Welcome to TDI
 
virtualization
log management
outside in paradigm
console management
scada
corporate overview
 
it security alerts
white papers
news & resources
events
support services
contact us

SEARCH
         

The Natural Clock


Bringing Context to Forensics

"Outside in" infrastructure management enables an enterprise's infrastructure events to be time correlated based on a single independent clock, while maintaining any timestamp relevant to an individual message or event. This is TDI's Natural Clock.

Sitting in a room with 20 people, ask what time it is on their cell phones and computers and you will get answers varying by a minute or two - certainly by seconds.

It is no different in an enterprise data center with thousands of networked devices in its worldwide infrastructure. Although an enterprise datacenter will generally have a Network Time Server to provide a synchronized time across multiple platforms, one often finds a single machine "drifting" over time.

This drift breaks time synchronizations. It compromises data forensics.

When one can see an event take place on a server or in an application failure tied to a central Natural Clock, one gets extraordinary precision in delivering "context" to the problem needing remediation. Having the ability to correlate multiple device log files, irrespective of their independent timestamps allows for easier, faster forensic analysis resulting in reduced meantime to repair, or lower risk in the case of a security breach.

In Figure 1 below, a network problem occurs when a router, switch and database go down. There is no context to them. They are seemingly unrelated events.



In Figure 2, TDI's patented Natural Clock has isolated these events, shown the order in which they went down according to a universal time standard.



All the information is normalized to a single time line and readily presented and analyzed as a single file or data stream without having to piece it all together through data warehousing or post processing. This facilitates trend spotting, and more importantly, and forensic analysis that might otherwise be missed or misinterpreted.

Had a traditional "inside out" log management been used in this example, logs based on different clocks from different vendors would have clouded the evidence and made remediation that much harder.

It is another building block for the self-healing infrastructure.
 












home   products   solutions   industries   corporate   partners contact us terms & conditions privacy site map 1.800.695.1258
info@tditx.com