Monitoring vs Detection

What is the difference between our elastic monitoring/security tool Elastic Detector and the monitoring feature of EC2 called Amazon CloudWatch – aren’t both monitoring tools? The answer will illustrate what we understand by elastic monitoring and elastic security, and explain the difference between monitoring and detection.

Amazon CloudWatch allows to measure performance metrics of individual resources (instances and volumes). The information can be retrieved via a specific API, but also visualized as a graph within the EC2 console. The metrics currently supported are CPU, Disk I/O and Network I/O. While the API allows to retrieve information aggregated by instance-type or image-type, the console currently only displays information per resource. The API also allows to define alerts in case a metric exceeds a certain threshold.

Elastic Detector also collects performance data and even uses the CloudWatch API to retrieve them. It also sends notifications for alerts, but there are fundamental differences:

  • Elastic Detector doesn’t only collect performance data for specific machines, it collects all information that it can get for the whole infrastructure (including security groups and relations between resources). This happens fully automatically without human intervention and immediately, that is, as soon a resource is allocated.
  • Elastic Detector exploits and analyzes the collected information to automatically detect anomalies and notify users about those anomalies, which may be linked to performance data, but also to configuration inconsistencies or security issues. Information filtering is hereby essential to discriminate important from unimportant issues.

Therefore, detection is a layer on top of monitoring that uses the data produced by the monitoring layer to improve visibility, detect problems, and analyze anomalies. The ultimate goal of detection is to give users full visibility over the whole infrastructure to quickly discover problems, distinguish relevant from irrelevant information, and provide them with the tools and the context to track down the origin of those problems to eventually solve them.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s