Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
    • By Category
      • AI/Hyperautomation
      • Cloud/Cloud Wars
      • Cybersecurity
      • Data
    • By Interest
      • Leadership
      • Office of the CFO
      • Partners Ecosystem
      • Sustainability
    • By Industry
      • Financial Services
      • Healthcare
      • Manufacturing
      • Retail
    • By Type
      • Courses
        • Understanding the New Executive Buying Committee
      • Guidebooks
      • Digital Summits
      • Practitioner Roundtables
    • By Language
      • Español
  • Vendor Shortlists
    • All Vendors
    • AI/Hyperautomation
    • Cloud
    • Cybersecurity
    • Data
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
Twitter Instagram
  • Courses
  • Summit NA
  • Dynamics Communities
Twitter LinkedIn
Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
        • By Category
          • AI/Hyperautomation
          • Cloud/Cloud Wars
          • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
          • Data
        • By Interest
          • Leadership
          • Office of the CFO
          • Partners Ecosystem
          • Sustainability
        • By Industry
          • Financial Services
          • Healthcare
          • Manufacturing
          • Retail
        • By Type
          • Courses
            • Understanding the New Executive Buying Committee
          • Guidebooks
          • Digital Summits
          • Practitioner Roundtables
        • By Language
          • Español
  • Vendor Shortlists
    • All Vendors
    • AI/Hyperautomation
    • Cloud
    • Cybersecurity
    • Data
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
    • Login / Register
Acceleration Economy
    • Login / Register
Home » How Observability Practices Improve Traditional Security Efforts
Cybersecurity as a Business Enabler

How Observability Practices Improve Traditional Security Efforts

Bill DoerrfeldBy Bill DoerrfeldSeptember 7, 2022Updated:April 13, 20234 Mins Read
Facebook Twitter LinkedIn Email
Security Observability
Share
Facebook Twitter LinkedIn Email
Acceleration Economy Cybersecurity

Today’s software ecosystems are complex, distributed, and full of countless dependencies. When something goes haywire, getting to the core reason behind an incident can take a lot of guesswork. This is where security observability comes in.

Observability tools combine logs, performance metrics, and traces to help engineers paint a more accurate picture of what’s occurring behind an issue. Observability is the latest trend in DevOps, and for a good reason — quickly remediating failures can lead to increased reliability, safety, and customer happiness.

Now, some proponents argue that an organization’s cybersecurity footing should ideally possess a similarly high degree of observability that goes beyond the opaqueness of most vulnerability scanning processes. The idea is that more intelligent metrics into the severities around each exploit would equate to more predictable and reliable systems.

I recently met with Sandeep Lahane, CEO of Deepfence, to explore what security observability entails. According to Lahane, porting the tenants garnered from the ongoing observability movement to security can have a net positive effect, reducing false positives, and decreasing mean time to resolutions.

What Is Security Observability?

In general, observability goes beyond traditional application performance monitoring (APM) processes to collect cues that provide a deeper understanding of how an application behaves. For example, a Site Reliability Engineer (SRE) might follow logs and traces to perform root cause analysis after an incident occurs. Observability can be thought of as the “ability to infer an internal state and integrity of a system by looking at outward cues,” describes Lahane.

However, if we consider cybersecurity, to date, the practice has not yet developed a parallel to observability. This issue was apparent during Log4j, as it became challenging to precisely understand which applications were affected. “A lack of visibility and observability makes things impossible to predict,” explained Lahane. “You could look at logs, but you really need something more real-time and cybersecurity-specific.” Complicating the matters, cybersecurity signals are typically exchanged in a different format, compared to other telemetry data, he adds.

Although scanning for Common Vulnerabilities and Exposures (CVEs) or GitHub Security Advisories (GHSA) is common practice, it can only go so far. “The more you scan, the more you find,” said Lahane. Many new vulnerabilities are found each and every day, which can lead to an inundation of false positives.

Four Pillars of Security Observability

Thus, the key to developing a more actionable security response is utilizing security scanning strategies that are more aware of the runtime context. In this context, vulnerability alerts could be prioritized, thus reducing noise. According to Lahane, four key elements make up security observability, which includes knowing…

  1. The attack surface
  2. What comes in
  3. What goes out
  4. What is changed or mutated

Understanding this sort of runtime context, along with ingress events, can be critical to spotting bad actors or plugging cloud misconfigurations.

Best Practices to Enact Security Observability

Implementing the above pillars will require a few steps. First, says Lahane, is choosing the correct tooling that enables you to exchange context throughout the development pipeline, from development to CI/CD, to production — to ensure an important feedback loop.

For example, ThreatMapper, an open-source tool maintained by Deepfence, “hunts for vulnerabilities in your production platforms, and ranks these vulnerabilities based on their risk-of-exploit.” Such a tool could be used as part of a CI/CD process to scan container workloads or Kubernetes clusters and prioritize issues that pose the most significant risk.

As I’ve covered recently, DevSecOps is critical to a successful cybersecurity strategy. The practice aims to shift security left in the development cycle to prevent flaws early on. However, “shift left, secure right” is only possible if an organization can effectively exchange context, says Lahane.

Final Thoughts

Thousands of security hits don’t easily equate to actionable observability in a security context. Instead, engineers require fewer alerts (and more contextually aware alerts) to truly benefit their cybersecurity efforts. “You need fuller security observability throughout the lifecycle,” said Lahane.

Regarding the persons actually interfacing with security observability, Lahane sees a broad spectrum of IT participating. From developers to DevOps, to CloudOps, and DevSecOps, security observability should enable a continual feedback loop throughout a business. In that vein, open collaboration is critical to ensure organizations are not scrambling upon every zero-day exposure.

We know that software supply chain exploits present a major risk and will continue to rise. But what it comes down to, says Lahane, is that the industry is missing the measurability to determine if a platform is actually vulnerable or not. “The time is nigh for open platforms,” said Lahane. “I will not be surprised if we soon see a line item of security observability on every CISO’s budget.”


Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel:

Acceleration Economy Cybersecurity

Cloud Cybersecurity DevOps devsecops security
Share. Facebook Twitter LinkedIn Email
Analystuser

Bill Doerrfeld

Tech Journalist
Editor-in-Chief

Areas of Expertise
  • Cybersecurity
  • Low Code/No Code
  • LinkedIn

Bill Doerrfeld, an Acceleration Economy Analyst focused on Low Code/No Code & Cybersecurity, is a tech journalist and API thought leader. Bill has been researching and covering SaaS and cloud IT trends since 2013, sharing insights through high-impact articles, interviews, and reports. Bill is the Editor in Chief for Nordic APIs, one the most well-known API blogs in the world. He is also a contributor to DevOps.com, Container Journal, Tech Beacon, ProgrammableWeb, and other presences. He's originally from Seattle, where he attended the University of Washington. He now lives and works in Portland, Maine. Bill loves connecting with new folks and forecasting the future of our digital world. If you have a PR, or would like to discuss how to work together, feel free to reach out at his personal website: www.doerrfeld.io.

  Contact Bill Doerrfeld ...

Related Posts

How the Rise of Deepfakes and New Technology Challenge Traditional Cybersecurity

June 2, 2023

How Workday’s Strategic Planning Platform Streamlines Corporate Finance Operations 

Sponsored ContentJune 1, 2023

How CFOs Can Ensure the Success of Finance Transformation Projects

June 1, 2023

How Workday Leverages AI, ML to Deliver Patient-Centered Care

June 1, 2023
Add A Comment

Comments are closed.

Recent Posts
  • Women in AI Empowers Minority Groups Through Events, Education
  • How the Rise of Deepfakes and New Technology Challenge Traditional Cybersecurity
  • How to Make AI Explainable and Unlock Synergy With Humans
  • How Microsoft Executed an Epic Pivot: Embracing OpenAI Alongside Internal Dev
  • How Vanenburg’s Innovation Focus Eases Application Development for Customers

  • 3X a week
  • Analyst Videos, Articles & Playlists
  • Exclusive Digital Business Content
This field is for validation purposes and should be left unchanged.
Most Popular Guidebooks

The Ethical and Workforce Impacts of Generative AI

May 26, 2023

Co-Creation and Growth With Professional Services

May 24, 2023

The Business Impact and Opportunity of Generative AI

May 16, 2023

Healthcare Industry Clouds

May 10, 2023

Advertisement
Acceleration Economy
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Advertising Opportunities
  • Do not sell my information
© 2023 Acceleration Economy.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?

Connect with

Login with Google Login with Windowslive

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.