Explore Use Cases

Enable your teams to manage rapid change with IT configuration change management.

Change Activity Monitoring

Managing change is the key to driving business agility. The configuration throughout your environment, across all devices and systems, are the code or DNA to your organization. Most organizations today are completely blind to all the changes that occur, whether planned/authorized, unplanned/ad-hoc, or worse a security Indicators of Compromise (IOC). SIFF provides the ability to monitor changes across all your devices and systems to help:

  • Accelerate Incident Troubleshooting and Repair
  • Improve Change Management by Reducing Outages from Configuration Errors
  • Governance, Auditing and Compliance Monitoring
  • Security Auditing and Forensics

Troubleshooting & Repair

85% of IT incidents are caused by configuration errors. Visibility to configuration changes is essential to accelerate problem identification and repair. SIFF provides the ability to quickly search for relevant configuration changes and view the difference and history associated with those changes.
  • Quickly identify configuration changes that caused the incident
  • Visibility to authorized and unauthorized configuration changes
  • Visual change differences and change history
  • Unify configuration monitoring across all silos - networks, servers, apps, cloud, storage, security, etc
Unified Configuration Monitoring Across All Silos
Large organizations naturally have separate domain of expertise for various technology functions within their environment. The challenge however is to avoid limiting information only to the individual silos. As modern business services increasingly become more and more distributed, with inter-dependencies crossing many technologies (containers, VMs, hybrid-cloud, software-defined networks, vlans, etc), it is essential to have visibility and quickly determine how simple configuration changes can drastically impact other services and cause major critical outages.
  • Avoid “finger-pointing” and reduce “all-hands” conference bridges needed to triage critical incidents
  • Provide visibility across all domain silos, technologies “layers” to understand the inter-dependencies for business services
  • Quickly identify possible configuration changes that may impact a business service, even though the responsibility belongs to a different group
  • Unify configuration collection, monitoring and compliance across all groups

Configuration Search & Reporting

A common task of looking up configuration details can be more time consuming than it seems. You need to connect to the device or system, use the appropriate access credentials, navigate to the right files and/or use the correct commands to display the configuration details. Now add multiple devices and systems, different vendors and technologies – it’s easy to become bogged down in the legwork rather than accomplishing the task at hand. SIFF makes this simple – users can simply search for any configuration details across their entire environment as though they’re searching Google.
  • Quickly enables searching for configuration across many devices and systems
  • Compare configuration changes between systems and version history
  • Visibility to configuration information without granting access to devices
  • Generate reports using actual configuration details and search criterias
Security-IOC-Search-Reporting
Centralized-Config-Repository-Versioning

Centralized Configuration Repository & Versioning

The promise of a centralized configuration repository or CMDBs have been around forever. Current approaches however lack the actual configuration details necessary for it become useful. Most CMDBs implementations are often adopted as CI references for ITIL processes while providing rudimentary asset information (e.g. CPU, Memory, etc). SIFF provides a configuration repository that contain actual configurations from ALL devices and systems, that can be easily searched, reported and acted upon.
  • Single, searchable, time-based and versioned repository with actual configuration details
  • Consistent access to configuration across all groups and silos, technologies and domains
  • Single source of configuration for operational troubleshooting, change management and governance

Configuration Audit, Reporting & Historical Logging

Collecting and analyzing configuration details is a common activity for any security and IP policy audits. Compiling all the necessary details can be a time consuming task. From simple operational queries (e.g. reviewing if MySQL max_connections is too high), to more extensive analysis (e.g. are there any servers listening to ports outside the permitted list), SIFF makes this easy.
  • Search, compare and analyze detailed configurations
  • Easily generate reports required for security audits
  • Demonstrate audit trails and historical logging required for compliance certification

Asset Inventory & License Audit Reporting

Hardware and software asset inventory reporting are routine tasks that are performed on a regular basis. SIFF simplify these common tasks while also supporting advanced searching and reporting that may be needed for complex license audits
  • Easily generate asset and inventory reports
  • Advance search for license audit and compliance

Configuration Policy & Compliance Monitoring

For large organizations with governance teams, monitoring configuration policy compliance can be an exhaustive task. Most do not have any means to monitor or ensure compliance to these policies. For example don’t deploy application services without updating the default passwords, don’t add users to these servers, make sure the cloud storage is not open to the public, etc. SIFF provides the ability to define and automate configuration compliance monitoring to enable the governance team to proactively ensure the safety of the organization
  • Proactive compliance rules to avoid configuration errors such as default passwords in deployed applications and containers
  • Verify correct security rules are applied for cloud services
  • Detect possible security IOC such as open ports, outbound connections, new users, etc

Change Management Review & Analysis

The Change Management process is an essential best practice that helps minimize the number of errors that are introduced into the environment. Any work should be planned and approved with a Change Request before it is executed. The processes that are implemented in most organizations, however, frequently neglect the critical step of reviewing the work that was done. More precisely, the configuration changes that occurred as part of that work. This review allows any errors, omissions, side-effects / impact to be discovered early before a major outage occurs. Post-implementation reviews are often skipped because of the tedious work to collect all the configurations that were changed and due to how time-consuming it can be to identify all the differences within each of them. SIFF makes this easy by utilizing a number of strategies to automatically associate configuration changes to their respective Change Requests.

  • Improve the Change Mgmt process by making it easy to review work that was carried out for a Change Request
  • Search for all configuration changes that occurred for a Change Request
  • Visual diffs between the new config and the previous configs for easy post-execution review to identify errors, omissions and possible service impacts
  • Reduce outages from configuration errors

Authorized & Unauthorized Change Visibility

Without visibility to change activity throughout the environment, it is challenging to distinguish between approved configuration changes and ad-hoc changes. This lack of configuration monitoring makes it easy for intruders to hide, and difficult for teams to detect any changes that the intruder may have implemented. SIFF, together with the enhancements to the change management process, can help provide the necessary visibility and control to config changes that occur in your environment.

  • Distinguish between planned / authorized changes and ad-hoc / unauthorized changes
  • Identify potential security Indicators of Compromise (IOCs)
Security Forensics
Once an intrusion has occurred, how do you quickly determine what has been compromised? What has been changed? SIFF provides the essential historical logging and versioning of all configuration information needed by the security team to determine the appropriate Course of Action (CoA).
  • Historical audit logging of all configuration information
  • View the configuration history and versioning
  • View the configuration across the entire environment at a specific point-in-time

Security IOC Search & Reporting

A new vulnerability has been announced. How do you find out which of your systems or devices that may be susceptible? These could be specific compromised files or system / application versions, or simply bad configuration settings. SIFF makes it easy to search and report on the systems and devices that need action.
  • Easily search for compromised files across your entire environment
  • Easily search for compromised configurations
  • Easily search for intrusion footprints and IOC trails
  • Automate search and reporting with vulnerability announcements
Security-IOC-Search-Reporting
Contact Us
Forget the complex installs and configs, get started with SIFF Collector in your environment in three easy steps. 
Contact Us
Sign up