The Top Tools to Support DevSecOps - Part 3
May 24, 2018

DEVOPSdigest asked experts from across the IT industry — from analysts and consultants to users and the top vendors — for their opinions on the top tools to support DevSecOps. Part 3 covers security and monitoring.

Start with The Top Tools to Support DevSecOps - Part 1

Start with The Top Tools to Support DevSecOps - Part 2

SECURITY INCIDENT AND EVENT MANAGEMENT (SIEM)

As applications modernize to support rapid and continuous delivery, it becomes increasingly important to incorporate security tooling in the delivery process. However, many clients still run security processes independently. Thus the most important tool is an event system that correlates security events with the flow of events from a complex and dynamically changing application environment — enabling you to take action quickly.
Mike Mallo
Offering Management Lead - Hybrid Cloud DevOps, IBM Cloud Unit, IBM Corporation

The most important tool needed to support DevSecOps is an analytics-driven security incident and event management (SIEM) platform. Traditionally a security tool for intrusion detection, a sophisticated SIEM can actually serve as the nerve center for monitoring within an organization. A SIEM can monitor change management across your processes, including automated development pipelines. Throw in a platform for delivering targeted, real-time notifications, and a SIEM is an excellent way to achieve situational awareness for DevSecOps.
Robert Hawk
Privacy & Security Lead, xMatters

THREAT DETECTION AND RESPONSE

The rush to the cloud is exacerbating the disconnect between DevOps and security. Cloud computing, SaaS models, and DevOps have transformed infrastructure and operations practices, which may improve efficiency but also creates new security challenges. What's needed is an investment in threat detection and response tools which enable teams to securely leverage modern infrastructure and DevOps, without straining security teams or operations performance.
Pete Cheslock
Sr. Director, Operations and Support, Threat Stack

ENDPOINT SECURITY

DevSecOps has many critical pieces, but the most important is the right tooling to support the "Sec" part. To successfully execute the process end-to-end, and reduce potential impacts to production, you need to have the right tools, such as an endpoint security solution with an API to build into the DevSecOps process. An endpoint security solution that includes patch management, privilege management and application control tools makes it possible to apply configuration, patch, and other security settings in-line with each push from development to QA to production. This feature set allows the deployed system to be fully configured and tested before hitting production.
Chris Goettl
Director of Product Management, Security, Ivanti

SECURITY MONITORING

Given the recent network attacks in which personal information of millions of people where comprised at a mass scale, continuously monitoring and patching the enterprise network for security vulnerability becomes critically important. This is where DevSecOps and its principles apply and having the right tools to proactively detect and monitor attacks becomes critically important for DevSecOps to be effective.
Prashant Kumar
Co-Founder and VP of Product Management, 128 Technology

NETWORK MONITORING

Most network monitoring tools aren't security tools per se, but they can be very helpful to support DevSecOps, and one could argue that the visibility they provide into the overall state of the IT infrastructure and what's happening within it, make them the most important tool. For DevSecOps professionals, network monitoring can be thought of as a flashlight. It lets them see the impact of their work on their IT infrastructure, security and vice versa. Dashboards are a great example. With the ability to create highly customizable dashboards that make it easy to visualize what's happening in the networks, systems, hardware, software and devices being monitored, team members can view in real time how even the slightest change they make impacts the organization's overall security stance. This view into the subtle impact that development efforts can have on security is important in an age when threats increasingly go low and slow, and can remain hidden for extended periods of time.
Greg Ross
Systems Engineer, North America, Paessler AG

PACKET ANALYZER

DevSecOps practices rely on rapid detection and response into potential security events. To investigate security events quickly, IT or incident responders need a tool that can acquire, retain and analyze the network packets associated with that event. Unlike log data and metadata, packets do not lie and allow investigators to resolve incidents much more quickly and accurately. A few concerns to keep in mind; the relevant packets in a security investigation often hit the network right before a SIEM or IDS/IPS triggers an alert, so a rolling buffer is key. Also, saving packets on a network for a useful length of time quickly becomes impossible due to storage limitations, so the best tools will have a way to selectively capture the relevant packets and ignore the rest.
Jay Botelho
Senior Director of Products, Savvius

APPLICATION SLA DELIVERY

With ever-increasing customer demands, more and more organizations adopt agile and continuous delivery methodologies in order to roll out features faster than ever before. However, DevOps teams frequently bypass established network and security administrators, which limits their control on application delivery and security. It doesn't matter how well a DevOps team performs if it puts an organization at risk, which is why a secure application SLA delivery solution is an important tool for supporting DevSecOps. These solutions can ensure continuous delivery without continued vulnerability. When considering these tools, check to see whether it has immediate protection with turn-key defenses, automatic application-mapping of code-changes, and continuously adaptive security policies. To better support both DevOps and production solutions, look for services that also offer cost-effective and agile licensing with complete automation of application delivery.
Louis Scialabba
Director of Carrier Solutions Marketing, Radware

LOG MANAGEMENT

Log files are a critical part of a DevOps practice and hence, they are part of the DevSecOps equation. However, they are difficult to manage and present an inherent and significant security/privacy risk. We can point to the recent publicly disclosed events at Twitter and Github that jeopardized user credentials as a result of poor logging practices. These two events might only be the tip of the iceberg as we all rely on manual process to redact, obscure or remove PII from logging statements. While log files are mainly an internal utility, this still presents significant risk of privacy breach as developers may end up logging SSNs, passwords and payment details as they try to troubleshoot issues with production systems. Ultimately, for this type of threat, you can use traditional log management tools to parse and identify privacy breaches. However, these tools do not proactively prevent such issues. As an industry we must look at both the process –— the way we log — and the vehicles themselves –— our logging frameworks — in order to develop a holistic pre- and post-event approach to ensure good log hygiene.
Alex Zhitnitsky
Director of Developer Relations, OverOps

AI-ENABLED ANALYTICS

As a service grows in popularity, it becomes more prone to security attacks. There is no limit to how much time teams spend on improving security, especially since organizations grow by the hour and IT infrastructures become more dynamic each day. Application developers, IT experts, and security teams need production tools that can be trained to learn on their own and automatically flag problems by reading production logs. Security teams should enhance their security efforts by using AI-enabled analytics tools to cover a larger attack surface.
Gibu Mathew
Director, Product Management, Site24x7

APPLICATION PERFORMANCE MANAGEMENT (APM)

Application performance monitoring is the most important tool for DevSecOps. Observability is essential to bringing the development, operations and security practices together. With complete visibility and forensics into how apps and systems behave during a test cycle or in production, it is easy to collaborate across teams and arrive at the right solution. A sampled approach to forensic analysis is a non-starter: every transaction matters and can be a key to understanding more sophisticated attacks.
Peco Karayanev
Sr. Product Manager, Riverbed

DevSecOps strives to embed security concerns throughout the different aspects of the application development life cycle, and involves an assortment of experts in different roles (R&D, IT, operations and so on). It is, therefore, crucial to be able to monitor the software at its different stages, from development and testing, to deployment, scaling out and more. By using an APM tool that exposes all the relevant data in a way that can be understood by the various departments individually, collaboration is seamless.
Yossi Shirizli
VP R&D, Correlsense

Read The Top Tools to Support DevSecOps - Part 4, covering code and data.

Share this

Industry News

December 06, 2021

Ascend.io announced support for Amazon Redshift Serverless powered on Amazon Web Services, Inc. (AWS), a fully managed petabyte-scale cloud data warehouse.

December 06, 2021

Neosec formed a strategic partnership with Kong Inc. to integrate its API security platform with Kong Gateway to provide a complete enterprise-class solution for managing and securing APIs and microservices.

December 02, 2021

Mirantis announced DevOpsCare, powered by Lens, a vendor-agnostic, fully-managed CI/CD (continuous integration/continuous deployment) product for any Kubernetes environment, offering developers higher levels of productivity more quickly.

December 02, 2021

The D2iQ Kubernetes Platform (DKP) is now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services, Inc. (AWS).

December 01, 2021

Bugcrowd announced the availability of Bugcrowd's cybersecurity solutions on the AWS Marketplace, providing customers with easy access, simplified billing, quick deployment, and streamlined license management.

December 01, 2021

Kublr received Microsoft Azure Arc-enabled Kubernetes validation, including for Azure Arc-enabled Kubernetes for Data Services.

December 01, 2021

CloudSphere achieved Amazon Web Services (AWS) Migration and Modernization Competency for discovering, planning, and helping enterprise customers move business services to AWS to reduce cost, increase agility and improve security.

November 30, 2021

JFrog introduced a new container registry and package manager for running JFrog Artifactory with Kubernetes clusters on-premises, in the cloud, or both.

November 30, 2021

Docker announced the availability of Docker Official Images directly from Amazon Web Services (AWS).

November 30, 2021

Weaveworks announced the general availability of Weave GitOps Enterprise, a GitOps platform that automates continuous application delivery and Kubernetes operations at any scale.

November 30, 2021

Amazon Web Services announced AWS Mainframe Modernization, a new service that makes it faster and easier for customers to migrate mainframe and legacy workloads to the cloud, and enjoy the superior agility, elasticity, and cost savings of AWS.

November 29, 2021

Quali announced the newest release of Torque Enterprise, which includes enhanced integration with Terraform, new custom tagging capabilities, and improved cost visibility dashboards, unleashing an entirely new level of self-service access to application environments on demand.

November 29, 2021

Vertical Relevance (VR), a financial services-focused consulting firm, achieved Amazon Web Services (AWS) DevOps Competency status.

November 18, 2021

Loft Labs announced the launch of Loft version 2 with a focus on ease of use that overcomes the major complaint that Kubernetes is complex and hard to set up.

November 18, 2021

Perforce Software announced new functionality to speed remediation of discovered defects in automated scans.