What is our primary use case?
We are geographically spread across 11 countries. At each location, we have a firewall and other critical IT infrastructure. We have to log in to all the systems and different URLs, so we are very dependent on some individuals who have the knowledge, control, or access. Moving to this system, I have a single portal where I can access all 10 locations' firewalls from that portal with easy manageability.
We are in the life sciences domain with a lot of customer-hosting apps in our AWS cloud. We deployed this monitoring system in our on-premises environment to monitor all the critical IT infrastructure.
We are using the latest version.
How has it helped my organization?
We use the solution to automatically trigger processes to help to resolve issues when the solution detects compliance violations. While they don't have a report, this feature is in our environment. For example, our system is ISO27000, but it can miss this, instead our system goes through the on-premises process. We have segregation of duty, data storage, and the level of data encryption as well as how the server is being protected from the onset. We took all these things and kept them since it is under our validated environment. Any system implemented with us has to follow through this process. We can confidently say that our system is there, but the moment we move to SaaS or hybrid, we won't have control because they don't provide this. So, they need to build in this sort of solution for SaaS or hybrid.
I have a Moscow office. In Moscow, I don't have an IT engineer. We have a very small team in a satellite office. We can easily manage the firewall, servers, and other things from here. When we are operating a central kind of implementation for any new initiatives, that is a big challenge for us. However, by implementing this monitoring tool, I can write any policies or procedures centrally. The process is harmonized so I don't need to worry about whether these policies play well with a particular Germany or Moscow firewall. This is more like a control mechanism. We could see the responses after implementing this tool.
Manual or time-consuming activities have been reduced by implementing this solution. Getting this information from each site takes a lot of time. Sometimes we get the wrong updates where the accuracy is not intact. By implementing a centralized tool that manages availability and the health situation of far away systems, this was ideal rather than doing it manually. Though, it was a learning curve for us.
What is most valuable?
The most important part is the real-time network monitoring dashboard. It pops up when you log into the system so it gives you clear-cut, real-time availability of the firewall/gateway-level infrastructures.
My network team, the server team, and I have different dashboards. There is also a complaints manager who has different access. These different dashboards are important because we are in the life sciences domain, and segregation of duty is very important.
The role-based dashboards summarize data points as well as provide charts and topology diagrams in a single window. We support all other regions from India. Therefore, it is better that the dashboard is a single point of entry to each site, managing those infrastructures.
The dashboards tell us the details. For example, even in the firewall, I can go to the port level. Then, on the port level, I can deep dive on the configuration. It will also go into the level of services, memory, CPU, and storage availability. From the dashboard, you can look at that specific infrastructure or asset.
The graphical user interface is very good. It is readable, which doesn't need a technical expert to do that. That is critical. You don't need a network administrator or some other administrator to see the monitoring or anything else. Non-technical people can log in and understand it.
Infraon's individual tunnel monitoring capabilities are more critical on the firewall side because we have a lot of Point-to-Point Tunnels created. The tunnel usage is more critical when you have a ransomware attack or any other attack has happened. When I implement a policy for a particular configuration, it will apply to all the tunnels. That makes easy for us to manage or maintain. This is a very important feature.
What needs improvement?
The reporting capabilities are a challenge and could be improved. We have been trying to connect to it from our help desk ticketing system, because the ticketing system manages asset tracking, which has been a bit challenging for us. Otherwise, they give some reports that are okay, but we do not use them much because we work in the dashboard.
This solution is available in SaaS. The reason why we have not gone to SaaS is they do not have a country-specific separation of assets. There are GDPR and other requirements that might require country-specific sensitive information to be filtered as well as other things that need to be taken care of. Normally, if we need to do any compliance, like ISO27000 compliance, they don't have such a report within their system. This kind of report is missing from their SaaS. That is one of the reasons that we have gone to the on-prem version, where I am assured that my data is secure. I can take the report and show it to them from a compliance point of view. However, the moment we go to a SaaS model, I don't have control of the data and where the data is stored. I don't receive any complaints-based reports from the SaaS model.
For how long have I used the solution?
We have been using this solution for four to five months, including the implementation and PoC. We did the PoC in November 2020.
What do I think about the stability of the solution?
It is stable. We have never had an issue.
What do I think about the scalability of the solution?
Since it is on-prem, storage and our virtual environment are within our control. There has been no issue in terms of scaling up with the system. The scalability is good.
We have five to six people working in the system for different purposes. I log into the system based purely on availability, systems' health statuses, and other things. At the same time, a network engineer will have much more involvement than that.
Within our system, we have around a 34-member team. Out of those 34 members there are only five or six people using this system because I don't want to give everybody a login with access to it. Since we centralize the management of the system, there are only a few people who have access. We built it in such a way that we manage it with limited resources.
How are customer service and technical support?
The technical support is good. They are very aggressive. They understand that requirements are very important.
Which solution did I use previously and why did I switch?
Earlier, we were using Zabbix, which is open source. We had a lot of challenges with it. We had to build a distributed Zabbix environment, giving it a different kind of report. We were set up on that. While the product was very good, we were not capable of properly implementing it.
Infraon IMS reads firewall logs, which is an important reason why we chose this product. There were other products where we had an issue reading the logs of firewalls and other things. Most of the tools provide an SNMP log, but we can reach syslog and other firewall logs with this solution. The best part: Our policies can be driven from this system and applied to multiple firewalls. For example, I am writing a rule for some URLs or specific sites to be blocked. I can then write one single policy which can be pushed to all 10 different locations. Earlier, we used to log into each system and do this process. Now, the system takes care to push these common policies.
This tool was introduced by one of our vendors. Through them, we got to know this tool and engage with it.
How was the initial setup?
We built a PoC where we provide all this information. That PoC was running in 30 days. Effectively, once the PoC was complete, we upgraded the system to production. That is how it happened. So, the implementation was very smooth.
We started with a PoC for around 20 assets. This takes a day or two, but it took a lot of time to understand the configuration and make changes. That took a couple of weeks because we were not familiar with their dashboard and they were not familiar with our life sciences domain requirements and regulatory requirements. That was the challenge. Once they understood our requirements, the configuration part was more like a day-to-day job.
What about the implementation team?
The team is very eager and aggressive on this. Priya put a lot of effort into the system. She provided more clarity on how to implement it. She also understood our requirements. Any tool implementation is successful based on the people who were involved and how well they understand the customer requirements and implementation. In this case, the vendor's team was good.
Maximum two to three major players were involved from our end, maybe someone from network admin and another person on the server side. They were directly involved, but there were a few other people, like the site engineers, who contributed but weren't directly involved.
For setup and training, we only ever worked with the Everest team.
What was our ROI?
It gives us a lot of time savings. 60% to 70% of our time has been saved.
We are able to see the availability. Before people know that the infrastructure is down, we are able to get this information from the system. That is critical as far as infrastructure operations. This solution provides cost savings and is effective.
Our response time is within 30 minutes for any support. This solution provides alerts immediately, so we are within our SLA, giving efficiency to our support.
It improved our data and availability accuracy over doing the work manually. Once we installed this central system, our site engineers who provide the data started believing in the data's accuracy.
What's my experience with pricing, setup cost, and licensing?
The cost model is within our budget. I have less than 180 critical assets, but the moment that I have 1,000 assets, then the license model is totally different. I don't know whether they are capable of handling that kind of a load. They could revisit the licensing model. They are not mature enough to define this license. We had a discussion about that.
They have given us different services as a separate license, but the cost is not there proportionally against those services. The cost was one number, but the number of services were specific to the license. For example, for server licenses, they have X quantity, and network licenses also have X quantity, but they cumulate the cost and then provide it. They don't provide the unit cost. Normally, when you work in costing, you should have some kind of clarity about standard, professional, or enterprise kinds of models, or go with a unit-based license. So, we redid our licensing cost and they provided it. So, they should work on their licensing model.
Which other solutions did I evaluate?
We evaluated ManageEngine and this solution. After doing the PoC for Infraon IMS, we were happy with it so we ended up implementing it. We didn't go with other tools because of cost and the support from the bigger players is limited. We got burned with an implementation of a bigger player previously and were not keen on going that way.
Normally, you have a product for different sectors. For example, network management will have a separate tool from server management. Here, it is a mixture of these tools in one system. Additionally, you can do vulnerability and penetration testing from this associated product. You can do network auditing, vulnerability assessment, and penetration tests on a particular critical infrastructure. Plus, you can do monitoring. I didn't see many tools that had this combination of services. There are many enterprise tools available, but we cannot afford those. This solution was something that we could afford and achieve what we really required.
What other advice do I have?
I would recommend this tool for people who want to have data accuracy in terms of availability and policy harmonization. They should look for this tool.
We are very good at integrating it with third-party applications, like AWS and other information security platforms. For our SOC, we build using some other tools, like Acunetix as SAS programming. We have integrated all these things.
I haven't seen any workflow automations.
We plan to increase our licenses going forward. However, Everest is a small company, and that has risks. I don't know their five- or 10-year plan. They need a proper roadmap for customer support, engagement, etc.
I would rate this solution as an eight out of 10. The licensing model, the compliance report, and integration of other tools are little challenges that we have with the tool. Though, we are happy with the tool. Aside from that, our requirements have been fulfilled.
Which deployment model are you using for this solution?