We haven't encountered too many scalability issues yet, but we haven't really tested scalability. We haven't tried running a massive amount of artificial network traffic through it, but for our purposes, it has been performing fine.

We expect to increase usage in the future because the InfoSec team is growing and we have more bandwidth. Our strategy for onboarding Awake was always with the awareness that our InfoSec team was very small. When we onboarded it, we needed that additional external resource, the MNDR team, to help us monitor the network as well as the appliance itself to provide visibility. But when we were evaluating Awake, we also saw that there was a growth path, that there are more capabilities to the appliance and it's an appliance that we can dive into, hands-on, ourselves. As the team grows, it's something that will grow with us and allow us to get more immersed in, ourselves.

I have a larger appliance than I technically would need, but I prefer that. If my organization goes up 100 percent, the appliance will still be suitable. So the scalability is there. If you switch from a 50-person shop to a 1000-person shop, it's easy to upgrade the appliance. They get a new one, install it, migrate the data, and you're done. I don't have any reservations about that.

It's scalable. With the AWS sensors talking to the main appliance, I'm not worried about scalability as our cloud infrastructure scales. I can see how deploying new sensors in new locations would scale easily with my main infrastructure growth.

We're hoping to increase our team from one to two. I'm hoping, as we increase our team, that I can focus more on delving into this, and not solely rely on managed services for reporting. I hope to be able to go in and explore and do my own investigations and utilize it more.

There is enough overhead. When we start adding additional traffic, like our cloud landing zones, it will be not be a problem.

We will be increasing usage, and it will be geared more towards the compliance around our financial vertical.

Scalability goes back to that design you have to do upfront to figure out what parts of the network you are most concerned about. If you do that work upfront, you can scale it as much as you want to. You should be thinking about how many devices you really need. In terms of scaling the devices and having a management console to do that, that part of it is pretty simple.

We have three people that interact with it on a regular basis. We have a Cyber Defense Manager and two incident response analysts that use it on a regular basis. We do a weekly call with Awake Security, where we review new detections that we might work with them on and that take time to develop or specific things that we might have been seeing in other parts of the environment that we want to make sure that they're aware of.

Our Cyber Defense Manager is more involved in the tuning of the device, and he talks to them on a weekly basis. Then the IR analysts are reviewing alerts on a daily basis or an as-needed basis as they come through. They're also involved in the weekly calls.

We use it in our locations with the most sensitive engineering-related use cases today. Not all of our locations, some of our locations. Our largest locations tend to have an engineering arm at those locations. That's where we focus the Awake devices today. So far, our deployment has been on-premise only, but we are starting to look at their cloud options as different business groups start to expand to AWS and GCP.

Some of what we're working on now is getting our satellite offices redirected. If I worked for a larger company it would be harder to get this implemented in all of our sites. It's good, site-per-site. I'm still trying to figure out how I can get some visibility into the satellite, small, one- and two-man offices. They're working with me to help come up with that solution.

Right now, it really requires having your internet traffic go through it to have the right level of visibility. For a bigger company that's a little more challenging, depending on how the corporate environment is structured. In my old company, we had 80 different ways to get the internet. That was challenging in and of itself. This company is much smaller so I don't have that big of a challenge, but I do have some satellite offices and I need to figure out how to redirect that traffic through this system so I get some level of visibility there.

Because there's so much storage required to do as much packet capture as we'd like, it does take up a lot of rack space. Scaling requires additional hardware. It's not necessarily scalable but our network also doesn't grow that quickly from year to year.

As a university, we're an unusual situation. We're like an ISP. We've got 15,000 people who could come to campus any day. We've got outdoor wireless and indoor wireless coverage that cover about a square mile. We've got a high-performance research computing cluster. We do lots of research. We're also a small-to-medium enterprise. We also have several stadiums for different kinds of events. We have a health center as well. It's a very unique environment and there's a lot of complexity as a result.

For the scalability portion of it, we haven't really looked into that yet. Cloud TAPs and stuff like that will help determine when it is time for us to look into it. From what I can see, the scalability is pretty easy. Awake really provides a roadmap and guide which makes it pretty straightforward.

We are still somewhat in an onboarding phase because we have scaled back, focusing on specifically on Awake. Right now, an analyst and I log in and just review the adversarial model trend to look for any kind of alerts that have been escalated in the last day. Eventually, we will be onboarding it with our SOC and having about four or five additional people monitor that activity.

Currently, we do have a limit on the visibility we have with it, but we are seeing about 95 percent of our network traffic in our primary data center. Therefore, the scope of it is that we have 2,700 employees and approximately 6,000 devices. We don't have any definitive plans to increase usage in the near term. Ideally, we would like the budget requirements to expand into the cloud and get that remaining five percent visibility in our other data centers.

We're only using one appliance now, but it seems extremely scalable. We have plans to increase our usage of it. Within the next year, we are going to roll Awake appliances out to our remote sites as well.

Scalability is less of a concern for us because we have all the remote offices pointing back to our central location and we monitor everything at the central location. For our architecture, one appliance was all we needed.

We have over 500 monitoring points, but being in healthcare, we have certain assets that are very critical, special medical devices, and that's our primary focus. We wanted to make sure that we have visibility to devices that don't have agents on them because they are closed systems. We wanted to make sure that our vendors' and suppliers' communication to these devices was visible to us and that we know what's going on in those connections.

The scalability is very strong. We are going through an acquisition. Thankfully, I have staff now. But I can go out to the new site, put an appliance there, send that traffic to a hub, and from that hub I can see all three locations that we have now, in one spot.

As we scale, the tool can scale with us. I'm currently using it with a one gigabit interface. As we scale up, we will scale utilizing the tool.

It's very easy to scale. If we scale in terms of our bandwidth and utilization, it's as simple as looking at the next appliance. Then, assuming we scale to a back-end, if we were to look at a 10 gigabit interface, it's as simple as producing or plugging it in through a Network TAP or another SPAN port.

Seven people are using it right now in an analyst format.

If you need more investigation, you should add more Arista sensors. It is easily scalable. If you do not use Arista, you should put new sensors. There's only one difficulty in getting traffic to your sensor. If customers can do it, it is very easy.

Customers and government departments in Turkey prefer Arista NDR.