Frequently Asked Questions
Frequently asked questions (FAQs) related to DataFocus NetZoom Managed IT Services and their answers.
- What Does DataFocus Do?
- How do you define 'business availability' monitoring?
- What kind of devices does DataFocus manage?
- What is Patch Management?
- What is the value of patch management?
- What is the difference between assessment and remediation?
- What is the difference between Vulnerability Scanning, Patch Assessment, and Service Pack updates?
- How do you define a 'device'?
- So, is a switch port or WAN link counted as a device?
- How do you treat virtual IPs and server clusters from a device pricing perspective?
- What kind of security capabilities do you offer?
- How does DataFocus monitor firewalls?
"What does DataFocus do?"
DataFocus delivers IT monitoring and management designed specifically for the needs of small and medium sized businesses. We've integrated enterprise-class network, systems, application and security capabilities into one package that is affordable, deploys in hours, and is easy to maintain and use.
"How do you define 'business availability' monitoring?"
Business availability monitoring comprises several key components: Fault monitoring, Performance/trend monitoring, and Security intrusion monitoring. DataFocus combines all the core elements in its IT and security monitoring service, enabling us to more easily isolate the root cause of a problem before service degradation occurs.
Fault typically refers to real-time issues while performance covers issues that could become problems over time. Security "intrusion monitoring" refers to the ability to see "who is doing what to whom" within the firewall. In particular, fault must also encompass the ability identify errors that application trending will not. "Deep fault monitoring" relies on tools like event logs to isolate precisely which process, service, database or other component is experiencing a problem.
"What kind of devices does DataFocus manage?"
Anything with an IP address - this extends beyond network infrastructure devices to include bank ATM machines, medical equipment, such as X-ray and MRI machines, environmental components, and other "smart" devices.
"What is Patch Management?"
Patch Management (also known as "Update Management") refers to the automated process of proactively identifying which Windows servers in your network can be exploited or threatened because of the absence of critical Microsoft security service packs. Typical deliverables include a series of reports that enable you to assess your patch vulnerabilities from several angles - severity, count, by device, by software type, and by the latest Microsoft Bulletin.
"What is the value of patch management?"
One of the biggest challenges facing security administrators today is the ability to determine which security concerns are the most pressing, and then to address them quickly and effectively to minimize risks. CERT estimates that almost 100% of vulnerabilities could have been avoided with proper and timely patching. With Microsoft releasing upwards of 100 patches a year, security administrators see Patch Management as an increasingly time-consuming job that is almost impossible to track manually. DataFocus' Patch Management reduces the costs of keeping your infrastructure current with Microsoft security patches by automating the identification, prioritization, and mitigation of Windows security patch vulnerabilities.
"What is the difference between assessment and remediation?"
Assessment refers to the data collection, analysis, and presentation of a report prioritizing patch vulnerabilities. Remediation refers to the actual "mitigation" or distribution and application of patches to a targeted list of servers.
"What is the difference between Vulnerability Scanning, Patch Assessment, and Service Pack updates?"
Vulnerability scanning is looking for known security holes within your environment - of which some may be associated with a patch while others are not. As an example, we scan for the use of administrator accounts with no passwords. This is a security hole for which a patch does not exist, but should be addressed with specific security policy requirements and tighter procedures. In contrast, Patch Assessment identifies security issues within your Microsoft environment for which a known fix is available in the form of a Service Pack update (or patch), and for which there is a clear path to remediation. Therefore, vulnerability scanning looks for security holes while Patch Assessment determines if you are in compliance with known fixes. Typically, management focuses on whether or not the appropriate patches are applied.
"How do you define a 'device'?"
One device equates to one IP address.
"So, is a switch port or WAN link counted as a device?"
Switch ports and WAN links are also considered objects rather than devices. A device refers to a router, switch (with multiple ports), or server (with CPU, memory) that may run multiple processes.
"How do you treat virtual IPs and server clusters from a device pricing perspective?"
Packages such as VMware allow solution providers to "virtually" partition and consolidate hundreds of servers and associated applications and resources on one machine. Under this definition, DataFocus Inc views each virtual server as one device - as there are many operating systems on the same box, and each operating system invokes a Microsoft license and/or a Linux system as appropriate.
Clusters are slightly different. There are two types - active and inactive. Inactive clusters have a minimum of 3IP addresses, including a controller; at least 2 SQL or Exchange servers and applications. In this case, DataFocus counts the controller; 1 of the SQL licenses and 1 server as 3 devices since it is not functioning fully. If the cluster is active, it is operating in tandem and all IP addresses are functioning. Therefore, DataFocus views this as 1 device for the controller; 2 devices for the servers and 2 SQL licenses for the 2 servers for a total of 5 devices.
"What kind of security capabilities do you offer?"
DataFocus focuses on internal security for predominantly Windows environments, including:
- Firewall monitoring -- Consolidate the logs into one view; alert or page on intrusions or attack activity; summarize monthly activity, identify if the firewall is operating efficiently.
- Intrusion monitoring -- Identify failed log-ins, account modifications, etc. This is the "who did what to whom" feature commonly referred to as an audit trail. Also, document if someone is trying to access a resource he/she shouldn't and use as an additional check on privileges after RIFs or lay-offs.
- Vulnerability scanning -- Scan networks, systems, and applications for more than 800 known vulnerabilities - such as "backdoors", viruses, old software, misconfiguration errors, etc.
- Patch assessment -- Leverage five reports that identify where patches are needed by device, server or desktop, by bulletin or by Microsoft product, such as Internet Explorer.
"How does DataFocus monitor firewalls?"
DataFocus monitors firewalls if they are configured using standard IP and SNMP. We can run specific security scans on firewalls and report on availability. Most important, we accept traps and alerts from an intrusion detection device and/or firewall if the vendor uses SNMP or other standard methods of configuring and collecting traps. Alerting on "unauthorized activity" is typically the most valuable type of information you want to integrate within your view of critical IT devices. In addition, you're able to track "under the radar" DoS attacks that may not affect service but are still evidence that you are vulnerable to intruders.
Copyright © 2012 DataFocus LLC