Observability and Security
Channel Futures: Observability and security took center stage during .Conf22. What’s the significance of those?
Jane Wong: Observability is very focused on effective, efficient operations of really broad, complex deployments. How are your systems running? How are your applications and workloads in the cloud running? Security is more focused on detecting, helping, investigating and responding to threats. But there’s a commonality between the two. Both find incidents. So an incident on the observability side is maybe a server is running really slow or my application performance just dropped way below a baseline of normal. A security incident may be this person is acting out of their norm, like they’re accessing data that they don’t normally access or their machines slow down at different things. Both are incidents that you would then need to investigate and respond to.
We have a mature product in security called orchestration and response security that helps respond to security incidents. If there was a link in an email like a potential phishing email, was it a phishing link? Was it a bad malicious link or a good link? So we do that investigation right through to you. If it’s a bad link, now I want to go block that on my firewall. So I’m going to go through a connector to a third-party tool and make a change to the configuration of that tool to block that link. So we have security answers that we respond to in a similar way. Observability also has incidents that are responded to. We can share the platform that does that orchestration in response. There’s no need to have two completely separate platforms built in separate organizations. So sharing that technology is something that we’re going to be doing now.