Are you evaluating and looking for SevOne Competitors? The process of uncovering compatible solutions, installing them, setting them up and flushing out the features that are important to your IT organization can be a considerable process.
List of Questions
Understanding what your team needs to monitor and react to during the normal course of doing business is the paramount concern. Bringing in a vendor prior to knowing what you need to be armed with is an easy way to let a vendor convince you that their features are important. Here is a list of questions you should ask yourself before engaging a vendor:
- What business applications are critical to your organizations ability to carry on?
- What about those applications could be monitored to ensure they are operating at peak efficiency?
- Vitals signs (e.g. CPU, memory)?
- Traffic Patterns (e.g. flow volume, number of users, ports, etc.)
- How could a vendor baseline that application to determine optimal performance and then trigger for abnormal behavior?
- How would your IT team like to be notified should an event get triggered?
- Can the system be leveraged in the event of a security breach? For example, what if the server the application runs on was compromised? How would you determine:
- How long ago the threat first appeared?
- The IP addresses of all the hosts potentially involved?
- Whether or not any of the other servers on the network were also compromised?
- The traffic pattern of the threat and how much data was transferred.
- How well does the collection system scale? Does the solution support environments where the collection needs to be distributed? How many millions of flows per second can the system support?
- Is there a dependency on inefficient technologies that you may want to avoid, like SNMP?
- Does the solution provide the ability to jump from flows to the packets involved in a few clicks?
- Can the system provide contextual details related to the IP or MAC address in question (e.g. operating system, hardware vendor, building location, etc.)? Often times these details are gained via integration with 3rd party systems (e.g. ForeScout CounterACT or Cisco ISE).
Gartner stated last year that flow analysis should be done 80% of the time and that packet capture with probes should be done 20% of the time. Source.
Security and application management are two areas that seem to be merging a bit in the IT space. Firewall administrators are often faced with tough decisions when ACLs need to be modified to grant access to some new cloud service.
When comparing the different SevOne Competitors, we recommend to companies calling us to take a look at our comparison worksheet. The last 3-4 pages of this document provide a checklist of features that we have compiled over the years. Decide which functions are important to your team and then give us a call.