By: , Senior Director of Product Management at Observe Jack Coates You’ve heard of security and observability, but maybe not security observability. Security observability uses logs, metrics, and traces to infer risk, monitor threats, and alert on breaches. The fundamentals of modern observability — cheap backend, low-friction ingest for any type of data, pay-as-you-go searching — are now crucial for security teams as well. Organizations have been using log data to identify known and unknown attacks since the beginning of the Internet, but each generational shift in volume and velocity has broken the old tools. Security observability starts as a way to bring your SecOps forward to a world with an architecture that separates storage from compute. To better understand the convergence of security and observability, Observe recently surveyed 500 full-time security decision-makers and practitioners— 40% of whom were either CISOs or CSOs — to compile the report. 2023 State of Security Observability Here are eight key takeaways from the survey: - Security observability is not just a buzzword. 99% of respondents say their organizations are prioritizing it, demonstrating the need for a new approach. Organizations of all sizes can use their observability platforms to help support security needs. SECURITY OBSERVABILITY IS A PRIORITY - The report found that 84% of organizations combine security and data operations into a single analytics tool. However, more than half of the security-relevant data that goes into observability systems needs to be transformed before it can be used. ORGANIZATIONS NEED HELP INTEGRATING OBSERVABILITY TOOLS - The vast majority (95%) of respondents use Security Information and Event Management (SIEM) tools in some way. SIEM has been positioned as a content and integration-rich entry point that gives access to dozens of rules and add-ons specific to the other products that your organization runs on. The reality is each integration has versioning and configuration requirements, each rule only works with properly abstracted data, and each alert expects that the customer can decide if it’s important or not. This requires continual maintenance from skilled users or costly professional services time. SIEM IS MORE COMPLEX THAN IT SEEMS - Smaller organizations struggle with limited resources in the security tools market, hindering effective adoption. They’re forced to wait for their SIEM vendor to make updates to the solution in order to stay current with new trends. SMALLER ORGANIZATIONS STRUGGLE WITH SECURITY TOOLS - Cloud infrastructure doesn’t provide sufficient operations or security observability on its own, and agents must be used. Host agents are used by 57% of organizations for observability and 51% for security, along with container agents (42% for observability and 44% for security) and sidecar agents (29% for observability and 28% for security). AGENTS ARE NECESSARY - Tool sprawl remains an issue with organizations — half of security incidents require escalation, and tool sprawl presents itself as an obstacle. Only 11% of respondents reported staying in a single pane of glass, with 18% using six or more tools to investigate issues. This indicates that organizations need an all-in-one platform to deal with incidents more efficiently. ORGANIZATIONS STRUGGLE WITH TOOL SPRAWL - The report shows that organizations value having skilled teams to find and respond to unknown threats. About 73% have in-house Incident Response (IR) teams and Security Operations Centers (SOC). Interestingly, newer tools like SOAR, UEBA, and EDR, expected to replace SIEM, haven't taken over as anticipated. Instead, organizations still heavily depend on SIEM for their security needs. VALUE IN HAVING SKILLED TEAMS - Cloud conversion has crossed the hallway mark, and 74% of organizations have built their current systems to be mostly or entirely cloud-native. As more organizations become cloud-native, they will need tools and infrastructure that can keep up with complex and ephemeral cloud-native environments. MORE ORGANIZATIONS BECOME CLOUD-NATIVE

This story contains new, firsthand information uncovered by the writer.

This is a PR written by or for the company mentioned within it. The writer has a vested interest in the company and products mentioned within.

8 Key Takeaways from Observe’s 2023 State of Security Observability Report

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Revolutionizing Enterprise Security: Sasibhushana Matcha's FIDO Implementation

Setting New Standards in Cloud Security Architecture by Sudha Rani Pujari

Beyond the Perimeter: Architecting Trust in the Cloud-Native Era by Mohit Kumar Singh

Ravi Kotapati Transforms PAM for 800,000+ Privileged Accounts w/ Zero Trust & Cloud-Native Security

How Ramkinker Singh Engineered a Scalable SSL Certificate System for Next-Generation Cloud Access

Revolutionizing Enterprise Security: Sasibhushana Matcha's FIDO Implementation

Setting New Standards in Cloud Security Architecture by Sudha Rani Pujari

Beyond the Perimeter: Architecting Trust in the Cloud-Native Era by Mohit Kumar Singh

Ravi Kotapati Transforms PAM for 800,000+ Privileged Accounts w/ Zero Trust & Cloud-Native Security

How Ramkinker Singh Engineered a Scalable SSL Certificate System for Next-Generation Cloud Access

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps