Security observability is the ability to gain visibility into an organization’s security posture, including its ability to detect and respond to security threats and vulnerabilities. It involves collecting, analyzing, and visualizing security data to identify potential hazards and take proactive steps to mitigate them.
Security observability involves collecting data from various security tools and systems, including network logs, endpoint security solutions, and security information and event management (SIEM) platforms, and then using this data to gain insights into potential threats. In other words, it tells you what it is likely to happen, not just what is already happening, as is the case with more traditional security operations tools. It’s a significant difference that makes security observability perhaps the most significant improvement in cloud security technology in recent years.
However, most people still don’t understand security observability, and that’s concerning. According to Verizon’s 2021 Data Breach Investigations Report, cloud assets were involved in 24% of all breaches analyzed in the report, up from 19% in 2020.
It’s clear that many cloud security people are playing Whac-A-Mole with emerging threats, and some need to be quicker to respond. This is likely to get worse as cloud deployments become more heterogeneous and complex with the growing popularity of multi-cloud applications using federated architectures. The number of attack surfaces will continue to increase and attacker creativity is beginning to gain ground.
By embracing cloud security observability, organizations can gain a more complete view of their cloud security posture, enabling them to:
- Detect and respond to threats faster. By collecting data from multiple security tools and systems, cloud security observability enables organizations to discover threats faster and respond to them proactively.
- Identify vulnerabilities and security gaps. With better insight, organizations can take proactive steps to address potential problems before bad guys exploit them.
- Improve incident response. By providing a more comprehensive view of security events, cloud security observability can help organizations strengthen their incident response capabilities and minimize the impact of attacks.
- Ensure compliance. Cloud security observability can help organizations monitor their cloud security implementation/posture to remain compliant with industry norms and standards, including supporting audits and other legal accounting.
Is this any different than what you’re doing today for cloud security? Cloud security observability may not change the types or amount of data you are monitoring. Observability is about making better sense of that data.
The same is true of cloud operations observability, which is more common. The monitoring data of the systems under management is mostly the same. What has changed is the insights that can now be derived from that data, including detecting patterns and predicting future problems based on these patterns, even warning of problems that could arise a year from now. This gives the operations team time to respond, plan and budget for these issues before they become another fire to put out.
Cloud security observability analyzes a combination of dozens of data streams for a hundred endpoints and finds patterns that could indicate an attack is likely to occur in the near or distant future. If it sounds like we’re removing humans from the process of making calls based on observed, raw, and rapidly calculated data, you’re right. We can respond to tactical security issues, such as a specific server under attack, with indicator alerts, meaning you need to block the attacking IP address. Cloud security observability can examine a complex matrix of system data and provide meaning derived from an integrated system of artificial intelligence and advanced data analytics.
The good news is that most cloud security providers know what cloud security observability is and does. Your salespeople are likely to call at any time. The bad news is that you probably don’t have the skills to understand how to set it up correctly or, more importantly, how to operate it continuously. If it’s not there now, it should be, and soon.
Copyright © 2023 IDG Communications, Inc.
Be First to Comment