Security Products
Showing results for 
Search instead for 
Do you mean 

Why is continuous monitoring (OMB M-10-15 Compliance) so important?

Sridhar Karnam (Sri_Karnam) ‎06-28-2013 09:57 AM - edited ‎07-07-2015 10:54 AM

it ops analytics.pngIT operations detect, correlate, protect, and predict performance events of the IT infrastructure through a single-pane-of-glass (unified console) like your car dashboard. This helps to isolate the root cause for each specific event, conduct impact analysis, isolate business issues, contain firther problems, and effectively correct incidents, all through a single simple interface.


Predefined policies, implemented as automated processes, capture exceptions, performance issues, or IT incidents across applications and network devices. These incidents are then correlated and rolled up to business service views in order to facilitate a prioritization based on impact of the event.


Continuous monitoring in real-time across unrelated data sources and logs presents a real challenge, but it’s necessary to gain trust in your data collection across all IT operations. This monitoring must also be automated to combat progressively more targeted cyberattacks driven by sophisticated, finely tuned, and increasingly automated processes used by cyber-criminals, terrorists, and politically driven hacktivists.


Many governments, particularly at the central government level, are beginning to mandate the implementation of continuous monitoring practices in their IT systems. In the U.S., the Office of Management and Budget (OMB) issued a continuous monitoring mandate, OMB M-10-15, in 2010 to provide reporting instructions for the Federal Information Security Act and Agency (FISMA), but only through more recent guidelines from partner organizations such as the National Institute of Standards and Technology (NIST), with their special publications, has the U.S. begun to provide more deliberative and prescriptive guidelines.


IT operators rely on event reduction techniques such as correlation engines, or limit either the breadth or depth of data collection to only machine data from business-critical applications. The machine data collected is typically not categorized or normalized, and there are no tools to search events or logs. The data is also retained for the short term and may not fulfill the need to keep services up and running at all times.ppt_library_4x3_divider-02.png


This short-term retention of data limits the intelligence in the system, as events fixed and annotated a few months ago may not be stored for retrieval. The alternate option is to invest in expensive databases and resources to manage and analyze the data. 


Check out how these problems can be fixed through combining HP ArcSight, the industry-leading Security Analytics solution with the HP Business Service Manager, the industry-leading IT management solution.


Download the attached Whitepaper or visit: for more info...

About the Author


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all