Search form

Upcoming Webinars

Backup and Restore Your AD Objects Easily and Effectively
March 23, 2023
Common Trends Across Threat Actors and Attacker Groups (Mitre ATT&CK)
March 29, 2023
New Forrester Research Reveals Opportunities for Retail & eCommerce Companies to Increase Revenue Through Internet Resilience
March 29, 2023
Simplify Identity Management With Workflow-Driven Automation
March 30, 2023
5 Best Practices to Thwart Identity-Based Attacks in 2023
March 30, 2023
Enterprise-Ready, Multi-Cloud Log Intelligence Solution for Security Analytics
April 06, 2023
Data Stack Summit 2023
April 19, 2023
Maximize Your Savings: The Journey from On-Premise Hadoop to Amazon EMR
April 27, 2023

On-Demand Webinars

Application-Centric Infrastructure Monitoring
Bridging Observability and AIOps: The Fast and Easy Way
The 2023 ITOps Forecast
Your First Pane of Glass: How to Bring Clarity to Alert Noise
CMDB not up to date? Fret, no more!
What the World's SREs Know: The 2023 SRE Report
Gaining App-Centric Visibility into Your IT Infrastructure
Bridging Visibility Gaps in Your Multi-Cloud Infrastructure
Reduce Your Cloud Spend on Kubernetes with Pepperdata Capacity Optimizer
Exploring the "AI" in AIOps
Giving Your AIOps a Makeover with Full-Stack Service Map
Observability Trends in 2022: A Look into the Future
Cloud Trends and How Observability Enables Hybrid Cloud and Operational Efficiency
Shift Left for Cloud Cost Control
Composable Analytics for AIOps
Why Cost Control is Essential for your Modern Data Stack
Migrating to the Modern Data Stack
Robotic Data Automation Fabric & AIOps Conference
Modern Strategies for Cloud Cost Optimization
Transform the Performance of Your Hyperscale Distributed Systems
Beyond Observability: Optimizing High-Performance Big Data
BigPanda Resolve 22 Virtual Conference
Automatically Optimize Kubernetes and Improve Container Visibility
Monitoring Spark on Kubernetes: Key Performance Metrics
Drive Better Business Decisions with Optimization and Observability
Reduce Your Cloud Spend with Kubernetes Capacity Optimization
Control Cloud Costs with IT Chargeback
Monitor and Automatically Improve Kubernetes Performance: 5 Best Practices
Tuning Apache Kafka for Optimal Big Data Performance
Take the Interactive Pepperdata Product Tour

All Webinars...

Analyst Reports

Honeycomb Named a Leader in the 2022 Gartner® Magic Quadrant™ for APM and Observability
Honeycomb's O'Reilly Book Observability Engineering
ManageEngine Positioned in the Gartner Magic Quadrant for Application Performance Monitoring and Observability
The Modern IT Outage: Costs, Causes and Cures
2022 Gartner Critical Capabilities for APM and Observability
Why Composable Analytics Matter for Multi-Cloud AIOps
Gartner Top Strategic Technology Trends for 2022
Gartner 2022 Market Guide for AIOps Platforms
GigaOm Radar for AIOps
451 Research: The Future of IT Ops is Autonomous

All Analyst Reports...

White Papers

The 2023 State of IT Operations Report
Transitioning from APM Tools to Honeycomb
The State of Kubernetes 2023
Tracking Core Web Vitals with Vercel and Honeycomb
Integrated Performance Management for Physical, Virtual & Cloud Infrastructure
Using Honeycomb to Optimize CI/CD Delivery Pipeline Performance with GitLab
Preventing Outages in 2023: What We Learned from Recent Failures
Create a GitHub Actions Workflow to Optimize Delivery Pipeline Performance with Honeycomb
Network and Application Infrastructure Checklist for the "Work From Home" Admin
Using Honeycomb to Optimize CI/CD Delivery Pipeline Performance with CircleCI
Best Ways to Map Impact of Application Performance Issues on Business Goals
Going Beyond Plain Virtualization Monitoring
Application Management Solutions for Enterprises
Hybrid Cloud Monitoring: Fundamental Driver of Efficiency in Hybrid Clouds
7-Step Guide to IT Cost Reduction in 2023
Essential CDN Monitoring for Digital-First Organizations: The Authoritative Guide
G2 Users Love Pepperdata
Autonomous FinOps for Kubernetes
The Comprehensive Guide to Border Gateway Protocol
2023 SRE Report
Leveraging Observability to Build Better Applications
Data Building Blocks for an Observability Solution
AIOps + DataFabric = A Game-Changer for IT?
AIOps Best Practices for IT Teams and IT Leaders
IT Ops Reporting and Analytics Are Broken
2022 Big Data Kubernetes Survey Results
Pragmatic AIOps: A Buyer’s Guide
A Practical Guide to IT Ops Maturity
AIOps Benchmark Report
Enrichment for Faster Event Correlation and Root Cause Analysis

All White Papers...

Using APM for Security
January 07, 2013
Edward L. Halekty
Share this

There are quite a few architectures running around for Cloud and virtual environments, but except for a few, they seem to all be missing the ability to gain access to Application Performance Management (APM) data as a means to provide an early warning system for security issues.

Most security reference architectures rely on the old methods to get warnings about security issues such as use of a SIEM and a log analysis tool to interpret what is in the SIEM. However, there is a richer set of more immediate data that can help us with the problem of security notifications: APM Data.

APM Data provides a rich and different approach to security early warnings but the interpretation of the APM Data implies knowledge of the application that security professionals may not have. Yes, this is not a requirement as the security team and the applications team will be solving problems together that come up when there is an anomaly within any APM Data. The application team wants to know why there is an anomaly, perhaps a code path was taken unexpectedly, while the security team wants to insure that code path was not a hack attempt.

There are several ways to do this:

- Application and security professionals working together to determine if the APM Data shows a security issues or a code issue

- APM tools with built in mechanisms that could be used for security, such as a list of websites from which data comes into the system and to which data flows out of the system.

- APM tools that self learn the code path, so that when a new code path is used both security and application teams are notified

- APM tools that show both teams data about the code path when anomalies occur. Perhaps going so far as to highlight what was different

- APM Tools that show the exact process of events such as a database query to be investigated. Perhaps there was a SQL Injection within the query

APM tools have a rich set of data that could be used by security professionals. These tools know more about what is happening within an application than almost anyone else and could be helpful as a part of defense-in-depth. The smarter the APM tool, the more useful it becomes for security purposes.

Minimally, APM tools must contain the following abilities to be useful by security professionals:

- A way to see when external to the application resources were accessed, such as an external website.

- A way to see all database queries (even obfuscated if the APM solution is in the Cloud).

- A way to know when an anomaly has occurred, perhaps a different database query was made (possible SQL injection) or some normally unused code path was taken.

- A way to know when performance changes, perhaps activity is happening too fast (which could imply a DoS attack) or too slow (misconfigured or malware present).

In the end, however, it is all about determining when something anomalous has happened and a means of providing that data to the security team as well as the application team so that both work the problem side by side.

ABOUT Edward L. Halekty

Edward L. Halekty is Virtualization and Cloud Analyst, The Virtualization Practice LLC.

Share this

Hot Topics

APM

The Latest

EMA-APMdigest Podcast - Episode 2 - Part 1: Network Observability
March 23, 2023

APMdigest and leading IT research firm Enterprise Management Associates (EMA) are partnering to bring you the EMA-APMdigest Podcast, a new podcast focused on the latest technologies impacting IT Operations. In Episode 2 - Part 1 Pete Goldin, Editor and Publisher of APMdigest, discusses Network Observability with Shamus McGillicuddy, Vice President of Research, Network Infrastructure and Operations, at EMA ...

CIOs Elevated to the Boardroom
March 22, 2023

CIOs have stepped into the role of digital leader and strategic advisor, according to the 2023 Global CIO Survey from Logicalis ...

Why Synthetic Monitoring and End-to-End Testing Belong Together
March 21, 2023

Synthetic monitoring is crucial to deploy code with confidence as catching bugs with E2E tests on staging is becoming increasingly difficult. It isn't trivial to provide realistic staging systems, especially because today's apps are intertwined with many third-party APIs ...

What is ServiceOps? A Research-Based Look at Why It's on the Rise
March 20, 2023

Recent EMA field research found that ServiceOps is either an active effort or a formal initiative in 78% of the organizations represented by a global panel of 400+ IT leaders. It is relatively early but gaining momentum across industries and organizations of all sizes globally ...

Businesses Need to Embrace Automation and AI within SAP Monitoring to Cope with Soaring Complexity
March 16, 2023

Managing availability and performance within SAP environments has long been a challenge for IT teams. But as IT environments grow more complex and dynamic, and the speed of innovation in almost every industry continues to accelerate, this situation is becoming a whole lot worse ...

Networking, Cybersecurity and Observability Are Converging
March 15, 2023

Harnessing the power of network-derived intelligence and insights is critical in detecting today's increasingly sophisticated security threats across hybrid and multi-cloud infrastructure, according to a new research study from IDC ...

Simplifying Enterprise Software Usage – The Key to Reducing Waste and Increasing Efficiency
March 14, 2023

Recent research suggests that many organizations are paying for more software than they need. If organizations are looking to reduce IT spend, leaders should take a closer look at the tools being offered to employees, as not all software is essential ...

Observability Survey 2023: Centralization Saves Time and Money
March 13, 2023

Organizations are challenged by tool sprawl and data source overload, according to the Grafana Labs Observability Survey 2023, with 52% of respondents reporting that their companies use 6 or more observability tools, including 11% that use 16 or more.

Downtime in a Downturn Could Mean Customer Churn
March 09, 2023

An array of tools purport to maintain availability — the trick is sorting through the noise to find the right one. Let us discuss why availability is so important and then unpack the ROI of deploying Artificial Intelligence for IT Operations (AIOps) during an economic downturn ...

How to Leverage Exploratory Testing to Uncover Bugs
March 08, 2023

Development teams so often find themselves rushing to get a release out on time. When it comes time for testing, the software works fine in the lab. But, when it's released, customers report a bunch of bugs. How does this happen? Why weren't the flaws found in QA? ...