Persistent Observation provides a foundation of a strong security defense strategy, continually identifying all assets on the network.
Entity Behavior Analytics
Service Intelligence is gathered over time by observing entity behavior, dependency behavior, and network communication details. Entity behavior such as new communication to other assets, previous dependencies no longer seen, system performance and more. Network communication details include source IP’s, destination IP’s, port numbers and data transfer volume for all assets.
Security Configuration Compliance
Baseline Service Maps form a virtual security perimeter around your services, detecting lateral movement, insider and rogue device threats to high value assets for Security Configuration Compliance.
Baseline Map Alerts integrated with your ITSM yields faster incident response. Get notified on unauthorized changes, rogue and insider threats targeting high value assets and services.
Contact FireScope today so we can help you build a successful Service-centric Security Strategy
Persistent Observation & Active Discovery
See How it Works
Networks are so dynamic and ever-changing by nature due to virtualization, cloud, and containerization, so discovery has to be real-time as well. It is critical to discover all connected assets that support critical applications to reduce risk, ensure successful data center migrations, and avoid service disruption. FireScope persistently discovers assets as soon as they connect to the network by listening to network traffic flows (NetFlow) in real-time, and even discovers devices behind firewalls. We call this persistent observation. FireScope also uses the network traffic flow data to automatically discover application dependencies between each asset. Most asset discovery solutions use active discovery exclusively which periodically polls the network to detect new assets and changes to existing assets. The problem with this approach alone is that assets come and go in between discovery runs and critical assets that are used periodically can be missed. For data center migration projects, missed assets can cause costly service disruptions and migration delays.
FireScope uses automated scheduled discovery jobs to augment our persistent observation discovery and gather more details about assets. Active discovery scans for new assets and detects changes to existing assets. The frequency of active discovery is configurable. Users can configure network ranges or subnet ranges to be scanned to discover network devices, servers, VMware vCenter hosts/guests, virtual switches, storage, cloud infrastructure, firewalls, and more. FireScope’s active discovery is also used to discover interdependencies of network connectivity, vCenter host to guest and storage dependencies, and more. More on this in Multi-layer Discovery and Dependency Mapping.
Baseline Service Map Alerting
When changes occur in production top tier services and applications it can have a devastating impact to your brand, customers and ultimately your bottom line. FireScope’s Baseline Service Map Alerting can immediately notify ITOps, SecOps and DevOps teams of changes including new or missing assets, new and missing application communication between servers and applications, network connectivity, virtualization and storage dependencies.