DEVOPSdigest

DEVOPSdigest asked experts from across the IT industry — from analysts and consultants to users and the top vendors — for their opinions on the top tools to support DevSecOps. Part 3 covers security and monitoring.

Start with The Top Tools to Support DevSecOps - Part 1

Start with The Top Tools to Support DevSecOps - Part 2

SECURITY INCIDENT AND EVENT MANAGEMENT (SIEM)

As applications modernize to support rapid and continuous delivery, it becomes increasingly important to incorporate security tooling in the delivery process. However, many clients still run security processes independently. Thus the most important tool is an event system that correlates security events with the flow of events from a complex and dynamically changing application environment — enabling you to take action quickly.
Mike Mallo
Offering Management Lead - Hybrid Cloud DevOps, IBM Cloud Unit, IBM Corporation(link is external)

The most important tool needed to support DevSecOps is an analytics-driven security incident and event management (SIEM) platform. Traditionally a security tool for intrusion detection, a sophisticated SIEM can actually serve as the nerve center for monitoring within an organization. A SIEM can monitor change management across your processes, including automated development pipelines. Throw in a platform for delivering targeted, real-time notifications, and a SIEM is an excellent way to achieve situational awareness for DevSecOps.
Robert Hawk
Privacy & Security Lead, xMatters(link is external)

THREAT DETECTION AND RESPONSE

The rush to the cloud is exacerbating the disconnect between DevOps and security. Cloud computing, SaaS models, and DevOps have transformed infrastructure and operations practices, which may improve efficiency but also creates new security challenges. What's needed is an investment in threat detection and response tools which enable teams to securely leverage modern infrastructure and DevOps, without straining security teams or operations performance.
Pete Cheslock
Sr. Director, Operations and Support, Threat Stack(link is external)

ENDPOINT SECURITY

DevSecOps has many critical pieces, but the most important is the right tooling to support the "Sec" part. To successfully execute the process end-to-end, and reduce potential impacts to production, you need to have the right tools, such as an endpoint security solution with an API to build into the DevSecOps process. An endpoint security solution that includes patch management, privilege management and application control tools makes it possible to apply configuration, patch, and other security settings in-line with each push from development to QA to production. This feature set allows the deployed system to be fully configured and tested before hitting production.
Chris Goettl
Director of Product Management, Security, Ivanti(link is external)

SECURITY MONITORING

Given the recent network attacks in which personal information of millions of people where comprised at a mass scale, continuously monitoring and patching the enterprise network for security vulnerability becomes critically important. This is where DevSecOps and its principles apply and having the right tools to proactively detect and monitor attacks becomes critically important for DevSecOps to be effective.
Prashant Kumar
Co-Founder and VP of Product Management, 128 Technology(link is external)

NETWORK MONITORING

Most network monitoring tools aren't security tools per se, but they can be very helpful to support DevSecOps, and one could argue that the visibility they provide into the overall state of the IT infrastructure and what's happening within it, make them the most important tool. For DevSecOps professionals, network monitoring can be thought of as a flashlight. It lets them see the impact of their work on their IT infrastructure, security and vice versa. Dashboards are a great example. With the ability to create highly customizable dashboards that make it easy to visualize what's happening in the networks, systems, hardware, software and devices being monitored, team members can view in real time how even the slightest change they make impacts the organization's overall security stance. This view into the subtle impact that development efforts can have on security is important in an age when threats increasingly go low and slow, and can remain hidden for extended periods of time.
Greg Ross
Systems Engineer, North America, Paessler AG(link is external)

PACKET ANALYZER

DevSecOps practices rely on rapid detection and response into potential security events. To investigate security events quickly, IT or incident responders need a tool that can acquire, retain and analyze the network packets associated with that event. Unlike log data and metadata, packets do not lie and allow investigators to resolve incidents much more quickly and accurately. A few concerns to keep in mind; the relevant packets in a security investigation often hit the network right before a SIEM or IDS/IPS triggers an alert, so a rolling buffer is key. Also, saving packets on a network for a useful length of time quickly becomes impossible due to storage limitations, so the best tools will have a way to selectively capture the relevant packets and ignore the rest.
Jay Botelho
Senior Director of Products, Savvius(link is external)

APPLICATION SLA DELIVERY

With ever-increasing customer demands, more and more organizations adopt agile and continuous delivery methodologies in order to roll out features faster than ever before. However, DevOps teams frequently bypass established network and security administrators, which limits their control on application delivery and security. It doesn't matter how well a DevOps team performs if it puts an organization at risk, which is why a secure application SLA delivery solution is an important tool for supporting DevSecOps. These solutions can ensure continuous delivery without continued vulnerability. When considering these tools, check to see whether it has immediate protection with turn-key defenses, automatic application-mapping of code-changes, and continuously adaptive security policies. To better support both DevOps and production solutions, look for services that also offer cost-effective and agile licensing with complete automation of application delivery.
Louis Scialabba
Director of Carrier Solutions Marketing, Radware(link is external)

LOG MANAGEMENT

Log files are a critical part of a DevOps practice and hence, they are part of the DevSecOps equation. However, they are difficult to manage and present an inherent and significant security/privacy risk. We can point to the recent publicly disclosed events at Twitter and Github that jeopardized user credentials as a result of poor logging practices. These two events might only be the tip of the iceberg as we all rely on manual process to redact, obscure or remove PII from logging statements. While log files are mainly an internal utility, this still presents significant risk of privacy breach as developers may end up logging SSNs, passwords and payment details as they try to troubleshoot issues with production systems. Ultimately, for this type of threat, you can use traditional log management tools to parse and identify privacy breaches. However, these tools do not proactively prevent such issues. As an industry we must look at both the process –— the way we log — and the vehicles themselves –— our logging frameworks — in order to develop a holistic pre- and post-event approach to ensure good log hygiene.
Alex Zhitnitsky
Director of Developer Relations, OverOps(link is external)

AI-ENABLED ANALYTICS

As a service grows in popularity, it becomes more prone to security attacks. There is no limit to how much time teams spend on improving security, especially since organizations grow by the hour and IT infrastructures become more dynamic each day. Application developers, IT experts, and security teams need production tools that can be trained to learn on their own and automatically flag problems by reading production logs. Security teams should enhance their security efforts by using AI-enabled analytics tools to cover a larger attack surface.
Gibu Mathew
Director, Product Management, Site24x7(link is external)

APPLICATION PERFORMANCE MANAGEMENT (APM)

Application performance monitoring is the most important tool for DevSecOps. Observability is essential to bringing the development, operations and security practices together. With complete visibility and forensics into how apps and systems behave during a test cycle or in production, it is easy to collaborate across teams and arrive at the right solution. A sampled approach to forensic analysis is a non-starter: every transaction matters and can be a key to understanding more sophisticated attacks.
Peco Karayanev
Sr. Product Manager, Riverbed(link is external)

DevSecOps strives to embed security concerns throughout the different aspects of the application development life cycle, and involves an assortment of experts in different roles (R&D, IT, operations and so on). It is, therefore, crucial to be able to monitor the software at its different stages, from development and testing, to deployment, scaling out and more. By using an APM tool that exposes all the relevant data in a way that can be understood by the various departments individually, collaboration is seamless.
Yossi Shirizli
VP R&D, Correlsense(link is external)

Read The Top Tools to Support DevSecOps - Part 4, covering code and data.