Last week I had the opportunity and the pleasure to sit down with Tim Titus, Founder and CTO of PathSolutions as he took us on a journey through some of the new releases within the PathSolutions and TotalView Portfolio! For those of you who know me, I have a soft spot in my heart for System Operations, Network Management, and most of all, the simplification of operations so we can spend less time troubleshooting and figuring out the CAUSE of problems. It’s with these very points in mind that I was really excited to be a part of the Security Field Day 3 (#XFD3) delegate panel, as well as the chance to have some 1:1 time with Tim following the event!
To start with, this wasn’t the first time I was exposed to PathSolutions as I had worked with and used their tools in the past to help chase down and troubleshoot some problems in particularly odd network environments where correlation was definitely not causation, and getting to the root of issues was, challenging to say the least! That’s why I’ll make a particularly special shout out to the, “Proactive Issue Resolution” feature within TotalView, because if nothing else, hopefully YOU can use it too to help you trace down the cause of an issue that may plague you so! (Known, or unknown!)
Before I start digging into the details of the new Security Operations Manager functions within PathSolutions TotalView I would like to explicitly mention a few of my favorite pieces of TotalView, because it falls into one of those, “Wait, I didn’t know it did that!” category, and this will make it so much more convenient when I come back to look at this in the future and want to remember just what else everything it does is!
At a gist, TotalView’s Core package includes:
- Network Configuration Management – Nothing beats a collection of Device Configurations you can review, compare and roll back from!
- Proactive Issue Resolution – I mentioned this! Also if you didn’t notice, there’s a “Cable” feature where it can predict if you have a cable faliing!
- WAN Health Report – This is kind of table stakes, but it’s also nice that it incorporates this.
- Fully Integrated Port Mapper – This is nice, not an nmap scan, more of a correlation between Switch Ports and the devices behind them.
- Interactive Network Diagram Tool – Remember when this feature existed in VISIO 5.0 and since then we’ve lived in a sad world? It’s ok, we got you.
- Total VoIP Visibility – I would be lying if I said I didn’t use this on multiple occasions. That and MOS Scores which kind of matter when you’re VoIP’ing!
- Cloud Service Monitoring – This isn’t just for the inside of the network! We can expand this to the Cloudternet! Awesome, I know.
One extra piece I want to call out explicitly is the VERY cool “Financials” view which can save you time and literally money when it comes to reviewing what you have on the books from an Operations and Support standpoint. This is widely overlooked in many networking houses, but tell me that’s not cool!
I’ll stop there because the list would literally go on and on – They have a pretty good breakdown of many of the core features here broken down by “role” within the business or organization that you should check out for a little more depth! Now let’s get back to the topic at hand here! What’s new in the land of SecOps!
The first area I want to focus on with this is CVE to device correlation. This is huge. Since the tool KNOWS about many of the devices on your network, what they’re running and maintains updated pulls of new CVEs, equally at a glance you’ll be able to see HOW MANY of your devices happen to have a “Critical”, “High” and so forth vulnerabilities. Why this matters is, whether you’re running quarterly PCI scans, or frequent/infrequent scans with your favorite tool (Qualys, Nessus, Rapid7, Nexpose, Tenable, Greenbone, derivative nmap scans) etc, you’ll be able to “Know” things without having to wait until the next scan runs and happens to hit your desk! This doesn’t FIX the vulnerabilities… That’s still on you, but you’ll know something that maybe a few minutes before, you wouldn’t have known at all! That’s usually why I would leverage a service like Remedy8 Security to “Remediate my Security” vulnerabilities! But hey, I digress 🙂
The other piece I found the most exciting is the new “Exposures” functionality! To quote GI Joe, “Knowing is half the battle”
What’s really nice about visibility into vulnerabilities in HTTP, FTP, Telnet, SNMP, ARP, IP, RLOGIN, DNS, NTP and SMTP is, these items will often go overlooked for years. And while these things can absolutely result in some security vulnerability or exposure, they often will result in “Odd Network Problems” that can be a pain to troubleshoot when they occur (the perfect example being, NTP time out of sync from wrong NTP server) etc.
All of these examples are perfectly fine and all, but these are pulled from the PathSolutions Online Sandbox environment, which is free to access and a great way to get familiar with the dashboard and the tool. You can take it a step further with getting in touch with them and see about getting it working in your real environment! But what do I know, I’m not affiliated with PathSolutions at all outside of a genuine curiosity and having worked with the tools in the past and the present! So hopefully you find this useful!
If this has been interesting to you, I encourage you to check out the two videos below where Tim Titus dives into the details, under interrogation and live-fire by the Security Delegates represented! 🙂
A dive into the PathSolutions TotalView SecOps Manager Demo
Hopefully you found this helpful and useful! What was some network operations or visibility challenges you tend to face?