Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2007 Jupitermedia Corporation Using Network Behavior Analysis (NBA) and Service Asset and Configuration Management (SACM) to Improve Management Information.

Published byAdele Austin Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2007 Jupitermedia Corporation Using Network Behavior Analysis (NBA) and Service Asset and Configuration Management (SACM) to Improve Management Information."— Presentation transcript:

1 © 2007 Jupitermedia Corporation Using Network Behavior Analysis (NBA) and Service Asset and Configuration Management (SACM) to Improve Management Information February 5, 2008 2:00pm EDT, 11:00am PDT George Spafford, Principal Consultant Pepperweed Consulting, LLC “Optimizing The Business Value of IT” www.pepperweed.com

2 © 2007 Jupitermedia Corporation Housekeeping Submitting questions to speaker –Submit question at any time by using the “Ask a question” section located on lower left-hand side of your console. –Questions about presentation content will be answered during 10 minute Q&A session at end of webcast. Technical difficulties? –Click on “Help” button –Use “Ask a question” interface

3 © 2007 Jupitermedia Corporation Main Presentation

4 © 2007 Jupitermedia Corporation Agenda An Overview of Service Asset and Configuration Management An Overview of Network Behavior Analysis How we can leverage the two areas for the betterment of the organization

5 © 2007 Jupitermedia Corporation ITIL v3 ITIL v3 was released on May 30, 2007 The core principles are the same as v2 Five core books (11.4 pounds!) arranged as a lifecycle –Service Strategy Value nets, adaptive strategies, managing uncertainty, strategy selection –Service Design Policies, architecture, models, outsourcing –Service Transition Transition Planning and Support Change Management Service Asset and Configuration Management Release and Deployment Management Service Validation and Testing Evaluation Knowledge Management –Service Operation Incident and Problem Management, alerting, new functions –Continuous Service Improvement Business cases, Portfolio Alignment, Metric selection

6 © 2007 Jupitermedia Corporation An Overview of SACM “Manages assets in order to support other Service Management processes.” Service Asset = Capabilities + Resources (i.e. assets) –Asset types include management, organization, processes, knowledge, applications, infrastructure, etc. Configuration Management delivers a logical view of the world –Relationships between configuration items (CIs) –Details about each CI Concerned with the management of service assets and the relationship of configuration items (CIs) in them –Tracking and report on assets –Manage and protect the integrity of service assets and CIs Ensure that only authorized components are used Only authorized changes are made

7 © 2007 Jupitermedia Corporation Categories of CIs Think of these as relational data tables Service Lifecycle CIs –Business case, service lifecycle plans, etc. Service CIs –Service Capability Assets: People, knowledge, processes –Service Resource Assets: Systems, applications, data Organization CIs –Elements about the organization that must be shared –Strategic plan, corporate policies, regulatory requirements, etc. Internal CIs –Hardware, software, and facilities External CIs –Customer agreements, vendor agreements Interface CIs –Service provider interfaces (SPIs)

8 © 2007 Jupitermedia Corporation CI Attributes Think of these as data fields –What do you need to know about each CI to manage it? Parent CI relationships Child CI relationships Make Model Processor OS (which could be a CI) Memory IP Port Requirements

9 © 2007 Jupitermedia Corporation SACM and the CMS Provides information to other processes and functions –Change, Release and Deployment, Incident, Problem, etc. –SACM is an enabler for these processes –Accurate data is critical Data stored in Configuration Management System (CMS) –We used to discuss the configuration management database (CMDDB) –Federated CMDBs make up a CMS

10 © 2007 Jupitermedia Corporation Configuration Management System

11 © 2007 Jupitermedia Corporation SACM Problems Chant “meaningful and manageable” over and over –Can generate a ton of useless data that costs more to collect and maintain than what it is worth –Don’t track because you can, track because there is real value Likely that 20% of the data will create 80% of the value –SACM can be a six month project that turns into a two year project with no results –Start simple and learn Sustaining efforts –Launching the project to design the process is one thing –The organization must then live with the design Configuration drift –Production no longer matches the CMS –Why? Uncontrolled / unauthorized change –We need detective controls to detect changes

12 © 2007 Jupitermedia Corporation An Overview of Network Behavior Analysis Evolved from looking for signatures at the firewall, IDS, and security event management –Weakness - Signatures only turn up known problems NBA tools monitor network activity and look for abnormal activity based on baselines and heuristics Monitor things such as –Communications between network nodes –Who the actual users are –Frequency of communication –What are servers and what are clients –What protocols and ports are being used –Network Traffic levels – Behaviors based on day and time of day Combines data collection, analytics and meaningful presentation –Need to find the needle in the haystack

13 © 2007 Jupitermedia Corporation NBA is a Detective Control Controls mitigate risks Three broad categories of controls Preventive –Policies –Procedures –Look and sound great but how do you know people are following them? Detective –Review data about historical events and look for a condition –Can be used to confirm that people are following policies and procedures –Can be used to detect unauthorized activity in general Corrective –Return the CI to its last known good state

14 © 2007 Jupitermedia Corporation Defense in Depth Think of the rings of walls in a castle. More walls equate to an overall better defensive posture We need preventive controls We need detective controls Configuration integrity management – change detection at the device level NBA – last line of defense because it’s based on behavior NBA Integrity Management Policies & Procedures

15 © 2007 Jupitermedia Corporation NBA can benefit security, compliance and operations NBA’s roots are in security but with proper integration, other process areas can benefit. Consider the benefits of understanding: –Changes in behavior due to changes –End-User Experience –Actual dependencies –Unauthorized services –Configuration errors –Misuse of services –Security incidents Operations ComplianceSecurity

16 © 2007 Jupitermedia Corporation Leveraging the Two Disciplines

17 © 2007 Jupitermedia Corporation Service Transition - Change Management Concerned with managing the risk of making a change A balancing act between the risk of making and not making a given change Steps include: Recognition of need, record the request, review, authorize, plan, schedule the implementation Change Mgt is responsible to ensure the CMS is updated accordingly From SACM and the CMS we know what changes were authorized How do we know about changes when people do not follow the process? –Problems with Change Management are SACM’s Achilles' Heel NBA allows us to identify that something has changed: –Network behavior –Application behavior –User behavior

18 © 2007 Jupitermedia Corporation Must Understand What Changed Authorized Person, Authorized Change Authorized Person, Unauthorized Change –Well intentioned –Malicious (a security event) –Erroneous Unauthorized Person, Unauthorized Change – A security event The only valid level of unauthorized change is zero Vital that other processes –Have reliable accurate data from SACM –Understand if there are changes that can’t be reconciled and what has changed NBA serves as a last defense

19 © 2007 Jupitermedia Corporation Service Transition – Release & Deployment Management Need to ensure that there is proper requirements definition, testing and deployment of releases into production Can review historical activity to improve rollout planning Can confirm production releases match tested releases –Can profile and fingerprint releases –Could highlight tampering or errors with the deployment into production

20 © 2007 Jupitermedia Corporation Service Transition – Service Validation & Testing Releases Can identify in testing if behaviors meet standards –Only authorized ports are used –No connection to certain hosts A better understanding of the impacts of new or changed services based on historic observed user behaviors Can also determine if actual behaviors = expected behaviors

21 © 2007 Jupitermedia Corporation Service Operation – Event Management Event Management is concerned with interpreting the monitored data and taking an appropriate action Outputs from NBA are routed appropriately by Event Management –Rejection –Manual Review –Automatic Processing Create an Incident Create a Problem Trigger a standard change

22 © 2007 Jupitermedia Corporation Service Operation – Incident and Problem Management The first triage question to ask should always be “What changed?” 80% of MTTR is spent trying to answer/determine “What changed?” Need to arm the resolution processes with detected change information –Understand how current behavior differs from normal behavior Understand if a change happened and where If a change is not detected, then rule change out

23 © 2007 Jupitermedia Corporation Continuous Service Improvement Review NBA and SACM data to determine potential service improvement opportunities We can use NBA to understand and improve the user experience of IT services Capacity planning for services and component CIs including networks, servers and other devices –Usage patterns and potential demand management –Server consolidation IT Service Continuity Management

24 © 2007 Jupitermedia Corporation Key Points SACM gives us a logical view of the world with relationships –Integrity of its data is vital NBA is a control that can help us –Understand behavior in production and testing –Better plan projects – Consolidation, DR/BCP, etc. –Confirm relationships between CIs –Detect configuration errors –Detect unauthorized changes –Drive down MTTR by better understanding what changed Overall, we can use NBA to help ensure that we have accurate data to share with other process areas

25 © 2007 Jupitermedia Corporation Thank you for the privilege of facilitating this webcast George Spafford George.Spafford@Pepperweed.com http://www.pepperweed.com

26 © 2007 Jupitermedia Corporation Questions?

27 © 2007 Jupitermedia Corporation Thank you again for attending If you have any further questions, e-mail webcasts@jupitermedia.com webcasts@jupitermedia.com For future ITSM Watch Webcasts, visit www.jupiterwebcasts.com/itsm www.jupiterwebcasts.com/itsm

Download ppt "© 2007 Jupitermedia Corporation Using Network Behavior Analysis (NBA) and Service Asset and Configuration Management (SACM) to Improve Management Information."

Similar presentations

Slide 1 Configuration Management. Slide 2 Goal – Primary Objective To provide a logical model of the IT infrastructure by identifying,controlling, maintaining.

Slide 1 Configuration Management. Slide 2 Goal – Primary Objective To provide a logical model of the IT infrastructure by identifying,controlling, maintaining.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
ITIL v3 Overview Rob Goodwin-Davey.

ITIL v3 Overview Rob Goodwin-Davey.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
A A A N C N U I N F O R M A T I O N T E C H N O L O G Y : IT OPERATIONS 1 Problem Management Jim Heronime, Manager, ITSM Program Tanya Friehauf-Dungca,

A A A N C N U I N F O R M A T I O N T E C H N O L O G Y : IT OPERATIONS 1 Problem Management Jim Heronime, Manager, ITSM Program Tanya Friehauf-Dungca,
ITIL: Service Transition

ITIL: Service Transition
Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.

Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.
© 2007 Jupitermedia Corporation Developing and Implementing a Rollout Plan February 5, 2007 2:00pm EST, 11:00am PST George Spafford, Principal Consultant.

© 2007 Jupitermedia Corporation Developing and Implementing a Rollout Plan February 5, :00pm EST, 11:00am PST George Spafford, Principal Consultant.
8.

8.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Department Of Computer Engineering

Department Of Computer Engineering
Session Objectives And Takeaways Identify the role of Service Manager in the System Center suite Service Manager - Integrating People, Process and Technology.

Session Objectives And Takeaways Identify the role of Service Manager in the System Center suite Service Manager - Integrating People, Process and Technology.
ITIL Process Management An Overview of Service Management Processes Presented by Jerree Catlin, Sue Silkey & Thelma Simons.

ITIL Process Management An Overview of Service Management Processes Presented by Jerree Catlin, Sue Silkey & Thelma Simons.
© 2007 Jupitermedia Corporation Understanding the Role of the CMDB in ITIL March 5, 2007 2:00pm EST, 11:00am PST George Spafford, Principal Consultant.

© 2007 Jupitermedia Corporation Understanding the Role of the CMDB in ITIL March 5, :00pm EST, 11:00am PST George Spafford, Principal Consultant.
Integrated Process Model - v2

Integrated Process Model - v2
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Information Technology Service Management

Information Technology Service Management
Basel Accord IITRANSITIONSERVICES Business Integration Support FCM Management Limited Paris New York Toronto.

Basel Accord IITRANSITIONSERVICES Business Integration Support FCM Management Limited Paris New York Toronto.
© 2007 Jupitermedia Corporation Understanding the ITIL Trinity of Configuration, Change and Release Management June 28, 2007 2:00pm EDT, 11:00am PDT George.

© 2007 Jupitermedia Corporation Understanding the ITIL Trinity of Configuration, Change and Release Management June 28, :00pm EDT, 11:00am PDT George.

Similar presentations

Ads by Google