KedronUK has reached the grand old age of 21 and will be celebrating this milestone with the team by attending the Henley Royal Regatta 2024!

We find it hard to believe we are making over two decades of success in the ever-evolving IT industry, so we wanted to take a look back and share with our customers where it started, what has changed and where we think we will be going next!

Starting out as a provider of network management tools in 2003, KedronUK quickly expanded its services to include application performance and end-to-end visibility. 

As the industry continued to shift and evolve, so did we. 

On Prem – Cloud – Hybrid
One of the most significant technology trends has been the shift towards cloud computing and virtualisation. As more businesses have moved their data and applications to the cloud, traditional IT management and monitoring tools faced challenges. However, we found it was important not to jump into cloud monitoring specific tools only, as users still accessed services within their own networks and as we deal with predominately large and secure customers, often critical/sensitive applications and data would remain on premise. We needed to ensure we provided the best possible solutions for Hybrid environments using as few monitoring tools as possible. 

We Entered the Cyber Security Market
Finally, the growing importance of cybersecurity has also impacted IT operation management and monitoring. With the increasing number of cyber threats and attacks, businesses need to be able to monitor their networks and systems for potential breaches and respond quickly when a threat is detected. 

This has led to the development of new security-focused tools and platforms that are integrated with IT management and monitoring systems to provide end-to-end visibility and protection. 

This is why, in 2017, KedronUK expanded its services to include cybersecurity. This move reflected the growing focus on Cybersecurity threats in the industry and the need for businesses to protect their networks and data from malicious actors. We also ensured we stayed close to what we are and what we are good at, which is fundamentally getting our customers the right kind of visibility from the complex environments. By providing technologies like Network Detection and Response, Threat Intelligence, SIEM, and SOAR we have been able to broaden on product portfolio, whilst ensuring we stay true to our quality design and delivery process.

Machine Learning and AI
Currently topical with our customer base is obviously rise of artificial intelligence (AI) and machine learning (ML). With the increasing amount of data generated by IT infrastructure, AI and ML have become useful tools for analysing and interpreting data to identify potential issues and optimise performance. 

In many ways this is only just beginning, but we have found again the importance of a pragmatic and balanced approach. From our works so far reviewing capabilities and their implications for the system we provide that, as important as this technology is, it should not be seen as the magic answer to all challenges. In fact, the best outcomes seem to come when this tech is layered on top of already functional and mature monitoring platforms. 

What’s Next?
Here we have a look at a couple of areas where we think will be busy next. Phil Swainson, our Head of Technology, plans to review each fo these areas in more detail in a series of future posts celebrating our big birthday. Each edition will come with a special offer so keep your eye out!

• Unification of SOC and NOC – Maybe because of our background and development, we have seen within our own portfolio, or because of the increased expectation of shared data via APIs and open standards, we see that there will be an increased awareness that multiple technology teams have very similar technologies running parallels. More and more there are vendor solutions that cover multiple domains offering opportunity for cost saving and technical efficiencies. An example here would perhaps be network Detection and Response and Network Performance Management, both solutions collecting network traffic from Taps, Packet brokers or SPAN ports for analysis. 

• CMDB Comeback – Sometimes CMDB is a dirty word, many have tried to build and maintain an accurate solution that meets individual business operational and compliance needs but many organisations we speak to are still left frustrated. For this reason, we have seen vendors move away from the term and start using other terms to describe similar functionality and narrow their focus into security and other niche’s, you could argue AIOPs is one of those to some extent. We think the concept is still correct and we just need better tolls and processes to achieve a reliable way of getting to the end goal that stakeholders can then learn to trust. We think this is one area where AI and ML is extremely interesting and can complement but also assure best practice and processes. However, again we think AI on it’s own won’t solve the total problem. We’ve got some interesting ideas about what will so watch out for Phil’s upcoming blog post. 

• IoT/OT and IT Convergence – Like or hate it, these worlds are coming together and end to end views of performance and security are critical, bridging the gap between these two technology areas and cultures is surely a challenge that needs addressing with a unified approach. 

We’d love to know what you think, both about how things have changed in the areas of performance and security visibility, and also what you think will be next!

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Why is it that most large enterprises have invested so much into monitoring technologies, who typically have so many vendor technologies in place, still can’t see what they need, when they need to see it?

This problem isn’t new, and on the face of it, it’s probably not the most interesting topic to pick to write about, but it’s so prevalent and has such a large impact on running a successful Enterprise IT function, I think it’s worth exploring.

Top 5 Reasons Tool Overload Happens

A health warning; this is not a scientifically generated list, or even one of those annoying LinkedIn polls. It’s just a list of what we, as an independent consultancy, advising in the areas of IT Operation and Security analytics, see, all the time. 

Below are the top reasons we come across for monitoring tool overload:

1. Equipment vendors shiny new monitoring toy

This is when organisations purchase new infrastructure, and with that investment there is the option to buy the vendor’s new management software offering. And this time it really is brilliant, honest. 

Customers are interested as usually vendors will offer some impressive visibility features for their own equipment. The problem is, typically the feature set is not as rich for other vendors which the customer also has in their environment.

Or, the new shiny software doesn’t cover particular functionality that might not be required for the vendors’ equipment, but is for the other technology.

The upshot of this is creating a new silo to integrate. Of course, this integration is possible and sometimes a good idea, but keeping things simple is best and minimising integration requirements to the most essential is best practice.

Also, a “gotcha” warning here, where this software often seems like a good year 1 commercial decision as its bundled into the initial purchase, check out costs for year 2 and extending the coverage of the monitoring to an increased scale.

2. Not Addressing Bad Configuration of Existing Tools 

When things go wrong, such as missing a critical event which results in outage, or even something less dramatic like not being able to quickly generate the reports that the business request from IT, its very easy to blame your existing monitoring tool – the tool is &^^%$!

In reality, there are some very competent monitoring technologies out there that might get bad internal press, when the problem is actually the management of the tool itself.

No monitoring platform is going to work properly if the Operational Teams do not adhere to basic governance and best practice.

Issues such as bad new device onboarding practice, not integrating with your change process and not fixing issues such as SNMP not being enabled all have a major impact on the reliability of your monitoring technologies ability to accurately reflect the environment you are monitoring.

When something major goes wrong and the tool gets blamed, often a business case for a new platform is easy to justify. What is then common is that the new tool is bought in haste and then discovered post purchase that it doesn’t deliver everything the incumbent technology did. So, both technologies remain and the initial problem gets forgotten. Until next time.

3. New Personnel Bringing in What They Know

One of the biggest hurdles we face as a consultancy making technical recommendations is resistance to change from operators.

It’s understandable, these people have a lot of responsibilities and learning a new monitoring technology, when they have built up a competency in another solution is not appealing.

It’s the main reason why we don’t change what’s working and when it’s not necessary, and as far as possible, look to duplicate the current experience of the key system users when it is.

The same logic applies when new employees start within an organisation when their new role involves management and monitoring of infrastructure, applications or services. 

Naturally, the recruit wants to start strong and make an impact, especially if visibility has been flagged as an issue. This often results in bringing in the tools they’ve used in previous roles to tackle high pressure issues now. The result is new tooling being added to the environment.

4. New Technology or Projects Including Monitoring Technologies

When planning new projects involving the introduction of something new, for example, a new unified communications solution, new business critical app or Software Sefined Networking, a Programme Manager with their finger on the pulse will consider visibility.

Often, this is tackled by speaking to the provider of the new technology. They will recommend an incumbent technology (see point 1) or a technology they partner with for monitoring. No doubt these tools will do the job perfectly, but did anyone check the capabilities of what’s already in place?

The issue occurs because maybe a monitoring technology has been in place for some time and it’s been pigeon holed into doing a particular thing. However, it very common that organisations are using a lot less of their current solutions total capability. So, it’s worth picking up the phone and speaking with your supplier to see what they can do with the new tech you’re looking to deploy.

5. Application Stack Change

Applications run business, so it’s no surprise that Enterprises spend a lot of money monitoring them.

Application Development is fast moving, but we also find legacy applications often remain largely unchanged. It’s not unusual for Customers we work with to have a mixture of mainframe applications, Service Orientated Architectures and containerised environments within their total application landscapes, with mixtures of coding languages back-end database on Prem and Cloud.

These applications get so much focus because they are the window into IT performance that users benchmark IT against, and often they are revenue generating for the business.

When issues occur, it is justifiable to apply the best possible monitoring technology/ies for that environment and application. This results in multiple monitoring solutions used by multiple teams.

Totally understandable, as tools that are monitoring main frames often are not the one’s to use for monitoring Kubernetes.

However, it also does make sense to pause and review what you have before making that next purchase.

When we are working with a new customer for improving or consolidating APM capabilities, one thing we look for is the best common denominators. Rarely is this a single technology, but I can’t think of one recent project where we’ve not been able to significantly reduce the number individual tools, which invariably saves money, but also offers better knowledge sharing between teams because of shared experience of technology.

6. The Consistant Quest for Single Pane of Glass

I left this one to the end in case the mentioning again of maybe the most over utilised cliché in IT monitoring put you off. The Single Pane of Glass. It makes so much sense, doesn’t it? But at the same time so many projects have failed. 

Firstly, let me say we believe that by selecting the correct AIOPs solution, it is possible to integrate with underlying monitoring technologies and business systems and extract meaningful unified insight. But, we also think there isn’t one right technology for every single customer circumstance. I can say this because we are a consultancy with multiple options to offer, not a vendor with one.

And this is what we think happens, the story of end-to-end integrated visibility is easy to sell and everyone like a nice dashboard don’t they? 

However, sometimes these solutions are sold and don’t deliver what they promised in presentation slides. Sometimes, they deliver on day 1 and then don’t keep up to date with a rapidly changing environment.

The result is the systems provide some value, but not what everyone hoped for in the beginning. So they remain another layer of tooling in an already complex environment. 

So What Can You Do About it?

I’ve listed the why it happens above, which I guess is interesting (hopefully) but not necessarily helpful if you find yourself in this situation already.

So, what can you do about it? You can look to carry out a Tools Consolidation Assessment. This is something you can do internally or invite a consultancy like KedronUK in to help with. 

How that works and our proven processes, I’m saving for my next blog post, so sign up below or follow me on LinkedIn and you’ll be notified when its released.

What I will say now is that our initial review is free of charge and a recent project showed a major UK enterprise how we could save them 1.5 million over 3 years. I’ll cover that as a Case Study in the third and final post on this topic.

If you’d like to talk more in the interim, do feel free to get in touch.

P.S. If you think I’ve missed any key reasons above, do feel free to comment and I’ll add the good ones!

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Do you have the right tools for the job in your Security Operations Centre? This is why you need network detection and response in your armoury.

Security teams have to navigate a constant stream of new threats to protect hybrid networks and sensitive data. Often they’re reliant on legacy tools that don’t quite match the scope and complexity of the environment. But you can’t secure what you can’t see. Ideally, your team needs eyes on every interaction that takes place across your network. 

But cloud and hybrid environments expand your attack surface and make it harder to see into critical areas, especially in the case of multi-cloud. So, where do you turn to get the visibility you need? 

Network detection and response (NDR) tackles the problem from the inside out. Cloud-native NDR in particular can eliminate blind spots and cut through the complexity in hybrid, cloud, and multi-cloud scenarios. 

There are few solutions on the market that provide complete visibility through a combination of discovery, identification, contextualisation, framework support, and real-time threat detection, as well as guided investigation. In our opinion, ExtraHop Reveal(x) is the industry leader. 

Reveal(x) is currently the only product on the market to provide full-spectrum detection and response for security and performance teams. Taking the wire as its data source, it reduces finger-pointing and MTTR by acting as a single source of truth, provides faster time to value, and gives your team eyes on every interaction that takes place on your network. So you’ll know about problems before your users even notice, and benefit from correlated visibility to filter out the noise and pin down the issue quickly.

Malicious actors can bypass or shut off EDR and SIEM tools, but – implemented properly – Reveal(x) NDR addresses the blindspot they leave and integrates with complementary software like CrowdStrike to give you full coverage. Other features that make it stand out from our perspective to include:

• Holistic view of E-W and N-S traffic that can’t be spoofed or evaded.

• Line-rate decryption of SSL/TLS 1.3 encrypted traffic with perfect forward secrecy.

• Built in visibility into framework requirements, including CIS controls 1 & 2, MITRE and NIST CSF recommendations.

• 100 Gbps of full payload analysis from L2 to L7 based on wire data with complete context.

• Automatic, continuous device discovery, identification and classification.


It might sound trite, but it’s true that prevention is better than the cure. If you’re going to secure your enterprise proactively from insider and outsider threats, if you’re going to deliver a cybersecurity strategy that protects your data and reduces risk, you need to make sure your tools are up to the job.

Book a demo here if you would like to see for yourself what Reveal(x) can reveal.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Do you have the right tools for the job in your Security Operations Centre? This is why you need network detection and response in your armoury.

Security teams have to navigate a constant stream of new threats to protect hybrid networks and sensitive data. Often they’re reliant on legacy tools that don’t quite match the scope and complexity of the environment. But you can’t secure what you can’t see. Ideally, your team needs eyes on every interaction that takes place across your network. 

But cloud and hybrid environments expand your attack surface and make it harder to see into critical areas, especially in the case of multi-cloud. So, where do you turn to get the visibility you need? 

Network detection and response (NDR) tackles the problem from the inside out. Cloud-native NDR in particular can eliminate blind spots and cut through the complexity in hybrid, cloud, and multi-cloud scenarios. 

There are few solutions on the market that provide complete visibility through a combination of discovery, identification, contextualisation, framework support, and real-time threat detection, as well as guided investigation. In our opinion, ExtraHop Reveal(x) is the industry leader. 

Reveal(x) is currently the only product on the market to provide full-spectrum detection and response for security and performance teams. Taking the wire as its data source, it reduces finger-pointing and MTTR by acting as a single source of truth, provides faster time to value, and gives your team eyes on every interaction that takes place on your network. So you’ll know about problems before your users even notice, and benefit from correlated visibility to filter out the noise and pin down the issue quickly.

Malicious actors can bypass or shut off EDR and SIEM tools, but – implemented properly – Reveal(x) NDR addresses the blindspot they leave and integrates with complementary software like CrowdStrike to give you full coverage. Other features that make it stand out from our perspective to include:

• Holistic view of E-W and N-S traffic that can’t be spoofed or evaded.

• Line-rate decryption of SSL/TLS 1.3 encrypted traffic with perfect forward secrecy.

• Built in visibility into framework requirements, including CIS controls 1 & 2, MITRE and NIST CSF recommendations.

• 100 Gbps of full payload analysis from L2 to L7 based on wire data with complete context.

• Automatic, continuous device discovery, identification and classification.


It might sound trite, but it’s true that prevention is better than the cure. If you’re going to secure your enterprise proactively from insider and outsider threats, if you’re going to deliver a cybersecurity strategy that protects your data and reduces risk, you need to make sure your tools are up to the job.

Book a demo here if you would like to see for yourself what Reveal(x) can reveal.

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL

Who is Evolven?

Framing problem we solve

• Gartner says 85% of IT problems result from actual changes in your environment, mostly unanticipated or unapproved. 
• Experience tells us that there is almost always a time between the time these changes occur and when the resulting problems manifest themselves.
• Speaking to government auditors, we also know that the failure to document changes in the environment is the leading reason financial institutions fail their audits.
• Existing AIOps/monitoring tools like APM do a great job in identifying symptoms, but by then, something has gone wrong. The same applies to log analytics platforms like Splunk. All of them are necessary but are only a part of effective MTTR and root cause. 

While we all recognise that unknown changes are the root cause of most stability issues, IT nonetheless struggles to identify what has actually changed. Evolven allows enterprises to track all actual changes that have occurred in their environment, using machine learning to detect and prioritise the riskiest ones. With Evolven, IT Operations, DevOps, and CloudOps teams experience fewer incidents, faster MTTR, and improved productivity.

When was Evolven established? 

Evolven has been in business for thirteen years. Our founders had developed IT management products for companies like Mercury Interactive for many years. They found that traditional tools that track symptoms, while essential, fail to isolate and provide early warning for IT problems. These problems are multiplying as we automate the way we develop and deploy applications.

How did Evolven and Kedron come together? 

Evolven and Kedron executives have worked together in the past providing innovative solutions for IT stability, compliance, and security.

What gap is Kedron filling for Evolven? 

Evolven required a trustworthy and knowledgeable partner to service our customers in the UK using our comprehensive change assurance and insurance platform in full production at enterprises like JPMC, Citibank, and Visa, huge scale.

What can Evolven bring to Kedron? 

Evolven brings Kedron’s customers the ability to leverage their existing monitoring and service management tools and the data they produce to address difficult challenges in the area of IT stability, compliance, and security. Evolven acts as the glue between their existing reactive monitoring tools, their service desk, and the products they use to develop new applications.

Products like DynaTrace, AppDynamics, ServiceNow, Remedy, Jenkins, and Splunk. Evolven uniquely provides early warning on both authorised and unauthorised changes that are causing 85% of their problems, and at the level of granularity that allows your personnel to address the issue. 

Evolven features native AI/ML embedded in our platform that accurately assesses the risk of all the actual changes we collect. We have been developing this for over six years and have 5 US patents in this area. 

“We have demanding clients with mission-critical challenges on multiple fronts, on any given day. They rely on Evolven and our people to help them win those battles.  We are gratified to have KedronUK, an experienced and trusted provider to be our representative in the UK.” – Sasha Gilenson, CEO & Founder

“KedronUK are proud to become the Strategic Partner of Evolven in the UK. I believe Evolven’s unique approach to change management visibility, utilising their patented AI technology, will have a massive impact on the Operational and Security stability of our Customers and we look forward to sharing this unique technology with them.” – Roland Stigwood, Managing Director at KedronUK

Call us today on 01782 752 369
KedronUK, Kern House, Stone Business Park, Stone, Staffordshire ST15 0TL