An Intellyx BrainBlog by Eric Newcomer | Part 4 of the Auguria Data Experience Series
Security and observability data present different views of incidents and outages from the application and network sides.
In a pointillist painting, the artist’s careful placement of individual colored dots creates a coherent picture seen from a distance, which is one way to think about the potential result of combining these two different sources of data.
For example, information about security incidents and alerts provides an external view from the network for a given IT environment. Observability tools provide an internal view from the application side. These two sides are often overlapping and complementary, and combined, represent a more coherent picture of an event.
When the two sets of data points are combined into a single, coherent image, analysts get better information. It’s easier for them to spot the source of trouble or to more easily predict potential trouble. And they will have a better overall experience in diagnosing and remediating incidents.
A Combined View of Security and Observability
Security and observability monitoring tools have a lot in common. Security alerts typically originate outside the application, but they indicate what the application is doing that creates an incident.
Much of the same information is available via observability tools. However, observability is primarily focused on capturing information about what’s happening inside an application.
An enhanced or simplified combined view should ideally present existing data in a new light, identify additional or new patterns in the data, and more quickly surface a holistic view that better reflects reality than either single viewpoint could provide on its own.
Such a combination could surface things you might otherwise not see, such as:
- Patterns in the data, combining data points that otherwise are too small to pick out individually
- A constantly changing view that keeps pace with the constantly changing world, which helps forecast what the infrastructure and applications will do
- An improved data experience (DXM) for analysts, SOC leaders, platform, and observability teams that helps reduce cognitive load and burnout
