Looking for a scalable solution and not sure what to ask? The best way to start off is to get an understanding of what scalability means because it can vary depending on the problem(s) that are trying to be solved, the company, and who you are talking to. According to Merriam-Webster, scalability is “capable of being easily expanded or upgraded on demand – a scalable computer network.” You Rock, Merriam-Webster. Thanks for the vague definition! It seems like it would be a L x H x W = winner question? As you know, it’s way more complicated. What is your idea of scale? 1000, 10000, 100000, 1000000+? Naturally, we tend to think those numbers are endpoints being monitored, but there are many more items to consider. Other items to consider when looking at a scalable solution: depth, throughput, breadth, the number of endpoints, and time spent managing the solution. When looking at breadth, these are types of all the following categories: Hardware, Operating System, Applications, Protocols, Industries, Business Audience, Compliance Standards, Security Frameworks, Virtualization Technologies, Cloud Technologies, Integration Partners, and Mobile Platforms, just to name a few. In an ideal world, the care and feeding of the solution would be minimal. Ah, yes, what is minimal? Set and forget? That is the ideal answer for some, but it's not practical if any true monitoring will take place. Maybe artificial intelligence will make that a possibility someday, allowing Cyberdyne Systems to rule the world! As the monitored environment’s device count increases, depth, breadth and throughput increases, and as a result, so does the care and feeding. Knowing what options are in place to help ease that care and feeding is critical, and it's a good question to ask when considering solutions.
What are the attributes considered when looking at reducing the time managing the solution?
The answer? Easy to deploy, intuitive interface, the capability to automate, integrate, filtering, out of the box content, role based access, multi-tenancy, and ability to select desired depth without having a negative performance impact on the network and systems being monitored. The company or partner offering the solution offers many options for services for not only hosted, hybrid, on-premise types of environments but for integrations with solutions that have already been invested in. On top of that, there is one number to call when questions need an answer no matter how many products are offered and you don’t get bounced around to different departments to get a resolution. Did you find that solution? It seems like a snipe hunt! There seems to be a three-way approach that software companies tackle the scalability issue:
- They planned to scale from the beginning of time.
- They planned to scale but the idea of ‘scale’ was at a lower tier at the time and in order to scale higher now, they have decided to add more layers.
- They planned to scale but the idea of ‘scale’ was at a lower tier at the time and in order to scale higher now, they decided to rewrite the original program. This is known as the ‘throw the baby out with the bath water’ approach.
Let’s break each one of these down a little bit more. 1. They planned to scale from the beginning of time. There are many software solutions that were designed for a certain size, serve their purpose, and hit the market space they were designed for. Many times in this space, this can be an Open Source type of solution that started on a single asset to fill a particular need or was built to scale up to the market it was designed for. Some examples of these are Tripwire Open Source, Wireshark, Snort, Bro, PFSense, Puppet, ELK Stack, and OSSEC, to name just a few. There are commercial solutions that have followed that path, some even based upon an open source solution or that integrate some open source components. Many of these will fit into the market that they were designed for and thus fall into this category, but some do fail in multiple scaling areas once that company wants to go outside of that original market space. 2. They planned to scale, but the idea of ‘scale’ was at a lower tier at the time, so in order to scale higher now, they have decided to add more layers. This is the more common approach because there are so many different ways to add on more layers. Some options here include:
- Acquiring other companies to fill in functionality gaps for depth, throughput, and/or breadth.
- Throw resources at it whether it is more servers, collectors, memory, disk space, etc.
- Adding in an additional layer at the top and leveraging API’s at the lower layer.
- Removing, reporting, and putting it into its own product.
- Moving the software to the cloud to help ease some of that complexity, care, and feeding.
- More layers typically mean more complexity, possibly more interfaces, more technologies to manage, and if not done right, more care and feeding.
3. Throw the baby out with the bath water approach. This is the least common option because it costs the company lots of money and introduces a lot of risk. This is when the company has to maintain the current product and add extra resources to plan and execute the replacement. What are the questions to ask yourself and/or the software vendor when looking for a scalable solution?
- What problem(s) are you trying to solve? Is that problem require a point solution or a solution that can integrate with your business ecosystem?
- What is the depth, throughput, breadth, the number of endpoints, and expected time spent managing the solution? Are you willing to give up one, two, or more of these for a solution that is at a lower price point or open source?
- If you start with a lower scale, how easy is it to scale up? Does that mean adding more layers? Was the software built for your company’s market size?
- How big is the software company’s Engineering Department and/or QA Department in relation to the rest of the company?
To learn more about how Tripwire solution’s scale and ask some of those scaling questions, click here. Interested in learning about 10 reasons why Tripwire’s solutions outperform other companies’ products? Click here.
Tripwire Enterprise: Security Configuration Management (SCM) Software
Enhance your organization's cybersecurity with Tripwire Enterprise! Explore our advanced security and compliance management solution now to protect your valuable assets and data.