Search form

Upcoming Webinars

Achieve in-depth insights into your infrastructure and minimize downtime
May 09, 2024
What's New at Catchpoint! Spring 2024 Product Launch Event
May 22, 2024
Redefining bandwidth monitoring for hybrid IT
June 06, 2024

On-Demand Webinars

Master Class: Optimizing CX through 4 Pillars of Internet Resilience
Avoid Observability Failure: Hybrid Enterprises Must Complement APM with Internet Performance Monitoring
Observability Trends: Key Considerations for Modern Observability
Navigating Today's I&O Landscape: Leveraging Cloud, Hyper-Convergence and Observability
Master Class: Monitoring from Your Users' Perspective
2024 Tech Trends: 10 Predictions for Tomorrow's IT Evolution
The SRE Report 2024: What the Charts Don't Tell You
2024 Security Trends: How Generative AI Is Changing the Threat Landscape
Getting the Most Out of Elastic Observability & New Features
Tales from the trenches: Security leaders share insights on protecting higher education
The Impact of AIOps and GAI on Modern Observability
Countering Internet Complexity with AI-Powered Internet Performance Monitoring
Maximizing Customer Lifetime Value: Transforming Ecommerce with AI-Powered Search
AI Meets Search: Powering a New Generation of Insights
Behind the Scenes: Rocket Lawyer's Secret Sauce for Uninterrupted Digital Legal Services
3 Tips to Supercharge Your Application Tracing
What's New at Catchpoint! Fall 2023 Product Launch Event
Demo of Internet Sonar: From Disruption to Instant Detection
Harnessing the Power of Generative AI in Retail
Expert Insights: Navigating Outages Like a Pro
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Preventing Outages: Implement an Internet Performance Monitoring Plan
Don't Get Lost in the Cloud
SOLD IN 6 SECONDS: Formulas to Fast & Friction-Free E-commerce
Supercharge Your IT Resources
Automate and Save Time
Maximize Shareholder Value with Internet Resilience
Building & Monitoring Lighting Fast, Cloud Native Payment Experiences
Getting the Most Out of Elastic Observability & New Features
Preventing Outages: Map Your Internet Stack

All Webinars...

Analyst Reports

Modern Enterprises Must Boost Observability with Internet Performance Monitoring
GigaOm CxO Decision Brief: Internet Resilience, May 2023
2023 Gartner Critical Capabilities for APM and Observability
Forrester Opportunity Snapshot: Increase Revenue with Internet Performance Monitoring

All Analyst Reports...

White Papers

Network traffic analysis for today's IT
The SRE Report 2024
The 2024 Observability Landscape — a survey of observability decision-makers
2024 State of IT Operations Report: Journey to Agility
How IT leaders can drive more with less
An IT leader's enterprise guide to drive more with less
Website monitoring in Applications Manager
Synthetic monitoring 101: A comprehensive guide to synthetic monitoring
Beyond deployment: The ongoing challenges in application performance monitoring implementation
How Is IPAM Simplifying Modern Networking?
The Elastic Generative AI Report
Database Monitoring for Beginners: 6 Steps to Get You Started
6 Best Practices for Application Performance Monitoring
Visibility, Scalability, Security: Why IPAM Is the Cornerstone of Robust Data Centers
Real-Time Server Traffic Monitoring: Benefits, Best Practices and NetFlow Analyzer
Key Considerations When Choosing the Right Application Performance Monitoring Tool for Your Business
Apache Cassandra Monitoring: Challenges and Solutions
Streamlining Configuration Management: Unleashing the Power of OpManager's Module
OpenShift Monitoring: Five Crucial Elements to Look Out for
Apache Tomcat Monitoring Made Easy with Applications Manager
End-User Experience Monitoring: Its Meaning, Importance, and Best Practices
5 Steps to Improve Website Performance
Learn the Importance of Network Backup Tool
IT Budgeting Amid a Challenging Macroeconomic Climate
Network Configuration Manager as an Add-On to OpManager
State of ITOM in 2023
The 2023 State of IT Operations Report
Going Beyond Plain Virtualization Monitoring
Preventing Outages in 2023: What We Learned from Recent Failures
Integrated Performance Management for Physical, Virtual & Cloud Infrastructure

All White Papers...

Exploring the Convergence of Observability and Security - Part 3: Tools
June 07, 2023

Pete Goldin
APMdigest

Share this

With input from industry experts — both analysts and vendors — this 8-part blog series will explore what is driving the convergence of observability and security, the challenges and advantages, and how it may transform the IT landscape.

Start with: Exploring the Convergence of Observability and Security - Part 1

Start with: Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces

The experts have all agreed that security teams can gain great benefits from utilizing observability data. But does this mean security and observability tools should be integrated, or even combined?

Chaim Mazal, Chief Security Officer at Gigamon says the answer to this question is a resounding yes.

"Observability tools are powerful at aiding organizations in identifying security anomalies and pinpointing performance bottlenecks at the application layer. Logging provides foundational visibility into the applications running across their hybrid cloud infrastructure. But, as threat actors apply increasingly sophisticated techniques to breach an organization's technology environment, network-derived intelligence is vital to detecting lateral movement should a threat actor successfully gain access. If successful, threat actors can move across an organization undetected seeking to exploit proprietary or confidential information for financial gain. It's only by integrating logging with network-derived intelligence that IT organizations gain deep observability across their hybrid and multi-cloud infrastructure to detect previously unseen threats, deliver defense in depth, and complete performance management."

"Security and observability tools should absolutely be combined," says Prashant Prahlad, VP of Cloud Security Products at Datadog. "Traditional security solutions are targeted solely at security professionals. But, while security pros are responsible for finding vulnerabilities, misconfigurations and risks, developers are the ones responsible for fixing them. This is especially true when it comes to cloud security as most of the remediation requires working with a DevOps team."

"For example, security can't change the configuration of a s3 bucket without the risk of breaking something in production, which is why it is critical to have the DevOps and security teams aligned," Prahlad continues. "Because traditional solutions are aimed at security pros — who traditionally managed network security — they don't provide the shared context that organizations need to fix issues quickly and efficiently. A unified platform for observability and security is needed so that developers can work directly with security pros to visualize how threats and vulnerabilities are impacting their cloud environments and prioritize fixes faster. This approach breaks down silos between DevOps and security teams and creates the shared context they need to secure cloud environments."

However, convergence is difficult to prescribe, cautions Asaf Yigal, CTO of Logz.io. "Literally every organization is going to require a unique approach based on its specific makeup, whether this is a large or mature org with a lot of people given responsibility for dev, ops, security or even platform engineering. The platforms and tooling need to match the people and process, or evolve with it."

"At the same time, we know for sure that there is a huge benefit in bringing together the relevant data, either to be actioned centrally, say in a smaller shop with only a few people responsible for DevSecOps, or to be communicated across teams in a larger org with multiple groups spanning the entire landscape."

"There's also the huge benefit of tapping into a common data set," Yigal adds, "namely logs, and using a shared platform; this is for a lot of reasons, from using a common language for querying engines, etc., to having fewer vendors to manage. This is why nearly every major observability vendor also markets a SIEM — it just makes a lot of sense."

Adam Hert, Director of Product at Riverbed agrees that tools should be integrated, but says, "Security and observability tools don't need to be combined. Some teams are trying to do this, but it does not make sense for organizations to do so, largely because you have two teams focused on very different goals. Security teams are tracking down threats, while observability teams are focused on making the enterprise more efficient and effective. Observability and security tools don't need to be combined, but they need to be able to integrate so that security tools can ask questions on the observability data."

Convergence Saves Money

"On the one hand, there's an argument to be made that security and observability tools should not be combined as most traditional monitoring and logging tools get bogged down by the strict retention requirements that are required by security tools for regulatory and compliance purposes of their products," says Jam Leomi, Lead Security Engineer at Honeycomb. "Applying that type of forensic-level, unsampled logging to observability tools would both be costly in terms of expense and speed, but also very inefficient."

"However, combining security and observability tools does have some functionality as it would cut down on costs drastically while creating an open field for collaboration between security, engineering, and the business to address incident response and the overall security posture assessment — generally, because there's a lot of natural crossover between the goals and initiatives for security and observability teams," Leomi continues. "For example, SOC2 controls require teams to keep up with performance metrics which observability platforms can offer fresh insights into data, even without having the granularity of each forensic row."

Colin Fallwell, Field CTO of Sumo Logic agrees that any time teams can unify data and interfaces for managing observability and security, it's a win, both in reducing the cost of ownership as well as ROI in uniformity and standards. "DevOps and SecOps need the same data, so why have two collection pipelines, for separate tools, capturing the same telemetric data? It really doesn't make sense. This redundancy is expensive and unnecessary."

"Additionally, there's a shortage of specialized security talent with the skillset needed to shift security left," Leomi from Honeycomb informs. "Organizations are under increasing pressure to reduce spend without sacrificing ability, so naturally, they look for tools that can perform multiple functions like the ability to observe application performance while also being able to identify security vulnerabilities."

"Further exacerbating this trend is the scarcity of security talent needed to drive and meet security initiatives," Leomi adds. "This has driven organizations to rely on what they have, which is often product and platform engineering departments that are already using a tool for observability and one that can provide a good enough starting point for security."

Go to: Exploring the Convergence of Observability and Security - Part 4: Dashboards

Pete Goldin is Editor and Publisher of APMdigest
Share this

Related Links

Exploring the Convergence of Observability and Security - Part 1
Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces
Exploring the Convergence of Observability and Security - Part 4: Dashboards

Hot Topics

Cybersecurity
Observability

The Latest

As CIOs Address App Sprawl, Observability Can't Be an Afterthought
May 09, 2024

App sprawl has been a concern for technologists for some time, but it has never presented such a challenge as now. As organizations move to implement generative AI into their applications, it's only going to become more complex ... Observability is a necessary component for understanding the vast amounts of complex data within AI-infused applications, and it must be the centerpiece of an app- and data-centric strategy to truly manage app sprawl ...

In a Productivity Paradox, How Can Companies Prove the Value of Their Software Investments?
May 08, 2024

Fundamentally, investments in digital transformation — often an amorphous budget category for enterprises — have not yielded their anticipated productivity and value ... In the wake of the tsunami of money thrown at digital transformation, most businesses don't actually know what technology they've acquired, or the extent of it, and how it's being used, which is directly tied to how people do their jobs. Now, AI transformation represents the biggest change management challenge organizations will face in the next one to two years ...

6 Ways Generative AI Will Impact Data Management
May 07, 2024

As businesses focus more and more on uncovering new ways to unlock the value of their data, generative AI (GenAI) is presenting some new opportunities to do so, particularly when it comes to data management and how organizations collect, process, analyze, and derive insights from their assets. In the near future, I expect to see six key ways in which GenAI will reshape our current data management landscape ...

AI Creates "Disrupt or Die" Era
May 06, 2024

The rise of AI is ushering in a new disrupt-or-die era. "Data-ready enterprises that connect and unify broad structured and unstructured data sets into an intelligent data infrastructure are best positioned to win in the age of AI ...

Gartner: Organizations Are Evolving D&A Operating Model Because of AI
May 02, 2024

A majority (61%) of organizations are forced to evolve or rethink their data and analytics (D&A) operating model because of the impact of disruptive artificial intelligence (AI) technologies, according to a new Gartner survey ...

Gartner: Top Trends in Data and Analytics for 2024
May 01, 2024

The power of AI, and the increasing importance of GenAI are changing the way people work, teams collaborate, and processes operate ... Gartner identified the top data and analytics (D&A) trends for 2024 that are driving the emergence of a wide range of challenges, including organizational and human issues ...

The Disconnect Between IT and the Business
April 30, 2024

IT and the business are disconnected. Ask the business what IT does and you might hear "they implement infrastructure, write software, and migrate things to cloud," and for some that might be the extent of their knowledge of IT. Similarly, IT might know that the business "markets and sells and develops product," but they may not know what those functions entail beyond the unit they serve the most ...

The High Cost of Low Cloud Cost Visibility
April 29, 2024

Cloud spending continues to soar. Globally, cloud users spent a mind-boggling $563.6 billion last year on public cloud services, and there's no sign of a slowdown ... CloudZero's State of Cloud Cost Report 2024 found that organizations are still struggling to gain control over their cloud costs and that a lack of visibility is having a significant impact. Among the key findings of the report ...

AI, Security, and Sustainability Are Major Drivers for IT Modernization
April 25, 2024

The use of hybrid multicloud models is forecasted to double over the next one to three years as IT decision makers are facing new pressures to modernize IT infrastructures because of drivers like AI, security, and sustainability, according to the Enterprise Cloud Index (ECI) report from Nutanix ...

The Past, Present and Future of DEX
April 24, 2024

Over the last 20 years Digital Employee Experience has become a necessity for companies committed to digital transformation and improving IT experiences. In fact, by 2025, more than 50% of IT organizations will use digital employee experience to prioritize and measure digital initiative success ...