caplon service monitoring

Monitoring the quality, availability, performance and security of IT infrastructures and critical business applications

Nearly all companies rely on a trouble-free and smooth operation of their IT infrastructure and their critical business applications in order to operate successfully and be competitive. The increasing networking of companies with suppliers, partners and customers, the complexity of networks and the increasing flood of data make it more and more difficult to maintain an overview and ensure reliable operation.
With caplon© service monitoring, companies have a comprehensive overview of all processes running in the network and full control over IT and OT infrastructures under operational, planning and security aspects.

Determination and visualization of important parameters from the network and the applications

  • bandwidth determination
    • Number of bytes/s, packets/s
    • Determination of the largest "bandwidth guzzlers", and much more.
  • Network statistics
    • TOP Talker, TOP Listener, TOP Connections
    • Distribution of network protocols, etc.
  • TCP analysis - detection of typical TCP problems
    • TCP Retransmissions, TCP Zero Window, TCP Resets, etc.
    • (Worst) TCP Handshake Time, and much more.
  • Application analyses and statistics
    • Reaction and response times of servers
    • DPI application recognition, etc.

Detection and fixing of technical problems and anomaly detection via drill-down analyses

  • Detection of deviations from standard behavior at an early stage by displaying the development of relevant performance data over time in individually adjustable dashboards
  • Different views on the network data
    • based on geographical criteria (data centers, locations, …)
    • based on network segments (DMZ, MZ, certain subnetworks, …)
    • based on functional criteria (web server, application server, DB server, …)
  • Fast localization of problems, troubleshooting and fixing of issues by direct access to relevant network data (drill-down analyses)
  • Early detection of misconfigurations in production controls (avoidance of production downtimes and overload situations)
  • Continuous monitoring of SLA and KPI values (avoidance of contractual penalties)

Performance monitoring, transaction monitoring

  • Fast analysis of problems for individual customers/control processes by an end-to-end transaction analysis (Layer 7)
  • Monitoring of specific services and processes with individually adapted analyses
  • Objective measurement of the effects of tuning measures for performance optimization of services

 

Topology visualization and asset discovery

  • Visualization of the devices communicating in the network with the associated communication flows
  • Comprehensive transparency of all events and assets in the OT and IT network
  • Visualization of the actual network activities
  • Detection of unknown devices and unwanted communication relations (e.g. attacks)
  • Monitoring of remote maintenance accesses
  • Automatic creation of an asset database by usage of all passively captured information with the option of actively integrating additional information sources
  • Using automatically captured information for audits and certifications

Alarming

  • Avoidance of downtimes and loss of sales by an active alerting when thresholds are exceeded or not reached or in case of deviations from normal behavior
  • Real-time notification of communications indicating security incidents or technical problems
  • Easy defining alarm rules via a rule wizard
  • Clear presentation of configured and active alarms
  • Easy integration into existing network management systems via standardized SNMP interface / NRPE plug-in for Nagios integration
  • Alarming via UI, e-mail, SNMP or user-defined scripts

Network Recording – the flight recorder for the network

The data are continuously written into a ring buffer (with fixed size). This enables you to analyze network problems or security incidents retrospectively.

  • Permanent storing of data for troubleshooting purposes – data storage up to the peta-byte range with additional storage units
  • Solving sporadically occurring problems
  • Forensic analysis – analyze security incidents retrospectively
  • Compliance monitoring – in order to be able to assess the observation of compliance requirements
  • Backup of data by creation of ring buffer snapshots

Wireshark Integration

caplon© systems offer a far-reaching integration of Wireshark via a Wireshark plug-in module.

Live Tracing

  • in distributed environments: analyze pre-filtered traffic from different network segments in one trace file online
  • with authorization profiles: Tracing with Wireshark with considerably reduced risk of data misuse by using corresponding authorization profiles
  • with online pseudonymized data: Tracing with Wireshark without insight into personal data or critical infrastructure data by online pseudonymized network data (module caplon© privacy protection)

Seamless integration, improved possibilities for analysis, automation capability

caplon© systems have open interfaces and a standardized REST API, making them easy to interact with existing systems.

  • Integration into automated monitoring systems and test automation solutions and coupling with intrusion detection systems
  • Automatic capturing, analysis and export of network data, if necessary
  • Providing third party systems, e.g. SIEM-, IDS-systems with valuable information from network data
  • Interaction with active IT components (Cyber Defence Systems, Security Data Collection, Firewalls, …)

Legally secure access to data

With regard to IT security, the EU-GDPR (Art. 5, para. 1f) requires that personal data are protected by appropriate technical and organizational measures. This also includes protection against unlawful forms of processing and against accidental loss ("integrity and confidentiality").

caplon© systems effectively reduce risks of data misuse with a fine-grained access and authorization system in combination with caplon© Privacy Protection technology.

  • Fine-grained adjustable access to the network data regarding network segments, layers and analysis depth per user or role.
  • Protection of personal data and critical information of the IT infrastructure by pseudonymisation of network data (module caplon© privacy protection
  • Clear presentation of the access rights stored in the system per user and role