Dynatrace’s founder Bernd Greifeneder explains to teiss why the security of cloud-based applications benefits from a novel AI-powered approach that is both continuous and internal to the app.
Dynatrace is an AI-powered software intelligence platform that monitors and optimises application performance, IT infrastructure, and end-user experience. The company, established back in 2005, has recently announced that is moving into the cyber security space with a new module designed to secure cloud-based applications. Teiss spoke to Dynatrace’s founder and CTO Bernd Greifeneder to find out more.
Dynatrace didn’t start out in cyber security. The company offers an all-in-one software intelligence platform with modules designed to help companies develop better software, run IT systems more efficiently, and achieve effective digital transformation. Their suite of modules offers:
- infrastructure monitoring
- application performance management
- monitoring of an end-user’s digital experience on mobile and web
- cloud and IT operations automation
- digital business analytics, a service that links IT operations with business KPIs
To these five established services, a sixth has been recently added – application security. This new service enters a crowded field. But it is also a rapidly changing area, which is why Dynatrace feels confident to enter the $18 billion application protection market.
Cloud technologies such as containerisation and Kubernetes are driving technological change and this change is breaking current security approaches which just look at patterns of behaviour on systems within protected perimeters. In addition, the nature of DevOps has changed: no longer do we see a release every 6 months followed by compliance testing; instead it might be a release every couple of weeks. Bernd Greifeneder explained why these changes are causing pain.
At the C Suite level there is pain caused by a continued need to hire people with new skills to manage fast-changing technology. But it’s hard to know whether these people with these new skills also have the skills to deal with cloud-based security issues. It’s hard to be confident that DevOps teams are creating secure and safe software. And at the DevOps level, engineering teams are having to manage far too much data, thousands of false positives for instance.
This is where Dynatrace can help. Their AI algorithms and knowledge banks can support DevOps and DevSecOps teams (and inspire confidence in the C suite) by telling them what vulnerabilities are relevant for production and development so that most false positives can be filtered out as irrelevant.
For the remaining vulnerabilities, Dynatrace can identify which are most likely to be severe and which are low impact. For instance, by following the end-to-end transaction paths that data follows, Dynatrace can identify which services are not exposed to the public internet and are therefore low danger. Or by identifying the type of data that would be exposed – is it sensitive customer data or just a publicly available price list? – they can help developers identify which are the vulnerabilities that need fixing before roll out, and which could wait a few days.
Dynatrace’s monitoring is effective because it doesn’t just capture data. It captures the context that surrounds data. So, it will capture that data you might expect an application performance management system to capture such as memory use, logs, code execution and CPU profiling; but it also records what parts of the system are communicating. In other words, it can tell you what is going on with an application and also why it is happening (for instance, someone is logging on to a banking service and accessing sensitive customer data). This can be an essential clue when identifying how to defend IT systems.
Because the Dynatrace system uses deterministic AI (where there is no uncertainty about an outcome if a certain event happens) rather than a more normal neural network (which will tell you what is statistically likely by crunching masses of data) it learns instantly instead of the days or months it takes most other AI systems used in IT operations. This is important in the highly dynamic environments that most IT systems operate in.
Another important feature of Dynatrace’s cyber security module is the “Runtime Application Self Protection” (RASP). This involves an agent running inside an application and protecting it from the inside: Bernd describes this as being like having a vaccination rather than just wearing a mask.
It is significant because today many applications use a combination of internal and external services. For instance, a financial services app might contact Facebook to get information about you. If security happens only at a secure perimeter to a corporate IT system, then using external services is a risk. But RASP makes applications safe whether internal or external services are being used.
Cloud computing is becoming ever more prevalent. It’s efficient, flexible, scalable, and it can be highly secure and resilient compared with on-premises systems. Dynatrace is helping many companies move to the cloud. Automated IT is generally part of this journey; but automated IT needs to be secure. And that’s why a security component is important.
But current source code and container scanning tools are not up to the job. They may be ignored by busy DevOps teams with other things on their minds, they may be badly configured, or they may throw up an unmanageable number of potential vulnerabilities.
In addition, scanning only tells you about the situation at the time of scanning. If vulnerabilities are discovered later, when the code has been deployed, they can be used by hackers. And human nature being what it is, the programmers and developers have probably moved on to new digital services, needed to compete in the fast-moving world, and are less than interested in old problems.
Dynatrace’s approach provides application security from production, both continuously and from inside of an application, not just within a safe corporate protected perimeter. With that refreshing approach, the company will surely have a big part to play in the future of cyber security.
Bernd Greifeneder is the founder and CTO of Dynatrace
Main image courtesy of iStockPhoto.com