Despite there being hundreds of software solutions focused on monitoring, today’s operations professionals lack the assessment and detection coverage they need in their CI/CD infrastructure. Software applications have reached an inflection point in the pace at which businesses are evolving their operations, and so a new approach is needed for continuous monitoring.
Modern infrastructure is evolving and legacy monitoring tools won’t work
Companies won’t change overnight, but the infrastructure management evolution has begun and innovative organizations aren’t waiting for legacy monitoring tools to adapt. Even at the most classic technology companies, developers are using Macbooks and running their business applications on ephemeral Linux systems.
When the virtual machines or containers in your cloud infrastructure have the life expectancy of a mayfly, the entire way your monitoring tools recognize an asset needs to change.
If, like me, you get phone calls from family members asking what to do about the message on their computer screen, you’ve known the pain of trying to fix what you cannot see. Now, consider hundreds more systems without even a non-technical user telling you what’s happening there. This is what it’s like when someone in operations is asked to determine what’s wrong with systems which aren’t effectively monitored. Knowing which systems you have, what is running on them, and how they are configured is equally fundamental to security, product operations, and IT operations.
It starts with gaining enough visibility to enable analysis
That’s the problem osquery was created to address: visibility into the unsupported systems. The Facebook team started the open source community and hundreds of others feeling the same pain have dramatically expanded the list of platforms it supports; you can now have the same visibility for Mac OS X, uncommon Linux flavors, and end-of-support Windows platforms as you do for Ubuntu and Windows Server 2016. But the osquery agent is just an enabler. It is the powerful tool which turns every endpoint into a virtual database, but it requires you to know exactly which system to look at and what to look for at the exact right moment.
Operations teams need easy remote access to the valuable information osquery collects, but they also need more. If you want to step back through the series of events which caused the current issue, logs and osquery results can be correlated in a SIEM, but they lack a great deal of valuable context about the endpoint. What else was running? What process opened the suspicious connection? Is this asset configured the same as its peers in the cloud? These questions cannot be answered in a SIEM nor via ad hoc query once suspicions arise. Finding how an asset was compromised or why it was modified in violation of policy requires a historical record and the analytics to tease them out.
“Continuous Monitoring” in this ecosystem requires new approaches
Windows domains, Windows endpoints, and physical data centers aren’t likely to lose their majority share for another decade, so there remains a great need for the monitoring and analytics solutions which address them. But scanning your systems periodically and tapping a SPAN port won’t work for organizations with Zero Trust Networks and multi-cloud service delivery strategies. You can’t determine what ran on a Macbook last Friday when it was in a Brooklyn coffee shop. You can’t use Sunday night scans to identify which virtual machines had a vulnerable image in production early Tuesday morning if they were wholly replaced the next day and never seen again. Determining what happened can feel like investigating a pickpocket in Grand Central Station a day later.
Can you spot yesterday’s pickpocket? Me either…
These challenges of monitoring modern infrastructure are where Uptycs is focused. We aim to make it easier for these companies to know how everything is configured, what’s happening, and what was the root cause on their remote and transient endpoints that give their business a competitive advantage. If you’re dealing with any of these challenges, leave a comment below or sign up for a free trial.
*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Matt Hathaway. Read the original post at: https://www.uptycs.com/blog/infrastructure-management-evolution-and-continuous-monitoring