Skip to main content

Exploring the Convergence of Observability and Security - Part 3: Tools

Pete Goldin
Editor and Publisher
APMdigest

With input from industry experts — both analysts and vendors — this 8-part blog series will explore what is driving the convergence of observability and security, the challenges and advantages, and how it may transform the IT landscape.

Start with: Exploring the Convergence of Observability and Security - Part 1

Start with: Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces

The experts have all agreed that security teams can gain great benefits from utilizing observability data. But does this mean security and observability tools should be integrated, or even combined?

Chaim Mazal, Chief Security Officer at Gigamon says the answer to this question is a resounding yes.

"Observability tools are powerful at aiding organizations in identifying security anomalies and pinpointing performance bottlenecks at the application layer. Logging provides foundational visibility into the applications running across their hybrid cloud infrastructure. But, as threat actors apply increasingly sophisticated techniques to breach an organization's technology environment, network-derived intelligence is vital to detecting lateral movement should a threat actor successfully gain access. If successful, threat actors can move across an organization undetected seeking to exploit proprietary or confidential information for financial gain. It's only by integrating logging with network-derived intelligence that IT organizations gain deep observability across their hybrid and multi-cloud infrastructure to detect previously unseen threats, deliver defense in depth, and complete performance management."

"Security and observability tools should absolutely be combined," says Prashant Prahlad, VP of Cloud Security Products at Datadog. "Traditional security solutions are targeted solely at security professionals. But, while security pros are responsible for finding vulnerabilities, misconfigurations and risks, developers are the ones responsible for fixing them. This is especially true when it comes to cloud security as most of the remediation requires working with a DevOps team."

"For example, security can't change the configuration of a s3 bucket without the risk of breaking something in production, which is why it is critical to have the DevOps and security teams aligned," Prahlad continues. "Because traditional solutions are aimed at security pros — who traditionally managed network security — they don't provide the shared context that organizations need to fix issues quickly and efficiently. A unified platform for observability and security is needed so that developers can work directly with security pros to visualize how threats and vulnerabilities are impacting their cloud environments and prioritize fixes faster. This approach breaks down silos between DevOps and security teams and creates the shared context they need to secure cloud environments."

However, convergence is difficult to prescribe, cautions Asaf Yigal, CTO of Logz.io. "Literally every organization is going to require a unique approach based on its specific makeup, whether this is a large or mature org with a lot of people given responsibility for dev, ops, security or even platform engineering. The platforms and tooling need to match the people and process, or evolve with it."

"At the same time, we know for sure that there is a huge benefit in bringing together the relevant data, either to be actioned centrally, say in a smaller shop with only a few people responsible for DevSecOps, or to be communicated across teams in a larger org with multiple groups spanning the entire landscape."

"There's also the huge benefit of tapping into a common data set," Yigal adds, "namely logs, and using a shared platform; this is for a lot of reasons, from using a common language for querying engines, etc., to having fewer vendors to manage. This is why nearly every major observability vendor also markets a SIEM — it just makes a lot of sense."

Adam Hert, Director of Product at Riverbed agrees that tools should be integrated, but says, "Security and observability tools don't need to be combined. Some teams are trying to do this, but it does not make sense for organizations to do so, largely because you have two teams focused on very different goals. Security teams are tracking down threats, while observability teams are focused on making the enterprise more efficient and effective. Observability and security tools don't need to be combined, but they need to be able to integrate so that security tools can ask questions on the observability data."

Convergence Saves Money

"On the one hand, there's an argument to be made that security and observability tools should not be combined as most traditional monitoring and logging tools get bogged down by the strict retention requirements that are required by security tools for regulatory and compliance purposes of their products," says Jam Leomi, Lead Security Engineer at Honeycomb. "Applying that type of forensic-level, unsampled logging to observability tools would both be costly in terms of expense and speed, but also very inefficient."

"However, combining security and observability tools does have some functionality as it would cut down on costs drastically while creating an open field for collaboration between security, engineering, and the business to address incident response and the overall security posture assessment — generally, because there's a lot of natural crossover between the goals and initiatives for security and observability teams," Leomi continues. "For example, SOC2 controls require teams to keep up with performance metrics which observability platforms can offer fresh insights into data, even without having the granularity of each forensic row."

Colin Fallwell, Field CTO of Sumo Logic agrees that any time teams can unify data and interfaces for managing observability and security, it's a win, both in reducing the cost of ownership as well as ROI in uniformity and standards. "DevOps and SecOps need the same data, so why have two collection pipelines, for separate tools, capturing the same telemetric data? It really doesn't make sense. This redundancy is expensive and unnecessary."

"Additionally, there's a shortage of specialized security talent with the skillset needed to shift security left," Leomi from Honeycomb informs. "Organizations are under increasing pressure to reduce spend without sacrificing ability, so naturally, they look for tools that can perform multiple functions like the ability to observe application performance while also being able to identify security vulnerabilities."

"Further exacerbating this trend is the scarcity of security talent needed to drive and meet security initiatives," Leomi adds. "This has driven organizations to rely on what they have, which is often product and platform engineering departments that are already using a tool for observability and one that can provide a good enough starting point for security."

Go to: Exploring the Convergence of Observability and Security - Part 4: Dashboards

Pete Goldin is Editor and Publisher of APMdigest

The Latest

According to Auvik's 2025 IT Trends Report, 60% of IT professionals feel at least moderately burned out on the job, with 43% stating that their workload is contributing to work stress. At the same time, many IT professionals are naming AI and machine learning as key areas they'd most like to upskill ...

Businesses that face downtime or outages risk financial and reputational damage, as well as reducing partner, shareholder, and customer trust. One of the major challenges that enterprises face is implementing a robust business continuity plan. What's the solution? The answer may lie in disaster recovery tactics such as truly immutable storage and regular disaster recovery testing ...

IT spending is expected to jump nearly 10% in 2025, and organizations are now facing pressure to manage costs without slowing down critical functions like observability. To meet the challenge, leaders are turning to smarter, more cost effective business strategies. Enter stage right: OpenTelemetry, the missing piece of the puzzle that is no longer just an option but rather a strategic advantage ...

Amidst the threat of cyberhacks and data breaches, companies install several security measures to keep their business safely afloat. These measures aim to protect businesses, employees, and crucial data. Yet, employees perceive them as burdensome. Frustrated with complex logins, slow access, and constant security checks, workers decide to completely bypass all security set-ups ...

Image
Cloudbrink's Personal SASE services provide last-mile acceleration and reduction in latency

In MEAN TIME TO INSIGHT Episode 13, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses hybrid multi-cloud networking strategy ... 

In high-traffic environments, the sheer volume and unpredictable nature of network incidents can quickly overwhelm even the most skilled teams, hindering their ability to react swiftly and effectively, potentially impacting service availability and overall business performance. This is where closed-loop remediation comes into the picture: an IT management concept designed to address the escalating complexity of modern networks ...

In 2025, enterprise workflows are undergoing a seismic shift. Propelled by breakthroughs in generative AI (GenAI), large language models (LLMs), and natural language processing (NLP), a new paradigm is emerging — agentic AI. This technology is not just automating tasks; it's reimagining how organizations make decisions, engage customers, and operate at scale ...

In the early days of the cloud revolution, business leaders perceived cloud services as a means of sidelining IT organizations. IT was too slow, too expensive, or incapable of supporting new technologies. With a team of developers, line of business managers could deploy new applications and services in the cloud. IT has been fighting to retake control ever since. Today, IT is back in the driver's seat, according to new research by Enterprise Management Associates (EMA) ...

In today's fast-paced and increasingly complex network environments, Network Operations Centers (NOCs) are the backbone of ensuring continuous uptime, smooth service delivery, and rapid issue resolution. However, the challenges faced by NOC teams are only growing. In a recent study, 78% state network complexity has grown significantly over the last few years while 84% regularly learn about network issues from users. It is imperative we adopt a new approach to managing today's network experiences ...

Image
Broadcom

From growing reliance on FinOps teams to the increasing attention on artificial intelligence (AI), and software licensing, the Flexera 2025 State of the Cloud Report digs into how organizations are improving cloud spend efficiency, while tackling the complexities of emerging technologies ...

Exploring the Convergence of Observability and Security - Part 3: Tools

Pete Goldin
Editor and Publisher
APMdigest

With input from industry experts — both analysts and vendors — this 8-part blog series will explore what is driving the convergence of observability and security, the challenges and advantages, and how it may transform the IT landscape.

Start with: Exploring the Convergence of Observability and Security - Part 1

Start with: Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces

The experts have all agreed that security teams can gain great benefits from utilizing observability data. But does this mean security and observability tools should be integrated, or even combined?

Chaim Mazal, Chief Security Officer at Gigamon says the answer to this question is a resounding yes.

"Observability tools are powerful at aiding organizations in identifying security anomalies and pinpointing performance bottlenecks at the application layer. Logging provides foundational visibility into the applications running across their hybrid cloud infrastructure. But, as threat actors apply increasingly sophisticated techniques to breach an organization's technology environment, network-derived intelligence is vital to detecting lateral movement should a threat actor successfully gain access. If successful, threat actors can move across an organization undetected seeking to exploit proprietary or confidential information for financial gain. It's only by integrating logging with network-derived intelligence that IT organizations gain deep observability across their hybrid and multi-cloud infrastructure to detect previously unseen threats, deliver defense in depth, and complete performance management."

"Security and observability tools should absolutely be combined," says Prashant Prahlad, VP of Cloud Security Products at Datadog. "Traditional security solutions are targeted solely at security professionals. But, while security pros are responsible for finding vulnerabilities, misconfigurations and risks, developers are the ones responsible for fixing them. This is especially true when it comes to cloud security as most of the remediation requires working with a DevOps team."

"For example, security can't change the configuration of a s3 bucket without the risk of breaking something in production, which is why it is critical to have the DevOps and security teams aligned," Prahlad continues. "Because traditional solutions are aimed at security pros — who traditionally managed network security — they don't provide the shared context that organizations need to fix issues quickly and efficiently. A unified platform for observability and security is needed so that developers can work directly with security pros to visualize how threats and vulnerabilities are impacting their cloud environments and prioritize fixes faster. This approach breaks down silos between DevOps and security teams and creates the shared context they need to secure cloud environments."

However, convergence is difficult to prescribe, cautions Asaf Yigal, CTO of Logz.io. "Literally every organization is going to require a unique approach based on its specific makeup, whether this is a large or mature org with a lot of people given responsibility for dev, ops, security or even platform engineering. The platforms and tooling need to match the people and process, or evolve with it."

"At the same time, we know for sure that there is a huge benefit in bringing together the relevant data, either to be actioned centrally, say in a smaller shop with only a few people responsible for DevSecOps, or to be communicated across teams in a larger org with multiple groups spanning the entire landscape."

"There's also the huge benefit of tapping into a common data set," Yigal adds, "namely logs, and using a shared platform; this is for a lot of reasons, from using a common language for querying engines, etc., to having fewer vendors to manage. This is why nearly every major observability vendor also markets a SIEM — it just makes a lot of sense."

Adam Hert, Director of Product at Riverbed agrees that tools should be integrated, but says, "Security and observability tools don't need to be combined. Some teams are trying to do this, but it does not make sense for organizations to do so, largely because you have two teams focused on very different goals. Security teams are tracking down threats, while observability teams are focused on making the enterprise more efficient and effective. Observability and security tools don't need to be combined, but they need to be able to integrate so that security tools can ask questions on the observability data."

Convergence Saves Money

"On the one hand, there's an argument to be made that security and observability tools should not be combined as most traditional monitoring and logging tools get bogged down by the strict retention requirements that are required by security tools for regulatory and compliance purposes of their products," says Jam Leomi, Lead Security Engineer at Honeycomb. "Applying that type of forensic-level, unsampled logging to observability tools would both be costly in terms of expense and speed, but also very inefficient."

"However, combining security and observability tools does have some functionality as it would cut down on costs drastically while creating an open field for collaboration between security, engineering, and the business to address incident response and the overall security posture assessment — generally, because there's a lot of natural crossover between the goals and initiatives for security and observability teams," Leomi continues. "For example, SOC2 controls require teams to keep up with performance metrics which observability platforms can offer fresh insights into data, even without having the granularity of each forensic row."

Colin Fallwell, Field CTO of Sumo Logic agrees that any time teams can unify data and interfaces for managing observability and security, it's a win, both in reducing the cost of ownership as well as ROI in uniformity and standards. "DevOps and SecOps need the same data, so why have two collection pipelines, for separate tools, capturing the same telemetric data? It really doesn't make sense. This redundancy is expensive and unnecessary."

"Additionally, there's a shortage of specialized security talent with the skillset needed to shift security left," Leomi from Honeycomb informs. "Organizations are under increasing pressure to reduce spend without sacrificing ability, so naturally, they look for tools that can perform multiple functions like the ability to observe application performance while also being able to identify security vulnerabilities."

"Further exacerbating this trend is the scarcity of security talent needed to drive and meet security initiatives," Leomi adds. "This has driven organizations to rely on what they have, which is often product and platform engineering departments that are already using a tool for observability and one that can provide a good enough starting point for security."

Go to: Exploring the Convergence of Observability and Security - Part 4: Dashboards

Pete Goldin is Editor and Publisher of APMdigest

The Latest

According to Auvik's 2025 IT Trends Report, 60% of IT professionals feel at least moderately burned out on the job, with 43% stating that their workload is contributing to work stress. At the same time, many IT professionals are naming AI and machine learning as key areas they'd most like to upskill ...

Businesses that face downtime or outages risk financial and reputational damage, as well as reducing partner, shareholder, and customer trust. One of the major challenges that enterprises face is implementing a robust business continuity plan. What's the solution? The answer may lie in disaster recovery tactics such as truly immutable storage and regular disaster recovery testing ...

IT spending is expected to jump nearly 10% in 2025, and organizations are now facing pressure to manage costs without slowing down critical functions like observability. To meet the challenge, leaders are turning to smarter, more cost effective business strategies. Enter stage right: OpenTelemetry, the missing piece of the puzzle that is no longer just an option but rather a strategic advantage ...

Amidst the threat of cyberhacks and data breaches, companies install several security measures to keep their business safely afloat. These measures aim to protect businesses, employees, and crucial data. Yet, employees perceive them as burdensome. Frustrated with complex logins, slow access, and constant security checks, workers decide to completely bypass all security set-ups ...

Image
Cloudbrink's Personal SASE services provide last-mile acceleration and reduction in latency

In MEAN TIME TO INSIGHT Episode 13, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses hybrid multi-cloud networking strategy ... 

In high-traffic environments, the sheer volume and unpredictable nature of network incidents can quickly overwhelm even the most skilled teams, hindering their ability to react swiftly and effectively, potentially impacting service availability and overall business performance. This is where closed-loop remediation comes into the picture: an IT management concept designed to address the escalating complexity of modern networks ...

In 2025, enterprise workflows are undergoing a seismic shift. Propelled by breakthroughs in generative AI (GenAI), large language models (LLMs), and natural language processing (NLP), a new paradigm is emerging — agentic AI. This technology is not just automating tasks; it's reimagining how organizations make decisions, engage customers, and operate at scale ...

In the early days of the cloud revolution, business leaders perceived cloud services as a means of sidelining IT organizations. IT was too slow, too expensive, or incapable of supporting new technologies. With a team of developers, line of business managers could deploy new applications and services in the cloud. IT has been fighting to retake control ever since. Today, IT is back in the driver's seat, according to new research by Enterprise Management Associates (EMA) ...

In today's fast-paced and increasingly complex network environments, Network Operations Centers (NOCs) are the backbone of ensuring continuous uptime, smooth service delivery, and rapid issue resolution. However, the challenges faced by NOC teams are only growing. In a recent study, 78% state network complexity has grown significantly over the last few years while 84% regularly learn about network issues from users. It is imperative we adopt a new approach to managing today's network experiences ...

Image
Broadcom

From growing reliance on FinOps teams to the increasing attention on artificial intelligence (AI), and software licensing, the Flexera 2025 State of the Cloud Report digs into how organizations are improving cloud spend efficiency, while tackling the complexities of emerging technologies ...