Splunk: Security + Resilience unlocks innovation

Some 10 years later, products like AppDynamics addressed the move to a more distributed architecture, and they created, what was often termed, “APM 2.0”.  Here we are again, some 15 years later and there is another big step-change, prompting the need for a new set of technologies.

One of the most dramatic changes is the switch to micro-services or containers.  Before that, we used to scale wide but since the advent of micro-services, we now scale deep, and APM can no longer tell us the whole story.

Another change is that APM traditionally used agents to tell us useful information about key systems, but this has now been replaced by OpenTelemetry, which is free.

While APM focuses on response times to identify issues with the end user experience, Observability takes a more holistic approach and covers the performance and health of applications and their underlying infrastructure, often in highly distributed environments built on micro-services.

In addition to delivering insights across the full stack for business applications, it is also delivering useful insights for security and compliance, IT operations and more.

If you combine Splunk’s Observability stack with Splunk IT Service Intelligence, you have real-time, AI-driven resilience underpinned by the same Splunk platform that is providing your security and helping to ensure resilience in modern, complex application stacks.

Resilience Plus Security

The pandemic has driven an unprecedented growth in cloud adoption and this has been met by a proportionately high increase in attacks against cloud infrastructure in particular. 

In fact, cybercrime is a multi-trillion dollar (>$10TN) problem that is feeding a multi-billion dollar (>$150BN) market.

Today, we face some fundamental challenges in security that we need to overcome.

Data Acquisition:

We need to acquire, store and make searchable a wide range of data to analyse.  This data often resides deep inside micro-services, delivered either on-premises or in the cloud, each of which require a different approach to security and is often the same data that we already collected for Operations.

AI:

Due to the amount of data, we need to use AI to help process and analyse it because rest assured, your attackers will be using AI!  For example, AI helps to find zero-day exploits because it is great at spotting anomalies.

Prioritisation:

Most of the security analyst’s time is spent triaging security incidents.  In a world that has a shortage of Security experts, anything we can do to help give time back to the analyst is useful.  Prioritisation is essential because it allows a security analyst to focus on the important issues first.  Risk-Based Alerting, based on the MITRE ATT&CK framework, is Splunk’s solution that addresses this problem.

‘SECURITY’ + ‘RESILIENCE’ unlocks ‘INNOVATION’

Security, resilience and innovation are all intrinsically linked.

Security

In 2020, over 3,000 breaches exposed over 36BN records

Resilience

Every one-second delay in digital experience can lead to a 10% increase in user abandonment

Innovation

2 out of every 3 customer interactions are now digital!

What we call “customer experience”, is often the result of highly complex interactions between multiple systems.

The data needed for security is often the same data you need for Observability so, by combining Security and Observability in the same platform, you remove the overhead of collecting the same data for different tools. 

The changes in the DevOps world necessitated a new approach to APM.  Observability has arguably filled that gap, providing rich data across the full stack.

At the same time, those changes in the DevOps world necessitated a new approach to security.

DevSecOps was born out of the need to apply security earlier in the CI/CD pipeline. 

Observability provides useful data from the full-stack to feed both Resilience and Security and to drive Innovation.

We will be exploring DevSecOps further in our next blog.