Press Release: OpsLogix Acquires Approved Consulting

Press Release: OpsLogix Acquires Approved Consulting

OpsLogix acquires Approved Consulting to expand its business with professional and managed services for IT-operations. Together we strive towards our new vision “Never down, always optimized, completely autonomous”.

OpsLogix has acquired Approved Consulting, a recognized expert of professional and managed services in monitoring, automation and analytics for IT-operations. Providing edge competence for the Microsoft stack, both on-premises as well as in the cloud, OpsLogix and Approved will jointly expand their capabilities to support customers with a combined product and service portfolio to secure mission critical IT.

Vincent de Vries, founder and CEO of OpsLogix on the acquisition of Approved Consulting: “We will focus on strengthening our expertise and experience in current technologies to better cater our customers. Both Approved and OpsLogix have a strong history in implementing and developing solutions for Microsoft monitoring products. The next step is to create and implement solutions which truly allow for self-healing IT environments. Together we will be best positioned to support our customers on that journey in the future.”

Approved, with HQ in Gothenburg – Sweden, is a well-known company for organizations working with Microsoft System Center Operations Manager (SCOM) in Northern Europe and has long-term relationship with close to a 100 recognized and respected organizations. Approved offers managed services that help IT departments towards an autonomous data-center.

“We have worked with OpsLogix and their products as an integrator for over 4 years and I am certain that together we can meet our client’s future demands even better than before. Expanding our managed services concept in Europe will also benefit more organizations that are struggling with efficient IT-operations”, comments Jonas Lenntun, CEO of Approved Consulting.

Download the full press release here

Looking Back At The First SCOM Management Pack Development Training In Amsterdam

Looking Back At The First SCOM Management Pack Development Training In Amsterdam

On May 15 & 16 we hosted the first SCOM Management Pack Development training in Amsterdam. It was an interesting and exciting course as for a first timer in our region, all slots were sold out in the first three weeks after the announcement.

SCOM Management Pack Development Amsterdam May 2019

Posted by OpsLogix on Wednesday, 29 May 2019

We value the excitement of all participants who joined us, including their feedback and trust in OpsLogix.

Special thanks to our partners Approved Sweden and Silect for their support and participation.

On Social Media

Sign up for our next training in August

If you are interested in joining our next training in Amsterdam in August, you can register and buy your tickets here.

Facebook Eventpage
OpsLogix is sponsoring SCOM-Day 2018

OpsLogix is sponsoring SCOM-Day 2018

When?

Wednesday 10th of October 2018, Visual Arena, Lindholmen, Gothenburg

This year’s theme

Hybrid Monitoring

As more and more people buy cloud services, we have focused on how to monitor hybrid environments with products such as SCOM and Azure prior to this year’s event. Therefore, we have invited Thomas Maurer (MVP) and Marcel Zehner (MVP), two of Microsoft’s “Most Valuable Professionals” and Martin Ehrnst (Intility), representing a major host retailer. All three will be present as a speaker will be available for you to share their experiences during the event.

For those who have not been able to participate in the SCOM-Day event of the previous year, now have the opportunity to join! It’s the ideal forum for anyone working in IT Operations at all levels. The idea is to network and get tips from colleagues in the industry, to work together towards a more modern and more efficient, innovative IT operation. In the previous years, organizations from all sorts of industries have participated and we hope that you will also appear this year.

The event is free of charge and the day is packed with valuable tips from well-known speakers in the area, along with the latest and hottest news from vendors.

Following feedback from our participants in previous years, we have chosen to cut the number of sponsors by half for the 2018 event and invite external speakers. We constantly want to improve the quality of the event to provide you with the best possible experience.

Agenda

0830-0900 Registration
0900-0905 Welcome
0905-0945 Thomas Maurer (MVP)
What is Azure Stack, how does it work and how do you monitor it?
0945-1015 Coffee
1015-1045 Opslogix
The future of VMware monitoring (on-prem, hybrid and cloud)
1045-1100 Leg stretcher
1100-1130 HYCU
More info will be available soon.
1130-1200 NiCE
Monitoring Office 365 based on your perspective.
1200-1300 Lunch & Quiz
1300-1330 Silect
Silect Portal for SCOM – Silect will demonstrate a new SCOM web portal that allows users to interactively view and share information about what is being monitored in their environment.
1330-1400 Approved
News in Operations Manager 1807 and Azure Management.
1400-1430 Coffee & Fika
1430-1515 Martin Ehrnst (Intility)
Experience from a host supplier to supervise a hybrid environment with SCOM and Azure.
1515-1530 Leg stretcher
1530-1615 Marcel Zehner (MVP)
Monitor and manage a Tesla with PowerShell, SCOM, OMS and PowerBI.
1615-1645 Closing

The event is primarily for end users and in order to ensure the quality, we reserve the right to refuse access to persons outside the target group. The number of seats is limited and the interest is large (max 3 from each organization).

Sponsors

 

Would you like to attend SCOM-Day 2018? You can register here!

 

We were Inspired! A look back at Microsoft Inspire 2018

We were Inspired! A look back at Microsoft Inspire 2018

Now that the holiday season is coming to an end, the OpsLogix team is slowly but surely returning after enjoying their hard earned vacations shortly following Microsoft Inspire in Las Vegas last month. We were proud and happy to present the newest update of our EZalert solution and inform our (future) customers about our plans for the upcoming release. In our latest update, we have basically turned EZalert, which was only a machine learning tool that could close new incoming alerts based on its training in System Center Operations Manager into a tool that also automatically sets resolution states. More information about the EZalert update will follow shortly.

Microsoft Inspire Las Vegas 2018

We appreciate everybody that visited our booth, showed interest in our solution or attended a demo. It was great to see new and familiar faces we hadn’t seen in a while.

The team has arrived! Let’s have a great one! #MSINSPIRE2018

A post shared by OpsLogix (@opslogix) on

Warm welcome from the Microsoft team! Day 2 #MSINSPIRE

A post shared by OpsLogix (@opslogix) on

Of course, we also want to be known as the exhibitor with the most fun sticker!! Who do you think won?

Want some of our fun stickers & magnets? Visit booth 1838 #MSINSPIRE

A post shared by OpsLogix (@opslogix) on

If you would like to learn more about EZalert, VMware Management Pack or our other solutions, go www.opslogix.com or drop us a line at sales@opslogix.com

Team OpsLogix

Why Are Less Than 1% Of Critical Alerts Investigated?

Why Are Less Than 1% Of Critical Alerts Investigated?

Many organizations seem to be suffering from alert fatigue. In a recent EMA report, according to Infosecurity, 80% of organizations that receive 500 or more severe/critical alerts per day, happen to investigate less than 1% of them. A shocking number to say the least! But what are the obstacles organizations are facing that allows such neglect?

From the EMA report, we can conclude that organizations face four major issues when it comes down to their ability to tackle these severe/ critical alerts.

 

 

Issues Organizations Face

Alert Volume

Recent surveys from the EMA report indicate that 92% of organizations receive up to 500 alerts a day. From all the organizations that took part in the survey, 88% said they receive up to 500 “critical” or “severe” alerts per day. Yet, 93% of those respondents would rate their endpoint prevention program as “competent”, “strong”, or even as “very strong”. So there either seems to be a big gap between perception and reality or alerts that are considered to be “severe” or “critical” should not be categorized as such. Either way alert management does not seem to be representative.

Capacity

Even if organizations have detection systems in place that create massive alert volumes, what they often lack is human resources to manage the alerts. Organizations are clearly dealing with a large capacity gap. Of the surveyed organizations that receive 500 to 900 severe/critical alerts per day, 60% have only 3-5 FTE’s working on the alerts.

On top of that, 67% of those surveyed indicate that only 10 or fewer sever/critical alerts are investigated per day and 87% of the participants told that their teams have the capacity to only investigate 25 or fewer severe/critical events per day. For most of the participants the alert volumes are high, however, the resources at their disposal are critically low. As a result, less than 1% of the incidents end up being investigated.

Priority

The research assumes a need for prioritization and classification into severe/critical buckets, which is understandable given the traditional, manual approach to Incident Response.

“In truth, any prioritization is a compromise, and the act of classifying by priority is merely a justification to ignore alerts.”

However, in doing so, the numbers are even worse and new questions arise. If less than 1% of severe/critical alerts are ever investigated, what percent of all alerts are investigated? What percentage of alerts are incorrectly categorized and how many alerts are classified as benign and ignored completely, yet warrant follow-up?

In truth, any prioritization is a compromise, and the act of classifying by priority is merely a justification to ignore alerts.

Incident Response

The three prior problems seem to indicate a substandard, broken incident response process. If there are too many alerts to investigate, but not nearly enough people to follow-up and the need to classify all alerts is maintained. All of this just to be able to act on less than 1% of the total number of alerts. However, 92% of respondents indicated that their Incident Response programs for endpoint incidents were “competent” or better.

The only way this makes sense is if respondents felt that when their Incident Response teams were finally able to actually take action on the small percentage of alerts that get to this point and they were successful in addressing the issue.

 

 

Conclusions

  • Detailed analysis showed that in aggregate 80% of the organizations were only able to investigate 11 to 25 events per day, leaving them a huge, and frankly insurmountable, daily gap.
  • Either due to a lack of tools to collect data or a lack of tools with the ability to analyze data, this issue is created by a lack of high-fidelity security information.
  • Information isn’t the problem. This and similar surveys show the depth and breadth of the problem facing cybersecurity teams today. However, simply gathering more information to hand off to analysts isn’t the answer.

 

 

The Solution

Automation is a key aspect of creating an effective and mature security program. It improves productivity and, given the lack of staff and the abundance of incidents in most organizations, automation should be a priority in the evolution of prevention and detection.

“Automation is the answer!”

When asked about automation of tasks such as data capture and/or analysis as they related to prevention, detection, and response for both network and endpoint security programs, 85% of the respondents said it was either important or very important.

Thus the only viable approach to the increase in alerts and scarcity of capacity is to use security orchestration and automation tools to:

  • Automatically investigate every alert as an alternative to prioritizing alerts to match capacity, use a solution to investigate every alert.
  • Gather additional context from other systems by automating the collection of contextual information from other network detection systems, logs, etc.
  • Exonerate or incriminate threats by using both known threat information and by inspection, decide whether what was detected is benign or malicious.
  • Automate the remediation process, once a verdict has been made, automatically remediate (quarantine a file, kill a process, shut down a CNC connection, etc.).

While we’re biased, this approach is the only way.

Hexadite, the only agentless intelligent security orchestration and automation platform for Global 2000 companies also states that automation is the only real answer by saying “it is impossible for organizations to hire enough people to create an adequate context for the data – and thus provide high fidelity security information.”

 

 

 

References

  • “Less Than 1% of Severe/Critical Security Alerts Are Ever Investigated” By Tara Seals for InfoSecurityMagazine.com, Retrieved April 8, 2018.
  • “White Paper: EMA Report Summary: Achieving High-Fidelity Security” EMA Research, Retrieved April 8, 2018.