Top 10 tools for continuous monitoring
When employee productivity is brought up in conversations, one usually doesn't bring up sleep. However, no single person can remain at peak awareness for very long, and despite claims to the contrary, no one can manually multitask well enough to keep track of thousands of points of data at once.
At least not without help.
Learn Network Security Fundamentals
In the case of a network, we need to know if things are working as intended all the time. Being able to be certain that servers are functioning properly, networks are operating as intended, services are accessible at all times and so on. In other words — we need to know the health of our environment, and we need the information we are working from to be regularly updated and reliable.
Continuous monitoring is an incredibly useful technique. Software vendors have been steadily improving their offerings in this field for a long time, and it truly does show in the value they bring to the table. Therefore, we present for your consideration: the Top 10 Tools for Continuous Monitoring.
The top 10 tools
1. Lansweeper
URL: https://www.lansweeper.com/
Primary Purpose: Asset management
Cost: Free up to 100 devices, price per node after that
Lansweeper is able to scan large sections of your network at a time and tell what hardware devices have, what software is running on them, licenses present on them and a whole lot more. Combine that with a centralized database for holding that information, custom reporting and near-limitless scalability, and you have yourself an amazing toolkit for keeping track of what’s on your network on a regular basis.
Weaknesses: Unfortunately, Lansweeper doesn't have automated alerting built in as of the time of writing. While it's currently on their to-do list, at the present time it can't be relied upon to give real-time alerting for changes in status.
2. Spiceworks
URL: https://www.spiceworks.com/
Primary Purpose: Asset management/device status monitoring
Cost: Free
Spiceworks Inventory originally started out as a utility very similar to Lansweeper — scanning devices on the network and reporting information on what was running on them. Since then, however, they have spun off a network monitor tool with a real-time alerting function. While Spiceworks Inventory itself is incredibly flexible, a large amount of utility comes from the community that has grown around it.
Spiceworks Network Monitor is what you would expect from a real-time Dashboard-based application — you are able to view the status of various devices and services and be alerted if particular values do not match pre-set criteria.
Weaknesses: Network Monitor is a very nice low-volume utility that is definitely worth looking into for anyone just starting out with alerting. You'll most likely find that the recommended maximum of 25 devices is a number to very easily hit without trying too hard. That being said, a low ceiling can also be a great tool to realize that you don't have to track every single thing — being able to optimize the noise/signal ratio just enough to tell when something breaks.
3. Snort
Primary Purpse: Network Intrusion Detection System
Cost: Software is free (open-source), Subscribers receive rulesets 30 days before free users. Subscriber rulesets are available annually for $29.99 (sensor for personal use) or $399 (sensor for business use).
NIDS systems are incredibly useful for finding out if your perimeter has been breached and then alerting you to this event. Snort's effectiveness and purpose varies greatly depending on where it is set up in your environment and how that environment is configured. For example: If you place it outside of your firewall, you're going to get a lot more noise than if it is set up behind it. Alternatively, you could assign it a mirror port on a switch to be able to copy all data going across it without actively interfering in the traffic.
Weaknesses: It may take a great deal of work to properly prepare your environment to support Snort and then set it up properly. Once you have done so it is a tremendously useful tool but doing it right can be quite tricky.
4. Solarwinds
URL: https://www.solarwinds.com/
Primary Purpose: Network management/systems management/ IT security/etcetera
Cost: Free 30-day trial, price per module after that
More than any other item on this list, Solarwinds can be considered a suite of applications. Each module allows for functionality completely unique from the other areas. For example: If you want to manage switches and devices attached to them, there is a module for that. If you want to analyze and aggregate logs, there is a module for that. If you want to monitor the status of devices in real time and receive alerts, there is a module for that.
Weaknesses: While Solarwinds is incredibly good at what they do, they do have a barrier to entry where every utility has a price associated with it. For small environments, it may be prohibitively expensive while in large ones, it may just be the cost of a department lunch. The trials definitely will help in this regard to help see if this tool is right for you.
5. Nagios
Primary Purpose: Network and System Monitoring
Cost: Nagios Core is free (open-source); additional utilities have 60-day trials. RFQ after that
Nagios Core is extremely useful for monitoring networks, devices and servers. The fact that it allows for real-time alerting on network hardware such as switches as well makes it extremely useful for querying the health status of your environment. For Enterprise users, Nagios XI takes the basic engine and adds additional UI options, automatic reporting, support and other features.
Weaknesses: Nagios Core was designed to be as streamlined as possible, which can create problems if you are looking for an all-in-one tool. Additional features can be brought in via add-ons from the community, but some items are still difficult for them to bring in.
6. Tenable
Primary Purpose: Vulnerability scanning
Cost: Free trial, RFQ after that
Tenable is another umbrella-type application, but unlike Solarwinds, each of their flavors all have the same objective — find vulnerabilities. Certain tools such as Nessus have been around for quite some time; being able to target and test against new in-the-wild exploits usually on a daily basis. Others, such as Tenable.sc, provide network-level scanning and reporting for compliance and update status, along with real-time alerts.
Weaknesses: Tenable's lack of a completely free version can be a barrier to entry, but the trials and demos do allow for a good review of the software to see if it meets or exceeds your needs at the present time.
7. Ipswitch WhatsUp Gold
URL: https://www.ipswitch.com/network-monitoring
Primary Purpose: Network and system monitoring
Cost: Free trial, RFQ after that
WhatsUp is an extremely versatile platform which allows for active monitoring and alerting of almost any WMI-presentable value, along a considerable number of other polling options. This allows for the creation of standard values, and whenever a system falls out of these criteria an alert will be generated when it fails, along with when it returns to normal.
Weaknesses: Building your monitors can be a challenge and configuring every node for remote monitoring can take a considerable amount of time.
8. Paessler PRTG
URL: https://www.paessler.com/prtg
Primary Purpose: Network and system monitoring
Cost: Free version up to 100 items tracked. Price per item tracked per device after that
PRTG is one of the few vendors that has mobile apps for monitoring and has built-in push notifications instead of relying on emails or text messaging. This can be of tremendous use if your company is heavily mobile, or if you want another level of safety in case your email environment completely goes down. It also allows for clustered servers, again in case of failure.
Weaknesses: Similar to Whatsup, it can take a significant amount of time to configure your monitors correctly — and since their pricing structure is per item tracked per device, costs can ramp up very quickly.
9. Rapid7 Insight
Primary Purpose: Vulnerability scanning/log analysis/etcetera
Cost: Free trials, RFQ after that
Insight has several different versions, each optimized for various tasks. All of them benefit from real-time monitoring and enterprise-level dashboards. In InsightVM, you are shown potential threats and which systems in your environment may be vulnerable to them in a single pane. InsightIDR, on the other hand, compiles event logs from across your network and reduces them down to potential issues to better manage the mountain of information coming in to the software.
Weaknesses: These products are designed with large-scale enterprises in mind and are priced as such. They also require daily attention in order to be effective, which can cause problems for shops with smaller teams.
10. Cisco Identity Services Engine
URL: https://www.cisco.com/go/ISE
Primary Purpose: Network gatekeeping/user and device profiling
Cost: Free 100 Device Trial, RFQ after that
Cisco ISE relies on being able to classify devices before they are allowed to join the network. If a device isn't considered a company-owned device or is a potential threat, it may not be allowed access at all or may be allowed restricted access. It also can handle BYOD and Guest Access without a tremendous amount of additional software or services.
Weaknesses: For best results, Cisco ISE requires Active Directory and a CA server; this isn’t a big problem for Windows shops, but for others can be a problem.
Learn Network Security Fundamentals
Conclusion
It may seem like a paradox that being able to be contacted automatically about issues can help you sleep easier, but it does. This allows for less guesswork, less worry and more effective use of resources than randomly logging in to servers once a month to see if there are strange things afoot. Choosing your solution or solutions can be challenging, but with the right tools and taking the time to configure your environment to support it properly, it can completely change how you manage your infrastructure.