Security

LogicMonitor: SaaS network monitoring

Steven Trippe provides a detailed overview of the cloud-based LogicMonitor for network monitoring.

Overburdened, under manned, and sinking in the pile of helpdesk calls, management projects, backups, or any of the other twenty jobs you may have can leave no time for other important tasks. If this sounds like you, you're not the only one. Many people in the technology sector are overtasked with a plate full of responsibilities.

One important task that often gets overlooked is monitoring the health of the enterprise. It is way too time consuming to look through logs for anomalies, failed processes, and relevant security threats. Fixing the Financial Officer's screen resolution certainly takes precedence over looking for failed server logins, right? Well, there is no argument that fixing performance issues is important, but it's also critical to the health of the enterprise that you know exactly what's going on at all times. Traditional tasks of auditing individual system logs, watching performance monitors, and finding threats manually are long gone.

In today's highly automated and dispersed enterprise, active monitoring is where it's at. Using a log management tool, or a more robust security information and event management (SIEM) product, can consolidate all this information into a manageable system. They allow for specific information to be extracted and reported. The quicker logs can be analyzed and situations reported, the better the possibility of detecting an event in time for mitigation. Speed kills, and in this case, the speed of attacks may inhibit you from protecting the enterprise unless you take immediate action. Knowing is half the battle.

What if you're chatting at the water cooler while an attack is in progress, or if you run out to grab lunch? Taking the power of enterprise monitoring and alerts with you can be the difference between securing your enterprise and giving it away.

One product that allows you to keep a watchful eye on your entire enterprise, have a social life, and allows you to eat, is the cloud based LogicMonitor. This SaaS cloud product lets you monitor complex networks and systems remotely with little overhead.

Mixed enterprise systems and services

LogicMonitor has the ability to gather information from a variety of enterprise systems as well as specific services on them. It provides aggregated event data from separate network and security devices, as well as application servers into comprehensive and usable information.

It has the capability to analyze and correlate information from multiple sources including firewalls, vulnerability scanners, intrusion devices, servers, and others, to help identify attack patterns and provide immediate alerts.

Active Discovery

Setting up the monitoring on all of your devices may seem daunting, but auto-discovery makes it simple. There is no need to know what objects on a device to monitor, or even how to configure them. All you need to know is the hostname or IP address, and Active Discovery does the identification and configuration. Some of the items that it looks for on each device include:

  • Interfaces
  • Volumes
  • Physical disks
  • Temperature sensors
  • Virtual IPs
  • VPN links
  • DSU/CSUs
  • Applications

Active Discovery has a dynamic scanning capability that works with SNMP, JMX for native Java applications, JDBC for databases, WMI and PerfMon for Windows, and a few others, to gather as many processes to monitor as possible.

Active Discovery also has built-in flexibility and allows for dynamic changes in the enterprise. If you add more servers, databases, or security devices they will be automatically configured for monitoring. You will even be notified of the change, which adds some security against rogue devices being added to the enterprise.

How does it work?

There are no required firewall changes needed, and according to LogicMonitor, it can be up and working within 15 minutes. The key component is a lightweight Java agent that must be installed on a Windows or Linux machine inside the firewall. This one agent does all the work from the inside of the network. Even though it is a SaaS product, there is no need for outside access through your firewalls. The agent that is hosted inside your network creates an encrypted one way connection to LogicMonitor servers. This outgoing only connection is used to determine what to monitor and provides this information back to the LogicMonitor servers.

Monitor the enterprise anywhere

Freedom, freedom! Through any web browser on a computer, smart phone, or tablet you can monitor customizable Dashboards, performance graphs, and alerts.

Dashboards

The Dashboards can display a wide range of objects including:

  • Individual performance graphs
  • Custom graphs that aggregate data from multiple hosts
  • Alerts that are filtered to your specifications
  • A NOC widget where colored indicator lights display at-a-glance health status of all your host groups
  • Business metrics

Email and SMS alerts

A great strength of LogicMonitor is the ability to be notified of threats in real-time anywhere you have access to email or text messages. When customizable thresholds are exceeded, alerts can be sent to your email or cell phone. The alerts are originated from LogicMonitor servers at their data centers. This ensures that even if your network becomes inaccessible, you'll still be notified of issues. Of course you have the ability to be alerted 24×7. LogicMonitor provides different alert severity levels to ensure you're appropriately notified. Getting urgent text messages at 2 in the morning isn't necessary for every event; however, a breach in security should warrant one.

Alerts

Scheduled reports

Monitoring the enterprise is simplified with reports that can be customized and scheduled to automatically generate. Some of the pre-defined reports include:

  • Alerts
  • Alert Trends
  • Host Inventory
  • Host Metric Trends
  • SLA Statistics

Some LogicMonitor SaaS benefits

  • Reduced management required
  • Pay only for what's required
  • No scalability or performance concerns
  • Monitor from anywhere
  • Absolutely no upfront costs of any kind
  • No upgrade fees
  • No long-term contracts or commitments

Always a consideration: Security and reliability

LogicMonitor's data center features:

  • They are SAS 70 type II audited
  • They're manned 24x7x365
  • All servers locked in cabinets
  • Entry/exits are secured via electronic keycards and biometric hand scans
  • Motion-sensitive video surveillance
  • Power and HVAC are fully redundant
  • Sophisticated fire detection and suppression systems

Internet security features include:

  • Data is stored in encrypted format
  • Account passwords are stored only as one-way hash
  • Network connections are protected via SSL
  • Multi-layer firewall security
  • Audit logs of accounts accessed
  • External vulnerability scans
  • All servers OS are hardened and have the most current security patches applied

Redundancy features

  • Redundant routers, switches, server clusters and backups are employed
  • Data is replicated at the local site and a distant site

About

Steven has 20 years experience in information and network security, network engineering, operating systems, technical writing, facilitating, and project management. He holds Cisco, CompTIA and other industry certifications and studied Information Sys...

4 comments
vcarpent
vcarpent

I have been using logic mon for a year and i would say its a good tool.. But the customer service if you have any issues is exctremely bad. Also its extremely difficult to integrate alerts from logic monitor into paging solutions like BMC Alarmpoint (Alert management platform)

Michael Kassner
Michael Kassner

This is an interesting product. But, you give the "keys to the kingdom" to a TPV. So, information on EULAs, privacy, and security is pretty important. I went to their website and could not find any.

sfrancis
sfrancis

I agree, they are very important. There is security information at http://www.logicmonitor.com/quick-tour/security-reliability/ and at http://www.logicmonitor.com/downloads/SecurityWhitepaper.pdf LogicMonitor does not want the keys to the kingdom. The documentation specifies (and strongly recommends) how to set up the least privilege user rights needed (read only) for each class of device, whether monitored via the NetApp API, or VMWare, etc. All collected information is treated as confidential under the LogicMonitor terms and conditions. http://www.logicmonitor.com/LogicMonitorTerms.pdf

Michael Kassner
Michael Kassner

The first two links are more or less advertising. The third is not what I would consider a EULA. I also would question what is excluded from being confidential information.

Editor's Picks