DevSecOps tools vendors such as Dynatrace continue to integrate intellectual property from previously specialized IT management domains, but it’s unclear whether these hybrid products will supplant what IT teams already use.
For now, some DevOps pros say that new DevSecOps tools that combine observability data with security automation, such as Dynatrace’s Application Security module, could add defense in depth alongside existing security automation software. Dynatrace launched its Application Security module in late 2020; other observability vendors making forays into SecOps now include Splunk, Elastic, Sumo Logic, Cisco’s AppDynamics and Datadog, among many others.
This week, Dynatrace added teeth to the Application Security module’s threat detection features with the ability to proactively block detected attacks, beginning in the first release with command and SQL injection attacks. The attacks covered will also include injection attacks that target the Java Naming and Directory Interface, which are associated with the critical Log4j vulnerability discovered in December.
Dynatrace CTO Bernd Greifeneder was clear about the company’s intention to promote “NoSOC” — complete hands-off AIOps automation for security — where it has previously marketed the concept of “NoOps” in the DevOps realm.
“Dynatrace moved to NoOps already years ago,” Greifeneder said in a keynote presentation during the company’s Perform virtual event this week. “We want the same autonomous approach with security to protect applications proactively … because the reality is the world is becoming so complex that you only have two choices — either you automate or you die.”
However, Dynatrace’s previous NoOps push didn’t extend far beyond its own internal environment — few mainstream enterprises have chosen to eliminate hands-on IT operations work completely. Similarly, it’s likely that “one-stop” DevSecOps tools will find a place amid a mix of products used by enterprises, according to one industry analyst.
“These products can solve problems for DevOps engineers and help give them the confidence to talk to their security teams,” said Stephen Elliot, an analyst at IDC. “But when you’re coming from a developer or ops point of view and start talking security, even though there’s an evolution of who owns what tasks, you might get, ‘Whoa, whoa, what are you talking about? This is my turf.'”
DevSecOps tools show promise, but aren’t a panacea
Enterprise IT pros at Perform said they are keenly aware that tool sprawl is a pressing concern, particularly within IT security. Many upper management teams are also increasingly swayed by vendors that promise end-to-end platforms. And Dynatrace’s predictive AIOps algorithms have strong potential for use in detecting and mitigating attacks.
“We will take a serious, serious look at adopting this new capability in and amongst the several tools we are using for security and compliance,” said Mark Tomlinson, performance architect at an online payments company that he requested not be named, which is evaluating a switch to the Dynatrace platform. “Anytime you can feed more correlated data into an engine for [intrusion detection and prevention], you can detect a bad actor, where it’s hard to do that based solely on infrastructure-level data.”
Ken SchirrmacherSenior director of IT, Park ‘N Fly
But at least for now, attendees said, it’s unlikely that their organizations will centralize observability and security automation under any single platform.
“It makes such good sense, but another perspective is: Are these new capabilities going to reduce engineering head count, reduce costs and help us reach a more efficient operational model?” Tomlinson added. “There are application developers who don’t understand security, and there are security engineers who don’t understand app code — and do we even need that super-hybrid engineer at all?”
Another Dynatrace user at Perform welcomed the option to act on threats with this week’s Application Security module release, but said it won’t push out any of his organization’s existing security automation tools.
“I’m 100% for it, since Dynatrace is already deployed in the environment and they have a secure agent installer,” said Ken Schirrmacher, senior director of IT at Park ‘N Fly, a travel services company in Atlanta. “But in the security field, you’re never going to have one seamless tool — you’re going to have multiple tools, even if they’re redundant, just so you can check whether what each tool is telling you is actually correct.”
Still, Park ‘N Fly is about to launch a national fleet of new customer kiosks that support touchless payment options, a newly popular requirement amid the ongoing COVID-19 pandemic. Dynatrace’s software intelligence platform will be used on the back end for all of them, including the Application Security module, Schirrmacher said.
“The most vulnerable endpoint is one that a bad guy can just stand right in front of, trying things,” he said. “This really takes us to a next-level testing capability for fraud.”
Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.