The Top Tools to Support DevSecOps - Part 3
May 24, 2018

DEVOPSdigest asked experts from across the IT industry — from analysts and consultants to users and the top vendors — for their opinions on the top tools to support DevSecOps. Part 3 covers security and monitoring.

Start with The Top Tools to Support DevSecOps - Part 1

Start with The Top Tools to Support DevSecOps - Part 2

SECURITY INCIDENT AND EVENT MANAGEMENT (SIEM)

As applications modernize to support rapid and continuous delivery, it becomes increasingly important to incorporate security tooling in the delivery process. However, many clients still run security processes independently. Thus the most important tool is an event system that correlates security events with the flow of events from a complex and dynamically changing application environment — enabling you to take action quickly.
Mike Mallo
Offering Management Lead - Hybrid Cloud DevOps, IBM Cloud Unit, IBM Corporation

The most important tool needed to support DevSecOps is an analytics-driven security incident and event management (SIEM) platform. Traditionally a security tool for intrusion detection, a sophisticated SIEM can actually serve as the nerve center for monitoring within an organization. A SIEM can monitor change management across your processes, including automated development pipelines. Throw in a platform for delivering targeted, real-time notifications, and a SIEM is an excellent way to achieve situational awareness for DevSecOps.
Robert Hawk
Privacy & Security Lead, xMatters

THREAT DETECTION AND RESPONSE

The rush to the cloud is exacerbating the disconnect between DevOps and security. Cloud computing, SaaS models, and DevOps have transformed infrastructure and operations practices, which may improve efficiency but also creates new security challenges. What's needed is an investment in threat detection and response tools which enable teams to securely leverage modern infrastructure and DevOps, without straining security teams or operations performance.
Pete Cheslock
Sr. Director, Operations and Support, Threat Stack

ENDPOINT SECURITY

DevSecOps has many critical pieces, but the most important is the right tooling to support the "Sec" part. To successfully execute the process end-to-end, and reduce potential impacts to production, you need to have the right tools, such as an endpoint security solution with an API to build into the DevSecOps process. An endpoint security solution that includes patch management, privilege management and application control tools makes it possible to apply configuration, patch, and other security settings in-line with each push from development to QA to production. This feature set allows the deployed system to be fully configured and tested before hitting production.
Chris Goettl
Director of Product Management, Security, Ivanti

SECURITY MONITORING

Given the recent network attacks in which personal information of millions of people where comprised at a mass scale, continuously monitoring and patching the enterprise network for security vulnerability becomes critically important. This is where DevSecOps and its principles apply and having the right tools to proactively detect and monitor attacks becomes critically important for DevSecOps to be effective.
Prashant Kumar
Co-Founder and VP of Product Management, 128 Technology

NETWORK MONITORING

Most network monitoring tools aren't security tools per se, but they can be very helpful to support DevSecOps, and one could argue that the visibility they provide into the overall state of the IT infrastructure and what's happening within it, make them the most important tool. For DevSecOps professionals, network monitoring can be thought of as a flashlight. It lets them see the impact of their work on their IT infrastructure, security and vice versa. Dashboards are a great example. With the ability to create highly customizable dashboards that make it easy to visualize what's happening in the networks, systems, hardware, software and devices being monitored, team members can view in real time how even the slightest change they make impacts the organization's overall security stance. This view into the subtle impact that development efforts can have on security is important in an age when threats increasingly go low and slow, and can remain hidden for extended periods of time.
Greg Ross
Systems Engineer, North America, Paessler AG

PACKET ANALYZER

DevSecOps practices rely on rapid detection and response into potential security events. To investigate security events quickly, IT or incident responders need a tool that can acquire, retain and analyze the network packets associated with that event. Unlike log data and metadata, packets do not lie and allow investigators to resolve incidents much more quickly and accurately. A few concerns to keep in mind; the relevant packets in a security investigation often hit the network right before a SIEM or IDS/IPS triggers an alert, so a rolling buffer is key. Also, saving packets on a network for a useful length of time quickly becomes impossible due to storage limitations, so the best tools will have a way to selectively capture the relevant packets and ignore the rest.
Jay Botelho
Senior Director of Products, Savvius

APPLICATION SLA DELIVERY

With ever-increasing customer demands, more and more organizations adopt agile and continuous delivery methodologies in order to roll out features faster than ever before. However, DevOps teams frequently bypass established network and security administrators, which limits their control on application delivery and security. It doesn't matter how well a DevOps team performs if it puts an organization at risk, which is why a secure application SLA delivery solution is an important tool for supporting DevSecOps. These solutions can ensure continuous delivery without continued vulnerability. When considering these tools, check to see whether it has immediate protection with turn-key defenses, automatic application-mapping of code-changes, and continuously adaptive security policies. To better support both DevOps and production solutions, look for services that also offer cost-effective and agile licensing with complete automation of application delivery.
Louis Scialabba
Director of Carrier Solutions Marketing, Radware

LOG MANAGEMENT

Log files are a critical part of a DevOps practice and hence, they are part of the DevSecOps equation. However, they are difficult to manage and present an inherent and significant security/privacy risk. We can point to the recent publicly disclosed events at Twitter and Github that jeopardized user credentials as a result of poor logging practices. These two events might only be the tip of the iceberg as we all rely on manual process to redact, obscure or remove PII from logging statements. While log files are mainly an internal utility, this still presents significant risk of privacy breach as developers may end up logging SSNs, passwords and payment details as they try to troubleshoot issues with production systems. Ultimately, for this type of threat, you can use traditional log management tools to parse and identify privacy breaches. However, these tools do not proactively prevent such issues. As an industry we must look at both the process –— the way we log — and the vehicles themselves –— our logging frameworks — in order to develop a holistic pre- and post-event approach to ensure good log hygiene.
Alex Zhitnitsky
Director of Developer Relations, OverOps

AI-ENABLED ANALYTICS

As a service grows in popularity, it becomes more prone to security attacks. There is no limit to how much time teams spend on improving security, especially since organizations grow by the hour and IT infrastructures become more dynamic each day. Application developers, IT experts, and security teams need production tools that can be trained to learn on their own and automatically flag problems by reading production logs. Security teams should enhance their security efforts by using AI-enabled analytics tools to cover a larger attack surface.
Gibu Mathew
Director, Product Management, Site24x7

APPLICATION PERFORMANCE MANAGEMENT (APM)

Application performance monitoring is the most important tool for DevSecOps. Observability is essential to bringing the development, operations and security practices together. With complete visibility and forensics into how apps and systems behave during a test cycle or in production, it is easy to collaborate across teams and arrive at the right solution. A sampled approach to forensic analysis is a non-starter: every transaction matters and can be a key to understanding more sophisticated attacks.
Peco Karayanev
Sr. Product Manager, Riverbed

DevSecOps strives to embed security concerns throughout the different aspects of the application development life cycle, and involves an assortment of experts in different roles (R&D, IT, operations and so on). It is, therefore, crucial to be able to monitor the software at its different stages, from development and testing, to deployment, scaling out and more. By using an APM tool that exposes all the relevant data in a way that can be understood by the various departments individually, collaboration is seamless.
Yossi Shirizli
VP R&D, Correlsense

Read The Top Tools to Support DevSecOps - Part 4, covering code and data.

Share this

Industry News

October 17, 2019

Acquia announced the availability of its new Developer Studio, a suite of tools designed to improve the productivity of Drupal developers.

October 17, 2019

Talend announced Talend Cloud is now available on Microsoft Azure, offering a secure and scalable Integration Platform-as-a-Service for collecting, transforming and cleaning data.

With embedded data quality and native integration performance, Talend Cloud on Microsoft Azure delivers the trusted data companies need to make real-time business decisions, accelerate advanced analytics, and meet regulatory compliance requirements.

October 17, 2019

Cognizant entered into an agreement to acquire Contino, a privately-held technology consulting firm.

October 16, 2019

Red Hat announced Red Hat OpenShift 4.2, the latest version of Red Hat’s enterprise Kubernetes platform designed to deliver a more powerful developer experience.

October 16, 2019

Gluware announced Gluware Automation v3.6, which extends the platform API capabilities including integrations with the Mist and Ansible platforms and introduces lifecycle management and infrastructure integration enhancements.

October 16, 2019

XebiaLabs announced that Wipro has renewed and extended its partnership with XebiaLabs as their Strategic Enterprise DevOps Partner across the globe.

October 15, 2019

Puppet announced enhancements to its current product portfolio and the public beta of a new project focused on providing a simplified continuous deployment workflow.

October 15, 2019

DBmaestro expanded its database automation platform to enable CI/CD and release automation for MySQL, MariaDB and Amazon RDS with DBmaestro DevOps Platform v2019.4.

October 15, 2019

Radware announced the launch of Radware Kubernetes Web Application Firewall (WAF), a comprehensive and highly scalable application security solution for Kubernetes-based environments.

October 10, 2019

CloudBees launched a new partner program that expands ISV partners’ ability to align with CloudBees offerings and the global Jenkins community.

October 08, 2019

Nureva announced a key update to the Jira Software integration with Span Workspace, Nureva’s cloud-based digital canvas for visual planning and collaboration.

October 08, 2019

Fugue announced support for Open Policy Agent (OPA), an open source general-purpose policy engine and language for cloud infrastructure.

October 03, 2019

Redgate announced the launch of SQL Compare v14, the latest version of its industry standard tool for quickly and accurately comparing and deploying SQL Server databases.

October 03, 2019

Harness announced the release of Continuous Insights, a new capability of its CD platform that enables organizations to see clearly into software delivery performance across their engineering and development teams without needing to manually collect, correlate, and report metrics that might take days or weeks.

October 03, 2019

OutSystems and Workato announced a partnership aimed at allowing organizations to rapidly realize innovation, time to value, productivity, and mission-critical objectives through readily available application connectors.