Abstract

XYZ. Business Value for XYZ Corp. Real-Time Operational Intelligence Findings

Categories
Published
of 61
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Description
Business Value for XYZ Corp XYZ Real-Time Operational Intelligence Findings Prepared by: Joanna Smith, Director of IT, XYZ Corp Nick Tesla, Systems Engineer, ExtraHop Ada Lovelace, Regional Sales Manager,
Transcript
Business Value for XYZ Corp XYZ Real-Time Operational Intelligence Findings Prepared by: Joanna Smith, Director of IT, XYZ Corp Nick Tesla, Systems Engineer, ExtraHop Ada Lovelace, Regional Sales Manager, ExtraHop EXECUTIVE SUMMARY: BACKGROUND AND OBJECTIVE PROJECT BACKGROUND A non-invasive, automated, and real-time IT operational assessment was conducted from October 2, 2015 October 22, 2015 by XYZ Corp and ExtraHop, a next-generation IT Operation Analytics (ITOA) vendor. The following report explores the capabilities and benefits of real-time analysis of all data in motion, referred to as wire data analytics. The technology serves as the basis for a more adaptive, comprehensive, and cost-effective approach supporting XYZ Corp heterogeneous and dynamic environment. PROJECT OBJECTIVE AND GOALS The objective of this project is to create a more efficient, integrated, and data-driven approach to how we measure, run, and improve IT Operations. The measurable goals are to drive down costs, enable Tier I staff to perform at Tier II or higher levels, provide a visibility platform for better cross-team coordination reducing MTTR, mitigate availability and security risks, and provide insights that can increase revenue while improving IT agility and end-user satisfaction. To accomplish this objective, the project explored whether the ExtraHop wire data analytics platform could serve as the foundation for a datadriven model for more effective and efficient IT operations and security. We explored how to leverage this unique data set by identifying strategies to eliminate costs, improve performance, and mitigate common but blind attack vectors associated with security infrastructure like encryption, ciphers and certificates. We believe that if we could more easily see and correlate all client, application, network, and infrastructure activity, then we would have a more complete set of objective insights allowing us to adapt to change quickly and support new IT and business initiatives with greater predictability. WHY WIRE DATA ANALYTICS AND AN ITOA PRACTICE The drive toward a more data-driven IT operational model has seen the emergence of analyzing all data in motion (wire data analytics) as the foundation of a modern ITOA practice. The reason is that the one constant among all application, network, client, virtualization, infrastructure, and cloud behavior is the network. Regardless of the technology, where workloads may run, how many layers of abstraction exist, or how applications are constructed, all technology and business transacts via wire protocols over a network. The ExtraHop platform is designed to transform unstructured packet data into structured wire data at line rate for mining real-time IT and business insight from all data in motion. 2 WHAT EXTRAHOP CUSTOMERS ARE SAYING 55% in of surveyed IT organizations paid back their investment in ExtraHop 6 12 months or less. 81% of surveyed IT organizations improved mean-timeto-resolution by 2x or more with ExtraHop. TVID: 792- E TVID: 189-0A8- F83 What has most surprised you about ExtraHop? The many, many insights you can gain from this platform. We haven t even scratched the surface. Brian Bohanon, IT Director, Aaron s, Inc. In the tech business, you always hear from vendors that their solution will be easy to install, will be flexible to operate, or will have an exceptional ROI. These promises are almost always too good to be true. ExtraHop has these stories as well, but they consistently exceed expectations every time. Todd Forgie, IT Vice President, MEDHOST Research by 3 EXECUTIVE SUMMARY The following report details the prescriptive findings and quantifies the value of real-time wire data analytics for our environment. The project objective explored whether the ExtraHop platform could drive more effective and efficient IT operations and security. ROI SUMMARY Cost of Investment $250,000 Hard ROI $573,195 Time Taken to Earn Back Investment Soft ROI (Hard ROI + Risk Mitigation) Time Taken to Earn Back Investment 6 months $5.9 million 1 month ROI DRIVERS Hard ROI Revenue Drivers - $47,500 Cost Savings - $525,600 Soft ROI (Hard ROI + Risk Mitigation) Lower Downtime Risk - $4,350,000 Lower Security Risk - $1,785,000 4 EXECUTIVE SUMMARY KEY FINDINGS FOR OBSERVED PERIOD Cipher Suite and Encryption 5,660 weak cipher sessions were observed over 20 hosts. This represents a security risk. Database 4,100 DB errors occurred and the slowest query process time was over 10s. SMTP There were 5,000 unencrypted SMTP sessions, indicating a potential security risk. Real User Monitoring Website responses for Safari browsers are 39% slower than other browsers. DNS 15% of DNS requests are failing due to IPv6 issues having a 2-4 second impact on end-user performance. Storage A frequent backup script slowed down storage performance and is congesting the network. Web Optimization Our website is returning 3.5K server errors each hour, wasting server resources. VOIP A high number of SIP errors represent end-users that cannot make calls. Citrix The longest Citrix login during the observed period was 2.46 minutes. Asset Discovery Two FTP servers were discovered in areas of the network where this protocol is not allowed. Network 1.04 million TCP retransmission timeouts were observed, adding roughly 5 second delays for end users. Security Point Solutions 2,500 Shellshock attempts were detected in HTTP and DHCP payloads. Cloud Applications 3 GB of data has been sent to cloud storage apps outside of corporate policy. FTP There were no FTP requests originating outside of corporate headquarters, which is expected. 5 CIPHER SUITE AND ENCRYPTION MONITORING FINDINGS KEY FINDINGS FOR CIPHER SUITE AND ENCRYPTION MONITORING INDUSTRY FACTS 5,660 insecure sessions 64,000 sessions Sensitive information may be exposed to malicious actors, which can directly cause further data loss and security breaches. Sessions using RC4 encryption are considered insecure and expose your company to data theft. A data breach cost U.S. companies an average of $6.5M per incident in 2014 Ponemon Institute The average global 5,000 company spends $15 million to recover from a certificate outage and faces another $25 million in potential penalties Ponemon Institute 1,900 days 1,650 Insecure sessions It has been 400 days since the oldest SSL certificate expired. This exposes the enterprise and customers to malicious cybercrime. Number of sessions observed using SSLv3, an insecure version vulnerable to man-in-the-middle attacks. Only 40% of HTTP servers support TLS or SSL and present valid certificates Redhat (scan of Alexa top 1M sites) 20% of servers are using broken cipher suites making encrypted data vulnerable Redhat RC4 is still used in 18% of HTTPS servers Redhat See the Appendix for Cipher Suite and Encryption dashboards 6 CIPHER SUITE AND ENCRYPTION MONITORING VALUE Cost Savings Time spent per month to manually locate servers with weak ciphers (hours) 6 XYZ Corp Annual cost of any tools used to locate impacted servers $25,000 XYZ Corp Annual cost of any consultants used to locate impacted servers $0 XYZ Corp Average salary of Security Engineer $95,000 Glassdoor Labor savings $30,130 Time spent per month to manually audit certificates and encryption (hours) 6 XYZ Corp Annual cost of any tools used to locate impacted servers $0 XYZ Corp Annual cost of any consultants used to locate impacted servers $10,000 XYZ Corp Average salary of Security Engineer $95,000 Glassdoor Labor savings $15,130 Risk Mitigation Average # of records that are exposed in a breach (US) 28,000 Ponemon Institute Average per record cost of a breach (US) $217 Ponemon Institute % risk reduction due to improved cipher and encryption visibility 5% Avoided costs due to breached records $303,800 Total Annual Savings $349,060 BUSINESS VALUE Force multiplier for the Security team shorten time to remediation by up to 50% Move to a proactive state ensuring constant compliance without additional staff Eliminate costs associated with manual audits Reduces chances of a breach that could damage company brand and reputation and result in lost business 7 DNS MONITORING AND ANALYSIS FINDINGS KEY FINDINGS FOR DNS MONITORING AND ANALYSIS INDUSTRY FACTS 298,000 request timeouts 35% of request timeouts Timeouts will have an impact on application performance and user experience. If associated with feebased API driven services you may be overcharged. Sauce Labs, a cloud-based automated testing service is causing 35% of timeouts. This should be investigated to ensure you re not being billed for this traffic. DNS errors and issues cause greater than 20% of Internet and application outages Ars Technica A DNS Dashboard for performance, availability, and risk mitigation is recommended best practice for any enterprise by DHS and the ITSRA working group along with ICANN U.S. Department of Homeland Security 1,160 AAAA look-ups Thousands of IPv6 requests have been potentially causing 2 4 second delays for clients and applictions. This should be fixed immediately. 15,000 DNS response errors DNS errors may be caused by misconfiguration. Fixing these may resolve application issues and slowness. See the Appendix for DNS Monitoring dashboards 8 DNS MONITORING AND ANALYSIS VALUE Cost Savings # of people on DNS/Network team 2 XYZ Corp % of time spent per month troubleshooting DNS issues 20% XYZ Corp Average salary of DNS Admin $75,867 Glassdoor Annual labor savings $18,208 Risk Mitigation Annual DNS unplanned downtime across all domains (hours) 8.75 Verisign Potential reduction in downtime using ExtraHop 10% TechValidate Survey Downtime cost per hour $100,000 IDC Savings due to reduction in downtime risk $87,500 Total Annual Savings $105,708 BUSINESS VALUE Force-multiplier for the Network, Application, and Security teams Shorten time to remediation by up to 50% Prevent overcharges from fee-based API driven subscription services Performance improvement opportunity impacting revenue Increase cross-team knowledge and understanding of the importance of DNS If outsourcing DNS, ensure accountability and SLAs of managed service provider 9 DATABASE HEALTH AND PERFORMANCE MONITORING FINDINGS KEY FINDINGS FOR DATABASE HEALTH AND PERFORMANCE MONITORING INDUSTRY FACTS 4,100 errors High error rates have a negative impact on the health and performance of your databases. ExtraHop shows SQL transaction details to troubleshoot errors. Database profilers can impact performance by up to 20% Microsoft 25% of DBAs surveyed reported unplanned outages of up to 1 day, while 40% reported outages between 1-5 days Oracle 428 milliseconds Worst database server processing time during the observed period. More than 100ms is generally considered to have a negative impact on application performance. 99 privileged user logins Privileged user logins should be continuously monitored in order to identify anomalous behavior that can indicate a data breach. See the Appendix for Database Health and Performance dashboards 10 DATABASE HEALTH AND PERFORMANCE MONITORING VALUE Cost Savings # of people on database team 3 XYZ Corp % of time spent per month troubleshooting db issues 25% XYZ Corp Average salary of Database Admin $67,700 Glassdoor Annual labor savings $11,424 Performance impact of running profiler continuously 5% Microsoft Estimated annual spend on database hardware $200,000 XYZ Corp Estimated annual spend on database licenses+support $300,000 XYZ Corp Annual cost of any consultants used to help troubleshoot dbs $5,000 XYZ Corp Annual cost savings due to profiler replacement $30,000 Risk Mitigation Annual database unplanned downtime for businesses (hours) 8.75 Oracle & Unisphere Research Potential reduction in downtime using ExtraHop 20% TechValidate Survey Downtime cost per hour $100,000 IDC Annual savings due to reduction in downtime risk $175,000 Total Annual Savings $216,424 BUSINESS VALUE Force multiplier for the Database team Improved visibility into transaction performance and baselines, including cross-cluster transaction tracing Better-performing apps with reduced downtimes, leading to a better end-user experience and increased user productivity Minimize disruptions to business operations, including potential revenue loss due to downtime or databases running in degraded mode Understand how other resources (e.g. network) impact database performance 11 STORAGE MONITORING FINDINGS KEY FINDINGS FOR STORAGE MONITORING INDUSTRY FACTS 38 files Files that should be cached based on NFS response counts. This will improve network utilization and experience for users in branch offices. PCI, HIPAA, and Sarbanes-Oxley all require file audit access TechNet In Windows Server 2008, CHKDSK requires 6 hours to identify corrupt files in a system with 300m files TechNet 1.42K errors Storage errors can be investigated to identify corrupted files, access, and performance issues. 1 scheduled backup A scheduled backup job is causing zero windows (extreme latency) in NAS response and causing application errors. See the Appendix for Storage Monitoring dashboards 12 STORAGE MONITORING VALUE BUSINESS VALUE Reduce unplanned and planned downtime of critical systems Tune the performance of many applications dependent on storage, including database and VDI Improve IT productivity by immediately surfacing storage issues (such as corrupt files and operation locks) before they cause issues 13 SMTP MONITORING FINDINGS KEY FINDINGS FOR SMTP PERFORMANCE MONITORING INDUSTRY FACTS 2,000 errors 300 milliseconds High SMTP error rates could indicate delivery failures that impact employee productivity and business operations. Spikes in server processing time should be investigated as they could be indicators of issues like attempted overloading of mail servers, malicious spamming, or compromised clients. In a survey of over 1,000 organizations, 72% experienced unplanned outages in a year. Of those, 71% lasted longer than four hours MessageOne ~21 billion s appearing to come from well-know commercial senders did not actually come from their legitimate IP addresses (between October 2014 and March 2015) Return Path was the main channel for 8.2% of all data leaks globally in 2014 Infowatch 5,000 unencrypted sessions Encrypted sessions protect sensitive information in flight. A large number of unencrypted sessions could increase potential security risks and cause noncompliance with policy. See the Appendix for SMTP Monitoring dashboards 14 SMTP MONITORING VALUE BUSINESS VALUE Improved visibility into SMTP errors and performance Minimize disruptions to , which can disrupt business operations, lower employee productivity, and impact customers and partners Better visibility into SMTP as a potential security vector, including identifying DLP incidents Augment messaging hygiene capabilities Maintain SLAs 15 WEB OPTIMIZATION FINDINGS KEY FINDINGS FOR WEB OPTIMIZATION INDUSTRY FACTS redirect codes 302 redirects indicate a temporary change in URI. Change these to 301 redirects for better SEO. People will visit a website less often if it is slower than a close competitor by more than 250 milliseconds New York Times 3.5k/hr 500 server errors 500 errors occur when a server encounters an error but can t provide more information. If this number is not zero, you have a problem. A 1-second delay in page response decreases customer satisfaction by 16 percent, which in turn results in a 7 percent reduction in conversions Trac Research 101k/hr 404 errors 404 errors can indicate broken links pointing to your site, or other misplaced resources. Users seeing these may leave your site and never return. 1.6M Requests for.gif images Gif files are notoriously large, and your site is seeing many requests for them. Consider a different image format to reduce bandwidth consumption on your most requested assets. See the Appendix for Web Optimization dashboards 16 REAL USER MONITORING FINDINGS KEY FINDINGS FOR REAL USER MONITORING INDUSTRY FACTS 1 seconds Perceived page load time by endusers. This is good performance but should be monitored to ensure revenue, conversions, and user satisfaction. Up to a 7% increase in conversion rate can be achieved for every 1 second of performance improvement KissMetrics 2.4 seconds 330,000 Server processing is the largest contributor to performance. Pages are usable sooner, but this should be watched. Dropped data segments forced application retransmissions impacting end-user performance and should be addressed immediately. Up to 1% of incremental revenue can be earned for every 100ms of performance improvement Walmart Page Speed Study A one second delay can decrease customer satisfaction by 16% Aberdeen Group Microsoft Windows Is the most common end-user platform. Understanding platforms, browsers, and usage focuses application, network, and infrastructure tuning efforts. See the Appendix for Real User Monitoring dashboards 17 WEB OPTIMIZATION & RUM VALUE Cost Savings Percent of Web Dev time spent per month on performance/availability issues 15% XYZ Corp Percent of Ops team time spent per month on performance/availability issues 15% XYZ Corp Number of people on Web Dev team 2 XYZ Corp Avg. salary of a Web Dev $95,315 Glassdoor # of people on Dev Ops team 2 XYZ Corp Avg. Salary of Dev Ops Engineer $105,000 Glassdoor Potential reduction in MTTR using ExtraHop 40% TechValidate Survey Personnel cost savings annually $36,057 Estimated hardware and infrastructure spend related to scale and performance $250,000 XYZ Corp Reduction in misallocated budget due to hardware spend 2% ZDNet Annual cost of current Real User Monitoring (RUM) solution - software, support, overhead $75,000 XYZ Corp Expected savings from reduced infrastructure spend and RUM solution costs $80,000 Revenue Drivers XYZ Corp Unique Users per Year 1,000,000 Google Page Speed tool Page load performance (seconds) 5 Google Developer Research Expected improvement in page load speed (seconds) Aberdeen Group Estimated 7% increase in conversion rate for every second of improved performance 1,750 Average revenue per user (ARPU) $10 XYZ Corp Potential revenue increase based on increased conversions $17,500 OR Annual site revenue XYZ Corp Potential revenue increase based on each 100ms performance increase $0 18 WEB OPTIMIZATION & RUM VALUE (CONTINUED) Risk Mitigation Annual web unplanned downtime (hours) 8.75 XYZ Corp Cost per hour of unplanned downtime $21,000 Trac Research Annual planned & unplanned degraded performance 36 XYZ Corp Cost per hour for degraded performance $4,100 Trac Research Annual SLA Payouts due to Web Application Downtime or Slowtime $5,000 XYZ Corp Potential reduction in MTTR using ExtraHop 50% TechValidate Survey Potential savings due to added visibility from ExtraHop $168,175 Total Annual Savings $301,732 WEB OPERATIONS BUSINESS VALUE Force-multiplier for the Web Development & Optimization teams Shorten time to remediation by up to 50% Optimize web properties for speed and efficiency, which positively impacts conversion rates Reduce SLA liability from poorly performing websites or applications Reduce hardware and software spend related to web performance REAL USER MONITORING BUSINESS VALUE Target development and optimization priorities based on usage by mobile, desktop, platform and browser Support agile DevOps processes through complete cross-tier visibility Provide business stakeholders clear, consistent, and self-serve SLA dashboards 19 VOIP MONITORING FINDINGS KEY FINDINGS FOR VOIP MONITORING INDUSTRY FACTS 2.88 mean opinion score (MOS) 9 milliseconds 2,800 SIP 401 status codes Minimum MOS score observed for RTP provides insight into service level violations. MOS ranks from 1 to 5 with 1 being the worst. RTP jitter is acceptable, with the maximum jitter reaching only 9ms. Excessive jitter makes calls unintelligible. Responses with the 401 status code indicate unauthorized activity and should be investigated. Packet capture is the most relied upon troubleshooting method for V
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks