Anyone who has ever spent time on a network team knows the ability to detect, troubleshoot, and respond to seemingly random and irksome slowdowns and availability issues is a freaking superpower. It’s no stretch to imagine network gremlins hellbent on wreaking havoc on your sanity and ability to get work done.
Once upon a time, I worked on a network plagued with those types of gremlins. At noon-ish on what seemed like random days, high-priority application servers slowed to a crawl, and the phone rang from user complaints. It wasn’t unusual for the issue to only affect some of the users. Chances were that we couldn’t replicate the extra latency. And, after spending 20+ minutes troubleshooting the slowdowns, the problem would magically disappear. As one would expect, the users became more frustrated with each appearance of those network slowdown gremlins. The heat on solving the 12pm slowdown problem
If only we had the right tool for solving this problem. Actually, we had two sseparate enterprise-grade tools for SIEM that should have been able to offer insights. One tool correlated events and managed logs. Another handled monitoring and configuration. Both of these tools, though, offered no leads.
For what felt like months, we wasted time chasing leads and hunches that went nowhere. Eventually, I was able to find the culprit by running some PowerShell script across multiple servers and correlate events to identify the slowdown invoking process. Case solved.
In an ideal world, our existing tools would have helped correlate events across multiple resources to find aberrant happenings. Real-world IT is never ideal, and many of those SIEM tools come bundled with features that end up creating complexity that leads to implementation and execution challenges.
Often, small teams scapegoat the tool based on technical debt from the implementation. Our super-expensive logging tool became not much more than a security checkbox that consumed terabytes of storage space.
And, this is where a Security Field Day #3 demo from PathSolutions’ piqued my interest. Who wouldn’t want the ability to identify “Gremlins?”
PathSolutions’ TotalView Security Operations Manager, though, does more than just help find “Gremlins.” Designed for the security profession, this solution can help identify possible security gaps like:
- unsecured protocols like telnet
- unknown IOT devices
- critical security vulnerabilities
- unauthorized configuration changes
- and more.
One of my favorite things about this demo is the clean and simple user interface. This isn’t the only place that PathSolutions embraced simplicity. The application installs via a simple install of an executable on a Windows computer or server. In their words, installation shouldn’t take longer than an hour.
If you are interested in learning more about this Security Orchestration, Automation, and Response (SOAR) solution, here are some additional resources.
- [VIDEO] PathSolutions @ Security Field Day #3
- [BLOG] Other Delegate’s Posts
But, even the best resources can’t usurp the magic of a demo. For that PathSolutions has got you covered with their Online Demo Sandbox. Be sure to check it out!