The Integralis Security Service Appliance (SSA)
The Integralis SSA is a hardened Linux-based appliance that is installed at your site and located as close as possible to the devices under management. It is typically on a dedicated network or management network.
Devices being monitored by Integralis are configured to send their log data (syslog, SNMP traps, OPSEC LEA etc) to the SSA. The SSA is configured to accept logs from the managed devices and it will raise an alert if no logs are generated (for example, if a device has failed). The SSA processes the log information and uses it to create alerts and generate data for reporting.
Devices being monitored by Integralis are configured to send their logs to the SSA. Servers being managed also have agent software installed for performing additional Integralis services. This agent software typically checks the CPU, disk, swap usage and other areas. The agent sends the information to the local SSA. For devices where an agent can’t be installed, the SSA will perform these checks by regularly connecting to the appliance and checking values. You get these benefits when you deploy the Integralis SSA:
- Processing is done as close to the devices as possible, reducing the amount of data that needs to be sent to the Security Operations Centers (SOCs) and thereby conserving network bandwidth and processing resources.
- The managed device can send the logs in clear text to the SSA because it is located on the same site and the SSA then forwards them securely to the Integralis SOC.
- The SSA can act as a local repository for backup files or software that may be needed to rebuild the managed devices in the event of a failure. Rebuilds and restores are done much more quickly because everything is held on site.
- The SSA acts as a secure point-of-presence on your site. That means insecure protocols that are required for legacy management (for example, Telnet) can be used between your site and SOC because they can be tunneled over secure channels.
- Because the SSA is at your site, it is able to “see” devices on the internal network that might not normally be visible from the outside world. This allows Integralis to monitor devices on the internal network without requiring each device to have an externally registered IP address.