I took note of the recent uptick in discussions about the concept of observation in the IT world and found myself compelled to come back to the topic, which I’ve touched on previously in my blog posts.

“Observability” is seemingly synonymous with “monitoring,” covering things such as metrics, traces, and logging. Observation, however, has an important distinction. IT security monitoring assumes the act of measuring and evaluating against a defined standard to identify “good” versus “bad,” whereas observability is more about gathering as much information as possible and then asking questions of the data based on experiences such as the occurrence of new events. In this way, any inconsistency can be revealed before it escalates to a full-scale data breach.

The File Integrity Monitoring Playground

In the world of security, observability has always been where File Integrity Monitoring “plays” its strongest game. The questions being asked these days makes this all the more important. Gone are the days of “raw” detection being 100% effective, with increasing pressure to understand a breach in far greater detail than ever before. As the question of “can you prevent a breach” has slowly become “you may be breached, what can you do about it,” the questions that are presented by such events have become more complicated than just a simple “what did you get hit by.” To add to this pressure, external reporting requirements, brought on by increasingly thorough legal requirements and a more tech-savvy public, means there are far more questions asked than ever before. For example, most of the data privacy acts such as GDPR, and PIPEDA include reporting time-frames. Many civil codes also now include data breach reporting requirements. Along with that, the almost customary post-breach dip in the stock price of a publicly-traded company demonstrates the lack of (Read more...)