Black Hat 2024: Observability for DevSecOps and scaled security posture management

Security concerns are soaring with the rise of generative AI and cloud-native tech. From securing elections to protecting data privacy, the stakes of cybersecurity are mounting around the globe. The AI boom is pushing DevSecOps teams across industries to the limit as they struggle to secure increasingly complex cloud applications against expanding attack surfaces. Organizations across industries are embracing generative AI, a technology that promises faster development and increased productivity. However, security concerns linger despite the potential benefits.

Currently, there is a tough balance to achieve: Organizations need to innovate rapidly at scale, yet security remains paramount. Security analysts are drowning, with 70% of security events left unexplored, crucial months or even years can pass before breaches are understood. After a security event, many organizations often don't know for months-or even years-when, why, or how it happened. The sheer volume of log data stretching back months, even years, makes solving this a costly and complex challenge.

To combat these challenges, organizations are merging observability context with security data. Converging observability and security empowers DevSecOps teams with real-time, end-to-end visibility into application security issues across vast deployments. This unified view allows them to identify and respond to critical security incidents swiftly, ultimately strengthening their overall security posture.

For Black Hat 2024, we explore how utilizing threat intelligence and cutting-edge AI can empower organizations to proactively shield themselves from evolving cyber threats. Our guide covers AI for effective DevSecOps, converging observability and security, and cybersecurity analytics for threat detection and response. Such a comprehensive, unified approach helps boost an organization's cyber resilience. If you're attending Black Hat this year, make sure to stop by the Dynatrace booth #2808.

AI for effective DevSecOps

AI itself has become an indispensable technology for organizations that must deliver safe and secure online services.

Automating development, security, and operations (DevSecOps) and using AI to analyze massive data sets are becoming standard practices for securing applications and data. In the Dynatrace "State of Application Security 2024" report, 71% of CISOs say DevSecOps automation is critical to ensuring that organizations are taking reasonable measures to minimize application security risk.

AI significantly accelerates DevSecOps by processing vast amounts of data to identify and classify potential threats, leading to proactive threat detection and response. AI is also crucial for securing data privacy, as it can more efficiently detect patterns, anomalies, and indicators of compromise.

In vulnerability management, AI algorithms can quickly identify vulnerabilities such as remote code execution (RCE) or cross-site scripting (XSS) attacks. Once AI identifies these vulnerabilities, it can prioritize them based on severity and provide remediation recommendations that teams can automate.

But just as organizations are adopting platform engineering practices to standardize DevSecOps tools and methods, they also need observability of their AI models to ensure their teams are using AI safely, efficiently, and compliantly. They also need to recognize that not all AI is created equal. More complex use cases require a composite approach combining multiple types of AI and different data sources.

The following resources explore the ways in which AI makes DevSecOps more effective.

	How observability, application security, and AI enhance DevOps and platform engineering maturity - blog Observability and AI can help ensure the reliability, security, and efficiency of DevOps and platform engineering. Learn more in this blog.
	Generative AI poised to have impact by automating software development, report says - blog According to ESG research, generative AI will change software development activities, from quality assurance to CI/CD pipeline configuration.
	Why 85% of AI projects fail and how Dynatrace can save yours - blog Navigating the path to successful AI deployments can be quite challenging, leaving many organizations to wonder why their AI projects fail.
	Operationalize DevSecOps Automation with Dynatrace Application Security Solutions - Power Demo Innovate faster, operate more efficiently, and drive better business outcomes with observability, AI, automation, and application security in one platform.
	Kubernetes Experience unlocks the power of DevSecOps for platform engineering - blog With the Dynatrace Kubernetes experience, platform engineers can easily and automatically implement DevSecOps best practices
	Auto-adaptive thresholds for AI-driven quality gating - blog The Site Reliability Guardian automates the validation process for new software releases or changes. Read now and learn more!

Converging observability with security

Multicloud environments offer a data haven of increased scalability, agility, and performance. However, they can also drown organizations in data and offer an abundance of complexity, which invites potential security vulnerabilities and issues. In fact, according to recent Dynatrace research, "The state of observability in 2024," 84% of technology leaders say multicloud complexity makes it harder to protect applications from security vulnerabilities and attacks.

Often, organizations aren't even aware they've experienced a security attack. This lack of awareness can leave organizations open to the same attack vector being repeatedly used by bad actors. Detailed insight into security issues across environments and applications is necessary to streamline detection and remediation. By converging observability and security with a unified observability approach, organizations can monitor and secure their entire stack on an AI-powered data platform.

Unified observability and security present data in intuitive, user-friendly ways to enable data gathering, analysis, and collaboration while reducing mean time to repair (MTTR) issues and boosting application performance and availability.

For more information on the importance of converging observability and security, check out the following resources.

	Dynatrace accelerates business transformation with new AI observability solution - blog AI adoption is imperative to remain competitive, but its benefits aren't straightforward. AI observability accelerates AI benefits.
	7 criteria for unified observability and security at scale - whitepaper To build the flawless digital services customers expect, organizations increasingly rely on hybrid-cloud and multicloud applications and infrastructure. But while powerful, these environments are complex and challenging to manage.
	Security by design enhanced by unified observability and security - blog Business spend management company Soldo uses unified observability and security to implement efficient security-by-design and DevSecOps practices.
	US government guidance and fortifying a zero trust architecture with observability - blog Discover the principles of zero-trust architecture and how observability can help government agencies keep their apps secure.
	2024 CISO Report: The state of application security - report As risks heighten, organizations must overcome persistent security challenges. Discover more insights from the 2024 CISO Report.

Cybersecurity analytics and observability in context for threat detection and response

The increasing complexity of cloud-native and multicloud systems has made it easier than ever for bad actors to lurk in the hidden corners of an organization's IT environment and strike at any time. From the Log4Shell attack in 2021 to the recent OpenSSH vulnerability in July, organizations have been struggling to maintain secure, compliant systems amidst a broadened attack surface.

Traditionally, organizations have used log-based, manual approaches to understand cyberattacks-including where, when, and how they originated-and how to prevent them from recurring. But this strategy is too slow and inaccurate to manage the accelerating pace of digital transformation and the vast volumes of data generated every day. Organizations require a speedier, context-based approach to threat detection and incident response to keep their applications available, maintain customers' trust, and remain compliant.

A unified observability and security analytics strategy can guide organizations toward a more proactive security posture at scale. With an end-to-end view of their IT environment, security teams can understand exactly what is occurring in their applications and identify anomalous activity that could lead to a security event. Contextual security analytics enables teams to precisely identify affected systems and understand the full nature of the threat. Finally, teams can use AI to prioritize threat hunts and automation to accelerate investigation and build workflows to monitor and respond to future attempts.

Explore the following resources to learn more about how unified observability and security analytics can bolster threat detection and response.

	Dynatrace unveils Security Analytics to elevate threat detection, forensics, and incident response - blog Dynatrace unveils Security Analytics, a new Dynatrace platform solution, that elevates threat detection, forensics, and incident response.
	Speed up evidence-driven security investigations and threat hunting with Dynatrace Security Investigator - blog Dynatrace Security Investigator is a new application on the Dynatrace platform dedicated to security operations and security analysts.
	Security Analytics - webpage Quickly detect, investigate, and respond to threats with intelligent automation.
	RegreSSHion vulnerability: Detecting CVE-2024-6387 in OpenSSH - blog The RegreSSHion vulnerability in OpenSSH is challenging to exploit, but still threatens potential impact on IT environments. Learn more!
	Context-aware security incident response with Dynatrace Automations and Tetragon - blog Dynatrace Automations makes it easy to create custom, context-aware runbooks for security incident response. Learn how effective it can be!

Public link

Please use the above public link if you want to share this noodl on another website.