Security analysts are struggling with two opposing challenges: too much data and too little of the right data. According to a recent survey from the Ponemon Institute, 71% of respondents cite information overload as a key stress factor in their work; 63% also call out a lack of visibility into the network and infrastructure as a stressor.
Conventional concerns, like the growing complexity of distributed denial-of-service attacks and negligent insiders, complicate today's security operations center (SOC) environment. In addition, cloud-native applications deployed on containers and other transient infrastructure are another factor in these challenges. Applications, and the infrastructure they run on, are more dynamic and ephemeral than before, and that comes with a level of complexity that traditional monitoring hasn't grappled with.
Shifting to Observable SystemsOver the last 18 months, operations teams, including security operations personnel, are talking about the shift from static monitoring to dynamic observability. While monitoring focuses on the health of individual components, observability provides fine-grained visibility into why systems behave the way they do. Observability is the characteristic of software, infrastructure, and systems allowing questions about their behavior to be asked and answered. Contrast this with monitoring, which forces predefined questions about systems into a set of blinking dashboards that may or may not tell you what's going on in your environment.
However, observability isn't a thing you can buy. No single tool provides all the benefits of observable systems. Teams must build observable systems, starting with embedding the concept into applications and infrastructure in the form of logs, metrics, and traces. Combining that data with change logs, IT service management data, and network ..
Support the originator by clicking the read the rest link below.
