented analytics engine with cross-correlation and statistical anomaly detection to send real-time alerts when deviations occur that indicate a security or performance-impacting event.

In their AccelOps 4.4 enhancements, they have made visibility and information sharing the cornerstones for keeping watch on “E”verything in the data center and that is data center-centric. This encompasses data gathered from end points such as applications, servers, databases, mobile and IoT devices across cloud, virtual and physical environments. Indeed, as recent events have highlighted, you can’t protect and defend against something you don’t know and/or can’t see.

New platform AccelOps 4.4 features include:

• Threat Intelligence Center: Incorporates new Content-as-a-Service (CaaS) capability to aggregate, validate and share anonymous threat data gathered from the AccelOps customer base, providing benchmark and threat detection intelligence to customers in real time. Also included are additional device support, rules updates, analytics and other knowledge bases.
• External Threat Feed API: Contains an open API that allows users to integrate any public or private threat feed into the AccelOps database and cross-correlate it with their own network and security data.
• Workflow Integration API: Creates bi-directional workflow integration into leading IT service management and ticketing solutions. Users can now create alerts, tickets and incidents from platforms such as ServiceNow and Connectwise, or vice versa, as well as the ability to customize workflow integration and drill down to obtain deep-dive contextual diagnostics for faster problem analysis and resolution.
• Windows Agent: Combines its agentless technology with newly developed, high-performance agents to significantly bolster its system, application and security log collection at speeds of up to 1800 events per second per server.  Capabilities include critical features such as end-to-end compression, SSL encryption, installed software detection, file integrity monitoring and registry change monitoring all deployed via a one-touch deployment of agents via Windows Agent Manager.

Dan Maloney, vice president of marketing and business development, AccelOps, said: “As a leading provider of security and operational intelligence, our main objective is to deliver the tools our clients need to stay ahead of the persistent threats infiltrating today’s modern data center. These enhancements extend the capabilities of our threat intelligence, providing our customers with even greater insight into the health, security and management of their networks.”

In discussing the enhancements with TechZone360, Maloney was quick to point out something that really should be top of mind for all security professionals and that is the need to not just know what is going on in your data center and network but also to be mindful of what their peers are seeing in theirs.  It is why the new Content-as-a-Service (CaaS) Threat Intelligence Center, when combined with the ability to get other external threat feeds and leverage the workflow integration API represent a step forward in dealing with advanced persistent threats (APTs).  Sharing the best information possible is the fastest way to solve problems quickly, especially ones that previously have not been detectable. Plus, as any security professional we readily admit, we really all do need to be in this together.

While a bit of an eye chart, Maloney walked through the below graphic which is a sample of a Denied Traffic Map showing hotspots of activity. The circles on the right are drill downs by country, city & country and most importantly by destination application port. 

Where it really gets interesting and valuable for IT security professionals is that each one of the circles is dynamic enabling access to very detailed granularity about precisely what is going on.  

As Maloney explained: “Our goal was to give IT deep drill down capability in real-time all on a single screen… We have tried to carefully balance rules with machine learning to make sure we are presenting the best information possible. We know as users ourselves that we can’t do this alone, but we can be good stewards of enterprises’ core digital assets and be a central nervous system to allow them to look at the network and operations sides of things and be capable of rapid detection of anomalies so they can respond rapidly and be proactive about future threats.”    

Clearly when it comes to having tools for protecting data centers, seeing is not just believing. It is also a critical part of implementing protective measures and real-time is the only time in a world where seconds can cost millions.