Dynatrace Brings Observability to Security Analytics
Dynatrace today added a security analytics offering based on its observability platform for discovering the root cause of application performance issues.
Steve Tack, senior vice president for product management at Dynatrace, said the Security Analytics platform leverages the same Davis artificial intelligence (AI) engine the company developed for its observability platform. Later this year, Dynatrace will extend those capabilities further using generative AI capabilities the company committed to providing last month.
That hypermodal approach to AI will provide security teams with predictive and causal analytics capabilities, added Tack.
Observability differs from traditional monitoring in that it aggregates data like logs and traces to launch queries that identify the root cause of an issue. Monitoring platforms, in contrast, define a set of thresholds for tracking a set of predefined metrics.
That observability capability is now needed by security analysts that are tasked with identifying vulnerabilities that exist in increasingly complex application runtime environments. The Security Analytics platform then makes it possible for cybersecurity teams to block common application attacks involving, for example, SQL injections.
While cybersecurity teams have had access to security information and event management (SIEM) platforms for years, the analyses they surface lack context that application development teams need to resolve an issue, noted Tack. For example, the Dynatrace Security Analytics platform identifies the topology of the application being analyzed along with the underlying IT infrastructure to help narrow the scope of an investigation.
That latter capability is critical because most application development teams only have limited resources to patch applications, noted Tack. Cybersecurity teams need to be able to identify the vulnerabilities that are the most severe to maximize application development and cybersecurity teams’ productivity, he added.
It’s no secret that, historically, much tension has existed between those teams. Cybersecurity teams often create long lists of vulnerabilities that, upon further investigation, are irrelevant either because an application doesn’t face the internet or the specific vulnerable code didn’t actually make it into a production environment. After a while, application developers become somewhat complacent when confronted with those requests, given the pressing need to meet deadlines for building and deploying additional applications.
Of course, it then becomes all but certain that many application vulnerabilities will find their way into production environments as cybercriminals become more adroit at exploiting them.
On the plus side, many organizations are now adopting DevSecOps best practices to reduce the number of vulnerabilities in applications before they are deployed. However, the amount of technical debt from vulnerabilities in existing applications is enormous. The need to remediate those vulnerabilities has become acute; in addition to compromising the application itself, cybercriminals are using them to spread malware laterally across an organization.
None of these issues will be resolved overnight. They have been years in the making and it may be several more years before they are resolved. As always, the best way to get somewhere is to know where you currently are.
