The Top Tools to Support DevSecOps - Part 3
May 24, 2018

DEVOPSdigest asked experts from across the IT industry — from analysts and consultants to users and the top vendors — for their opinions on the top tools to support DevSecOps. Part 3 covers security and monitoring.

Start with The Top Tools to Support DevSecOps - Part 1

Start with The Top Tools to Support DevSecOps - Part 2

SECURITY INCIDENT AND EVENT MANAGEMENT (SIEM)

As applications modernize to support rapid and continuous delivery, it becomes increasingly important to incorporate security tooling in the delivery process. However, many clients still run security processes independently. Thus the most important tool is an event system that correlates security events with the flow of events from a complex and dynamically changing application environment — enabling you to take action quickly.
Mike Mallo
Offering Management Lead - Hybrid Cloud DevOps, IBM Cloud Unit, IBM Corporation

The most important tool needed to support DevSecOps is an analytics-driven security incident and event management (SIEM) platform. Traditionally a security tool for intrusion detection, a sophisticated SIEM can actually serve as the nerve center for monitoring within an organization. A SIEM can monitor change management across your processes, including automated development pipelines. Throw in a platform for delivering targeted, real-time notifications, and a SIEM is an excellent way to achieve situational awareness for DevSecOps.
Robert Hawk
Privacy & Security Lead, xMatters

THREAT DETECTION AND RESPONSE

The rush to the cloud is exacerbating the disconnect between DevOps and security. Cloud computing, SaaS models, and DevOps have transformed infrastructure and operations practices, which may improve efficiency but also creates new security challenges. What's needed is an investment in threat detection and response tools which enable teams to securely leverage modern infrastructure and DevOps, without straining security teams or operations performance.
Pete Cheslock
Sr. Director, Operations and Support, Threat Stack

ENDPOINT SECURITY

DevSecOps has many critical pieces, but the most important is the right tooling to support the "Sec" part. To successfully execute the process end-to-end, and reduce potential impacts to production, you need to have the right tools, such as an endpoint security solution with an API to build into the DevSecOps process. An endpoint security solution that includes patch management, privilege management and application control tools makes it possible to apply configuration, patch, and other security settings in-line with each push from development to QA to production. This feature set allows the deployed system to be fully configured and tested before hitting production.
Chris Goettl
Director of Product Management, Security, Ivanti

SECURITY MONITORING

Given the recent network attacks in which personal information of millions of people where comprised at a mass scale, continuously monitoring and patching the enterprise network for security vulnerability becomes critically important. This is where DevSecOps and its principles apply and having the right tools to proactively detect and monitor attacks becomes critically important for DevSecOps to be effective.
Prashant Kumar
Co-Founder and VP of Product Management, 128 Technology

NETWORK MONITORING

Most network monitoring tools aren't security tools per se, but they can be very helpful to support DevSecOps, and one could argue that the visibility they provide into the overall state of the IT infrastructure and what's happening within it, make them the most important tool. For DevSecOps professionals, network monitoring can be thought of as a flashlight. It lets them see the impact of their work on their IT infrastructure, security and vice versa. Dashboards are a great example. With the ability to create highly customizable dashboards that make it easy to visualize what's happening in the networks, systems, hardware, software and devices being monitored, team members can view in real time how even the slightest change they make impacts the organization's overall security stance. This view into the subtle impact that development efforts can have on security is important in an age when threats increasingly go low and slow, and can remain hidden for extended periods of time.
Greg Ross
Systems Engineer, North America, Paessler AG

PACKET ANALYZER

DevSecOps practices rely on rapid detection and response into potential security events. To investigate security events quickly, IT or incident responders need a tool that can acquire, retain and analyze the network packets associated with that event. Unlike log data and metadata, packets do not lie and allow investigators to resolve incidents much more quickly and accurately. A few concerns to keep in mind; the relevant packets in a security investigation often hit the network right before a SIEM or IDS/IPS triggers an alert, so a rolling buffer is key. Also, saving packets on a network for a useful length of time quickly becomes impossible due to storage limitations, so the best tools will have a way to selectively capture the relevant packets and ignore the rest.
Jay Botelho
Senior Director of Products, Savvius

APPLICATION SLA DELIVERY

With ever-increasing customer demands, more and more organizations adopt agile and continuous delivery methodologies in order to roll out features faster than ever before. However, DevOps teams frequently bypass established network and security administrators, which limits their control on application delivery and security. It doesn't matter how well a DevOps team performs if it puts an organization at risk, which is why a secure application SLA delivery solution is an important tool for supporting DevSecOps. These solutions can ensure continuous delivery without continued vulnerability. When considering these tools, check to see whether it has immediate protection with turn-key defenses, automatic application-mapping of code-changes, and continuously adaptive security policies. To better support both DevOps and production solutions, look for services that also offer cost-effective and agile licensing with complete automation of application delivery.
Louis Scialabba
Director of Carrier Solutions Marketing, Radware

LOG MANAGEMENT

Log files are a critical part of a DevOps practice and hence, they are part of the DevSecOps equation. However, they are difficult to manage and present an inherent and significant security/privacy risk. We can point to the recent publicly disclosed events at Twitter and Github that jeopardized user credentials as a result of poor logging practices. These two events might only be the tip of the iceberg as we all rely on manual process to redact, obscure or remove PII from logging statements. While log files are mainly an internal utility, this still presents significant risk of privacy breach as developers may end up logging SSNs, passwords and payment details as they try to troubleshoot issues with production systems. Ultimately, for this type of threat, you can use traditional log management tools to parse and identify privacy breaches. However, these tools do not proactively prevent such issues. As an industry we must look at both the process –— the way we log — and the vehicles themselves –— our logging frameworks — in order to develop a holistic pre- and post-event approach to ensure good log hygiene.
Alex Zhitnitsky
Director of Developer Relations, OverOps

AI-ENABLED ANALYTICS

As a service grows in popularity, it becomes more prone to security attacks. There is no limit to how much time teams spend on improving security, especially since organizations grow by the hour and IT infrastructures become more dynamic each day. Application developers, IT experts, and security teams need production tools that can be trained to learn on their own and automatically flag problems by reading production logs. Security teams should enhance their security efforts by using AI-enabled analytics tools to cover a larger attack surface.
Gibu Mathew
Director, Product Management, Site24x7

APPLICATION PERFORMANCE MANAGEMENT (APM)

Application performance monitoring is the most important tool for DevSecOps. Observability is essential to bringing the development, operations and security practices together. With complete visibility and forensics into how apps and systems behave during a test cycle or in production, it is easy to collaborate across teams and arrive at the right solution. A sampled approach to forensic analysis is a non-starter: every transaction matters and can be a key to understanding more sophisticated attacks.
Peco Karayanev
Sr. Product Manager, Riverbed

DevSecOps strives to embed security concerns throughout the different aspects of the application development life cycle, and involves an assortment of experts in different roles (R&D, IT, operations and so on). It is, therefore, crucial to be able to monitor the software at its different stages, from development and testing, to deployment, scaling out and more. By using an APM tool that exposes all the relevant data in a way that can be understood by the various departments individually, collaboration is seamless.
Yossi Shirizli
VP R&D, Correlsense

Read The Top Tools to Support DevSecOps - Part 4, covering code and data.

Share this

Industry News

July 09, 2020

ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.

July 09, 2020

RunSafe Security announced a partnership with JFrog that will enable RunSafe to supercharge binary protections via a simple plugin that JFrog users can deploy within their Artifactory repositories and instantly protect binaries and containers.

July 09, 2020

LeanIX closed $80 million in Series D funding led by new investor Goldman Sachs Growth.

July 08, 2020

Afi.ai introduced Afi Data Platform, a cloud-based replication and resiliency service that helps to monitor, predict downtime and recover K8s applications.

July 08, 2020

D2iQ announced the release of Conductor, a new interactive learning platform that enables enterprises to access hands-on cloud native courses and training.

July 08, 2020

SUSE entered into a definitive agreement to acquire Rancher Labs.

July 07, 2020

Micro Focus announced AI-powered enhancements to the intelligent testing capabilities of the UFT Family, a unified set of solutions designed to reduce the overall complexity of automating the functional testing processes.

July 07, 2020

Push Technology announced the launch of a new Service API capability for Diffusion Cloud, Push’s Real-Time API Management Cloud Platform.

July 07, 2020

Lightrun exited stealth and announced $4M in seed funding for the first complete continuous debugging and observability platform for production applications.

July 01, 2020

JFrog announced the launch of ChartCenter, a free, security-focused central repository of Helm charts for the community.

July 01, 2020

Kong announced a significant upgrade to open source Kuma, Kuma 0.6, available today.

July 01, 2020

Compuware Corporation, a BMC company, announced new capabilities that further automate and integrate test data and test case execution, empowering IT teams to achieve high-performance application development quality, velocity and efficiency.

June 30, 2020

Couchbase announced the general availability of Couchbase Cloud, a fully-managed Database-as-a-Service (DBaaS).

June 30, 2020

Split Software announced new capabilities designed to accelerate the adoption of feature flags in large-scale organizations.

June 30, 2020

WhiteHat Security announced a discounted Web + Mobile Application Security bundle to help organizations secure the digital future.