Back in July, I wrote in a SearchNetworking newsletter about the challenge of choosing the right network management tool:
There’s not only overlap among these tools, but also a lot of variation in what they aim to manage — so much so that an apples-to-apples comparison is almost impossible to make. So far, it’s up to the people using the tools to clear up the confusion and determine the best approach.
I then asked readers to send me their thoughts, and received a very insightful reply from Internet security professional Rob Newby:
Network Monitoring and Management is a space which has been booming in recent years. A number of tools have grown up to monitor jflow, netflow, cflow, etc. There are more SIM, SIEM, and Log Management tools than I care to think of at present, most of them starting with “Net” something or “Log” something.
However, like all the simplest questions, “Why is the sky blue?”, “Why is there thunder and lightning?”, etc., the answer is longwinded and complex, and not as simple as this.
I have worked as an SE, and lately Product Manager for various companies, selling IT security tools, network add-ons, devices, software and hardware. For as long as I can remember, people have asked for centralized management and simple monitoring. The problem, of course, comes from the fact there there are no standards for these security devices and tools, apart from weak protocols such as SNMP and syslog, which are not up to the task of controlling and watching a network of hundreds of nodes.
To prove the lack of alternatives, HP Openview, an SNMP tool which gives a picture of network health by picking up SNMP traps, is still as popular today as it ever was. Nagios, and open source version is still used in many enterprise environments. Syslog collectors are available for all the “Net” and “Log” devices mentioned above.
Because of the lack of standardization, centralization is increasingly difficult unless you have some sort of vendor tie-in. Microsoft’s Operations Manager (MOM) is looking to be the most likely candidate for popular centralized management as the market crawls forwards to its decision. At the moment, it is wide open, however… and vendors are also moving towards SOA type offerings which can interact without the need for building APIs.
The market itself is crowded and becoming more complex. It is hard to make progress in any of these areas, and those leading the standards are the ones who will inevitably make the best of the markets. A common event format is being proposed for Log Management devices, for example. If you can’t standardize the software everyone is running, standardize the output — it makes sense.