New continuous compliance requirements drive the need to converge observability and security

At the time when I was building the most innovative observability company, security seemed too distant. However, customers began approaching me, praising Dynatrace's deep end-to-end insights into even the most complex digital service deployments and asking how to use it for security compliance, exposure, and response use cases. I realized that our platform's unique ability to contextualize security events, metrics, logs, traces, and user behavior could revolutionize the security domain by converging observability and security.

We have taken that opportunity and expanded Dynatrace to protect applications, remediate exposures, and investigate threats to enable an automated AISecOps approach to continuous compliance.

Key insights for executives:

• Stay ahead with continuous compliance: New regulations like NIS2 and DORA demand a fresh, continuous compliance strategy.
• Boost your operational resilience: Combining availability and security is now essential. It's time to adopt a unified observability and security approach.
• Leverage AI for proactive protection: AI and contextual analytics are game changers, automating the detection, prevention, and response to threats in real time.
• Move beyond logs-only security: Embrace a comprehensive, end-to-end approach that integrates all data from observability and security.

More requirements, more pressure

Evolving regulations, such as the following, add to the already monumental reporting tasks:

• The NIS2 Directive and the DORA regulation in the European Union both aim to enhance cybersecurity but target different sectors with distinct approaches. NIS2 focuses on harmonizing cybersecurity across various critical sectors within the EU, emphasizing risk management and incident reporting. DORA, on the other hand, is tailored to the financial sector, improving operational resilience through detailed ICT risk management and third-party risk oversight.
• The Bank of England's Operational Resilience Policy requires financial institutions to identify critical services, set impact tolerances, and ensure recovery from disruptions and it applies to banks, investment firms, and financial market infrastructures, mandating resilience in governance, risk management, continuity planning, and outsourced relationships.
• The Australian Prudential Regulation Authority (APRA) has released a cross-industry Prudential Standard CPS 230 Operational Risk Management to strengthen operational risk management and resilience across APRA-regulated entities. It applies to entities in financial services including banking, insurance, and superannuation fund organizations.
• The Hong Kong Monetary Authority (HKMA)'s Operational Resilience Framework provides guidance for Authorized Institutions (AIs) to ensure the continuity of critical operations during disruptions: governance, risk management, business continuity planning, and oversight of third-party dependencies. It applies to all AIs under HKMA supervision, including banks, restricted license banks, and deposit-taking companies.
• The Federal Reserve Regulation HH in the United States focuses on operational resilience requirements for systemically important financial market utilities.

For executives, these directives present several challenges, including compliance complexity, resource allocation for continuous monitoring, and incident reporting. Carefully planning and integrating new processes and tools is critical to ensuring compliance without disrupting daily operations. Additionally, DORA's emphasis on third-party risk means executives must validate that their vendors and partners comply with the same high standards, adding another layer of oversight. Visibility of all business processes - starting from the back end and ending with customer experience - is perhaps the biggest challenge. The lack of visibility often is the culprit that doesn't allow fast decision-making in the case of a security incident.

The ability to make a call on how to approach a security incident can only be possible if executives have an immediate, clear understanding of an incident's impact. Proactive systems like Dynatrace's Davis AI can automate responses to threats, swiftly implementing remediation while keeping executives informed of actions taken and their impact. Additionally, effective decision-making during security incidents requires an immediate, clear understanding of their impact. This necessity makes merging observability and security inevitable, providing actionable insights and enabling leaders to confidently guide strategies while automated systems handle threats in real time.

More technology, more complexity

The benefits of cloud-native architecture for IT systems come with the complexity of maintaining real-time visibility into security compliance and risk posture. In dynamic and distributed cloud environments, the process of identifying incidents and understanding the material impact is beyond human ability to manage efficiently.

For most organizations, the security process involves multiple departments and teams, often each with its own siloed tools. Per the Gartner® Simplify Cybersecurity With a Platform Consolidation Framework report, "Complexity is the enemy of security; yet the average organization works with 10 to 15 security vendors and 60 to 70 security tools." [1] This creates a fragmented picture that must be assembled to give executives the full context - which often takes days, if not weeks.

Converging security and observability into a unified platform not only reduces the technical debt from tool sprawl but also reduces risks of security oversights.

Collect observability and security data - user behavior, metrics, events, logs, traces (UMELT) - once, store it together and analyze in context.

Dynatrace unifies all the different data types at scale and in context. UMELT are kept cost-effectively in a massive parallel processing data lakehouse, enabling contextual analytics at petabyte scale, fast. This also reduces redundancy of data and tool sprawl, while high data privacy standards accelerate team collaboration and automation of security analytics and processes.

Dynatrace not only brings all security data into one place for contextual analytics but also increases security analytics coverage with the addition of observability data. For example, user behavior helps identify attacks or fraud. Another example is when anomaly detection identifies services impacted by ransomware.

Security capabilities that welcome efficiency

On the security front, Dynatrace Application Security provides Continuous Threat and Exposure Management (CTEM) through three core areas:

• Vulnerabilities and Exposures, continuously at runtime.
• Configuration and Compliance, adding the configuration layer security to both applications and infrastructure and connecting it to compliance.
• Detection and Response, connecting log management and security, addressing what previously required a dedicated SIEM, and automating detection and response.

Dynatrace Runtime Security delivers advanced protection for cloud-native and on-premises applications. It continuously detects vulnerabilities, ensures compliance, provides real-time insights beyond logs, and automatically blocks code-level attacks, including zero-day exploits, with intelligent response automation.

Runtime Security integrates seamlessly with static code analyzers, container scanners, and application security testing tools. Customers ingest these findings to Dynatrace and track software quality and security from development to production. With Dynatrace in pre-production, they validate software before deployment and secure it in production, automatically leveraging a dynamic bill of materials to assess both first- and third-party software.

With CTEM alone, by streamlining security needs with Dynatrace, executives can achieve significant savings. For example, for companies with over 1,000 DevOps engineers, the potential savings are between $3.4 million to $5 million annually in increased developer efficiency with our vulnerability and exposure offering alone.

Dynatrace observability and security posture management means Site Reliability Engineers (SREs) get configuration assessments mapped to compliance for Kubernetes, cloud, and VMware environments - with the ability for auto-remediation via workflows.

With logs and threat intelligence data, Dynatrace Query Language (DQL) provides detection findings, rounding out the offering to provide the ability to secure an entire Kubernetes cluster from vulnerabilities and exposures. The offering also extends to configuration and compliance, all combined with response automation.

Operational resilience with observability and security

Executives might not have considered the role that Dynatrace can play in their security compliance efforts because they see the platform as an observability solution.

We're challenging these preconceptions. The following are seven ways that the Dynatrace platform can improve how teams conduct security analytics:

1. Unify data storage + context: Gain rich context with end-to-end observability that siloed security tools (such as container scanners, enterprise SIEM, and static code analysis solutions) so often lack resulting in inefficiencies and organizational complexities.
2. Contextual analytics: Enable real-time and contextually holistic analytics and automation with unified observability and security, powered by the Grail data lakehouse. No more manually piecing together data sources for security analytics.
3. Collaboration: Operationalize tasks and increase productivity by enabling greater collaboration between SRE/Ops, development, and security teams.
4. Causal AI-based risk analysis: Reduce false positives and automatically prioritize and route vulnerabilities to developers with automated risk analysis, similar to configuration/compliance issues routed to SREs. Gain the fast insights you need to comply with requirements (such as the SEC's four-day reporting rule) so you can focus on what matters.
5. Automate security analytics with AISecOps: Modern hypermodal AI usage increases automation of contextual analytics tasks, reduces false positives, detects threats and vulnerabilities impossible before, and speeds collaboration through automated workflows.
6. Real-time cyber resilience: Continuous compliance status and exposure risk assessment and contextual-prioritization eases dealing with growing cyberthreats and hardened compliance requirements.
7. Focus on prevention: Changes in existing and release of new regulations and directives show that it is no longer enough to respond to security threats after they occur. Regulations, especially NIS2 or Cybersecurity Maturity Model Certification, increasingly emphasize proactive risk management. The convergence of observability and security allows for real-time, AI-powered anomaly detection, which is essential for identifying risks before they escalate into full-blown incidents that breach compliance thresholds.

Modern delivery, reliability, and security teams are navigating an exciting yet challenging landscape. With the growing complexity of their roles, these teams are rising to the occasion, leveraging innovation to manage increasing workloads and address the expanding security attack surface with resilience and determination. While it takes time and effort to implement and learn how to use new solutions, the reality is that organizations must act faster than ever to stay ahead of the competition and keep their organizations secure and efficient. Now is the time for executives to take the driver's seat: dismantle the silos, converge observability and security, and drive a more automated approach to operational resilience.

[1] Gartner, Simplify Cybersecurity With a Platform Consolidation Framework, Dionisio Zumerle, John Watts, 26 March 2024. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.