Using APM for Security
January 07, 2013
Edward L. Halekty
Share this

There are quite a few architectures running around for Cloud and virtual environments, but except for a few, they seem to all be missing the ability to gain access to Application Performance Management (APM) data as a means to provide an early warning system for security issues.

Most security reference architectures rely on the old methods to get warnings about security issues such as use of a SIEM and a log analysis tool to interpret what is in the SIEM. However, there is a richer set of more immediate data that can help us with the problem of security notifications: APM Data.

APM Data provides a rich and different approach to security early warnings but the interpretation of the APM Data implies knowledge of the application that security professionals may not have. Yes, this is not a requirement as the security team and the applications team will be solving problems together that come up when there is an anomaly within any APM Data. The application team wants to know why there is an anomaly, perhaps a code path was taken unexpectedly, while the security team wants to insure that code path was not a hack attempt.

There are several ways to do this:

- Application and security professionals working together to determine if the APM Data shows a security issues or a code issue

- APM tools with built in mechanisms that could be used for security, such as a list of websites from which data comes into the system and to which data flows out of the system.

- APM tools that self learn the code path, so that when a new code path is used both security and application teams are notified

- APM tools that show both teams data about the code path when anomalies occur. Perhaps going so far as to highlight what was different

- APM Tools that show the exact process of events such as a database query to be investigated. Perhaps there was a SQL Injection within the query

APM tools have a rich set of data that could be used by security professionals. These tools know more about what is happening within an application than almost anyone else and could be helpful as a part of defense-in-depth. The smarter the APM tool, the more useful it becomes for security purposes.

Minimally, APM tools must contain the following abilities to be useful by security professionals:

- A way to see when external to the application resources were accessed, such as an external website.

- A way to see all database queries (even obfuscated if the APM solution is in the Cloud).

- A way to know when an anomaly has occurred, perhaps a different database query was made (possible SQL injection) or some normally unused code path was taken.

- A way to know when performance changes, perhaps activity is happening too fast (which could imply a DoS attack) or too slow (misconfigured or malware present).

In the end, however, it is all about determining when something anomalous has happened and a means of providing that data to the security team as well as the application team so that both work the problem side by side.

ABOUT Edward L. Halekty

Edward L. Halekty is Virtualization and Cloud Analyst, The Virtualization Practice LLC.

Share this

The Latest

March 01, 2024

As organizations continue to navigate the complexities of the digital era, which has been marked by exponential advancements in AI and technology, the strategic deployment of modern, practical applications has become indispensable for sustaining competitive advantage and realizing business goals. The Info-Tech Research Group report, Applications Priorities 2024, explores the following five initiatives for emerging and leading-edge technologies and practices that can enable IT and applications leaders to optimize their application portfolio and improve on capabilities needed to meet the ambitions of their organizations ...

February 29, 2024

Despite the growth in popularity of artificial intelligence (AI) and ML across a number of industries, there is still a huge amount of unrealized potential, with many businesses playing catch-up and still planning how ML solutions can best facilitate processes. Further progression could be limited without investment in specialized technical teams to drive development and integration ...

February 28, 2024

With over 200 streaming services to choose from, including multiple platforms featuring similar types of entertainment, users have little incentive to remain loyal to any given platform if it exhibits performance issues. Big names in streaming like Hulu, Amazon Prime and HBO Max invest thousands of hours into engineering observability and closed-loop monitoring to combat infrastructure and application issues, but smaller platforms struggle to remain competitive without access to the same resources ...

February 27, 2024

Generative AI has recently experienced unprecedented dramatic growth, making it one of the most exciting transformations the tech industry has seen in some time. However, this growth also poses a challenge for tech leaders who will be expected to deliver on the promise of new technology. In 2024, delivering tangible outcomes that meet the potential of AI, and setting up incubator projects for the future will be key tasks ...

February 26, 2024

SAP is a tool for automating business processes. Managing SAP solutions, especially with the shift to the cloud-based S/4HANA platform, can be intricate. To explore the concerns of SAP users during operational transformations and automation, a survey was conducted in mid-2023 by Digitate and Americas' SAP Users' Group ...

February 22, 2024

Some companies are just starting to dip their toes into developing AI capabilities, while (few) others can claim they have built a truly AI-first product. Regardless of where a company is on the AI journey, leaders must understand what it means to build every aspect of their product with AI in mind ...

February 21, 2024

Generative AI will usher in advantages within various industries. However, the technology is still nascent, and according to the recent Dynatrace survey there are many challenges and risks that organizations need to overcome to use this technology effectively ...

February 20, 2024

In today's digital era, monitoring and observability are indispensable in software and application development. Their efficacy lies in empowering developers to swiftly identify and address issues, enhance performance, and deliver flawless user experiences. Achieving these objectives requires meticulous planning, strategic implementation, and consistent ongoing maintenance. In this blog, we're sharing our five best practices to fortify your approach to application performance monitoring (APM) and observability ...

February 16, 2024

In MEAN TIME TO INSIGHT Episode 3, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at Enterprise Management Associates (EMA) discusses network security with Chris Steffen, VP of Research Covering Information Security, Risk, and Compliance Management at EMA ...

February 15, 2024

In a time where we're constantly bombarded with new buzzwords and technological advancements, it can be challenging for businesses to determine what is real, what is useful, and what they truly need. Over the years, we've witnessed the rise and fall of various tech trends, such as the promises (and fears) of AI becoming sentient and replacing humans to the declaration that data is the new oil. At the end of the day, one fundamental question remains: How can companies navigate through the tech buzz and make informed decisions for their future? ...