How Observability Leads to Better Cybersecurity

The term “observability” refers both to the concept of monitoring, analyzing, and understanding all data moving across today’s hybrid and multi-cloud environments and the emerging technologies to support it. Observability has become increasingly important in a world where organizations spend heavily on security tools, yet breaches continue to occur at record rates. 

According to Michael Dickman, Chief Product Officer at observability vendor Gigamon, observability doesn’t operate in a vacuum—it’s closely connected to other technologies, including data exfiltration, telemetry, and encryption. Security software and visualization tools are helpful as part of an organization’s overall observability efforts, they often don’t provide total protection. I spoke with Dickman about observability in the enterprise and the many challenges of network security. Watch the full interview, or read the key takeaways below.

Advanced Security Tools are Imperfect 

Organizations are increasingly investing in advanced tools like extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation, and response (SOAR), among others. However, these tools function as point solutions and offer only partial visibility, in contrast to an observability solution. 

Encrypted Traffic Creates Visibility Challenges 

Traditional vulnerabilities, such as insider threats and misconfigurations, create visibility blind spots. While encryption protects sensitive information, encrypted traffic isn’t always secure. Most lateral movement attacks involve encrypted traffic, which poses a problem for visibility since traditional methods cannot see inside encrypted data.

Organizations Must See Data Traffic in All Directions

Data exfiltration methods are becoming increasingly sophisticated, with attackers fragmenting files and extracting them in pieces. To effectively monitor and secure data, organizations need to look at both east-west (lateral data movement within the network) and north-south (data flow in and out of the network) traffic. Organizations need the ability to inspect plaintext data within the internal environment and mask PII data for data privacy purposes.

Good Telemetry Beats Total Visualizations

Many visibility tools come with dashboards to visualize data, but they are only as effective as the quality and completeness of the data provided. Gigamon focuses on obtaining the right telemetry rather than increasing the number of visualization tools so that deep network-derived intelligence is incorporated into security practices. This offers comprehensive insights into TLS/SSL sessions and enables organizations to maintain high levels of security while optimizing network performance.

See eWeek’s guide to generative AI and cybersecurity to learn more about the role of artificial intelligence in enterprise risk assessments and cybersecurity efforts.

The post How Observability Leads to Better Cybersecurity appeared first on eWEEK.