www.dynatrace.com
Open in
urlscan Pro
3.68.26.138
Public Scan
Submitted URL: https://em.dynatrace.ai/MzUyLU5WTy01NjIAAAGN222ID1O6cMvd62djmhj4AwFOkOKyOixdaAz-a_zzsdHW-YMywoNCyV9hWjCVGkLEqmpi_6Y=
Effective URL: https://www.dynatrace.com/news/blog/security-analytics-elevates-threat-detection-forensics-incident-response/?utm_medium=e...
Submission Tags: falconsandbox
Submission: On August 28 via api from US — Scanned from DE
Effective URL: https://www.dynatrace.com/news/blog/security-analytics-elevates-threat-detection-forensics-incident-response/?utm_medium=e...
Submission Tags: falconsandbox
Submission: On August 28 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="js-subscribe-form subscribe-form">
<div class="subscribe-form-field js-subscribe-form-field-email">
<label>
<div class="subscribe-form-field__label">Enter your email</div> <input type="email" id="email" name="email" class="subscribe-form-field__text" "="">
<div class=" subscribe-form-field__error js-subscribe-form-field-error-email">
</div>
</label>
</div>
<ul class="subscribe-form-field-group">
<li class="subscribe-form-field">
<label class="subscribe-form-field__radio-container">
<input type="radio" name="subscriptionBlog" value="All updates" checked="">
<span class="subscribe-form-field__label">All updates</span>
<span class="checkmark"></span>
</label>
</li>
<li class="subscribe-form-field">
<label class="subscribe-form-field__radio-container">
<input type="radio" name="subscriptionBlog" value="Blog posts">
<span class="subscribe-form-field__label">Blog posts</span>
<span class="checkmark"></span>
</label>
</li>
<li class="subscribe-form-field">
<label class="subscribe-form-field__radio-container">
<input type="radio" name="subscriptionBlog" value="Product news">
<span class="subscribe-form-field__label">Product news</span>
<span class="checkmark"></span>
</label>
</li>
</ul>
<div class="subscribe-form-field">
<button class="btn btn--tertiary js-subscribe-form-field-button">
<span>Subscribe now</span>
<span class="subscribe-form-field__button-spinner">
<svg aria-hidden="true" focusable="false" data-prefix="far" data-icon="circle-notch" role="img" xmlns="https://www.w3.org/2000/svg" viewBox="0 0 512 512" class="svg-inline--fa fa-circle-notch fa-w-16 fa-5x">
<path fill="#fff"
d="M288 28.977v16.391c0 7.477 5.182 13.945 12.474 15.598C389.568 81.162 456 160.742 456 256c0 110.532-89.451 200-200 200-110.532 0-200-89.451-200-200 0-95.244 66.422-174.837 155.526-195.034C218.818 59.313 224 52.845 224 45.368V28.981c0-10.141-9.322-17.76-19.246-15.675C91.959 37.004 7.373 137.345 8.004 257.332c.72 137.052 111.477 246.956 248.531 246.667C393.255 503.711 504 392.788 504 256c0-119.349-84.308-219.003-196.617-242.665C297.403 11.232 288 18.779 288 28.977z"
class=""></path>
</svg>
</span>
</button>
</div>
</form>Text Content
DYNATRACE UNVEILS SECURITY ANALYTICS TO ELEVATE THREAT DETECTION, FORENSICS, AND
INCIDENT RESPONSE
Published August 9, 2023 6 min read
Andreas Kroier
Amit Shah
Application security Product news
IN THIS BLOG POST
1. 1.Extending application security protection to Security Analytics
2. 2.Security Analytics and automation deal with unknown-unknowns
3. 3.What can you do with Dynatrace Security Analytics?
4. 4.What’s next for Security Analytics?
5. 5.Leave the beaten path of traditional security tooling for a future with
unified observability and security
Dynatrace Security Analytics, a new solution on the Dynatrace platform, enables
threat detection, forensics, and incident response using combined security and
observability context across the full stack. Security analysts accelerate
investigations with the Grail data lakehouse, executing lightning-fast queries
across large volumes of observability and security data. With these insights,
analysts can automate responses to security problems by creating data-driven
workflows using AutomationEngine.
With up to 70% of security events going uninvestigated, security analysts need
all the help they can get. After a security event, many organizations often
don’t know for months (or even years) when why or how it happened. This
represents a significant risk, with the same attack vector repeatedly getting
exploited if a vulnerability is not resolved on time. The massive volumes of log
data over months, sometimes years, of a breach have made this a complicated and
expensive problem to solve.
A traditional log-based SIEM approach to security analytics may have served
organizations well in simpler on-premises environments. But this limited
approach causes challenges in today’s hybrid multicloud reality. With the rising
complexity of cloud-native environments, manual investigation and response are
too slow and inaccurate. Teams must evolve to continuously create reliable,
automated responses based on precise data-driven insights. Comprehensive
datasets, including topology and runtime context, can make it easier to find the
needle in the haystack and understand the significance of events and
vulnerabilities.
Experience with the recent MOVEit vulnerability illustrated some of the key
incomplete data challenges organizations face when trying to find definitive
answers to questions like “were we exploited?” and “was any sensitive data
stolen?” Relying only on logs to find indicators of compromise (IoC) is no
longer effective, especially for application attacks, because logs simply don’t
contain all the clues. As our experience with MOVEit shows, IoCs that remained
hidden in logs alone quickly revealed themselves with observability runtime
context data, such as metrics, traces, and spans.
EXTENDING APPLICATION SECURITY PROTECTION TO SECURITY ANALYTICS
With Dynatrace Runtime Vulnerability Analytics, Dynatrace customers have reduced
the amount of time and effort spent on identifying and prioritizing
vulnerabilities in both custom code and third-party code. Additionally, Runtime
Application Protection provides the ability to protect from attacks while giving
development teams much-needed time to remediate these vulnerabilities.
Dynatrace Security Analytics now extends these capabilities by combining
predictive and causal AI techniques to help security analysts and architects
investigate suspected or detected attacks and create automated response
workflows. Security Analytics combines Dynatrace platform capabilities (such as
Grail data lakehouse and AutomationEngine) with analytics capabilities (such as
Dynatrace Pattern Language (DPL) architect) that make life easier for security
analysts.
In an industry first, customers can conduct threat detection, forensics, and
incident response use cases based on a combined security and observability
dataset enhanced by topology context. Grail can deal with any data, be it
OpenTelemetry data or large-scale amounts of security data. Dynatrace OneAgent
automatically discovers relevant observability and topology data across complex
environments, which provides context and rich data. This is a differentiated and
more evolved approach than simply using logs, maximizing the precision, breadth,
and depth of insights.
UNKNOWN UNKNOWNS: UNVEILING THE BLACK SWANS OF CYBERSECURITY
Unknown unknowns, also known as “black swans” in the realm of cybersecurity, are
the elusive and unforeseen threats that exist beyond the scope of our awareness.
These lurking dangers pose a significant challenge to organizations, as they
can’t be detected or addressed using traditional security measures alone.
Unraveling these hidden threats requires a proactive and adaptive approach,
leveraging advanced technologies and threat intelligence to uncover
vulnerabilities and mitigate potential risks. Understanding the unknown unknowns
is crucial in fortifying defenses and safeguarding against the unexpected.
SECURITY ANALYTICS AND AUTOMATION DEAL WITH UNKNOWN-UNKNOWNS
With Security Analytics, analysts can explore the unknown-unknowns, facilitating
queries manually in an ad hoc way, or continuously using automation. This
approach addresses classic security-driven log analysis and SIEM use cases, and
includes threat hunting and looking for anomalies or IoCs.
* Observability (runtime) context: Utilizing contextualized observability data,
you can combine traces, logs, and metrics with security events using
AI-driven analysis. This combination elevates use cases that were
historically conducted predominantly on only log data. As a result, not only
can you understand, for example, that someone accessed a database, but also
from where they came, exactly what they accessed, and to where they exported
the data–to the level that we know the exact database query statement.
* Automation: Automation plays a crucial role in dealing with the complexities
and scale of cybersecurity. By automating routine tasks, such as data
collection, analysis, and incident response, organizations can improve their
ability to detect and respond to unknown unknowns in a timely manner. With
automated processes, you can rapidly identify patterns, correlations, and
deviations, allowing security teams to focus on investigating and mitigating
emerging threats. Additionally, automation enables faster threat containment,
reduces response times, and minimizes the potential for human error.
* Advanced analytics: Advanced analytics techniques, including causal Davis AI
and generative AI, facilitate human interaction, enable organizations to
analyze vast amounts of data, and extract valuable insights. By applying
advanced analytics to security and contextualized observability data,
organizations can uncover hidden patterns, trends, and anomalies that may
indicate the presence of unknown unknowns that may go undetected by
traditional security measures. Advanced analytics empowers organizations to
detect and respond to emerging threats proactively, staying ahead of cyber
adversaries.
WHAT CAN YOU DO WITH DYNATRACE SECURITY ANALYTICS?
Here are some samples of what you can do today with Dynatrace Security
Analytics.
* Threat hunting: Dynatrace Security Analytics provides analysts with unique
capabilities that enhance productivity by collaboratively investigating
suspected attacks, automating response, and implementing proactive
threat-hunting strategies. Notebooks enable teams to create playbooks to
iteratively construct complex queries, review results, and refine to quickly
zoom on IoCs. DPL (Dynatrace Pattern Language) simplifies extracting
information out of varied log formats without needing to write complicated
regex. Analysts can use AutomationEngine to continuously monitor and respond
to IoCs.
* Incident response: With cost-effective, long-term data retention allowing
teams to go back in time for months or years to identify the root cause of
the attack. The combination of data with retained context and lightning-fast
queries empowers analysts to identify IoCs, reconstruct events, and determine
next steps in record time. Analysts can leverage AutomationEngine to
continuously monitor and respond to future attacks.
* Log storage and data retention: As regulations grow more stringent, data
retention requirements and costs can quickly mount. Dynatrace Grail data
lakehouse offers a scalable, affordable way to store data long term while
keeping all data always available for dashboarding and analysis.
WHAT’S NEXT FOR SECURITY ANALYTICS?
Security Analytics with Davis® AI, the Grail data lakehouse, AutomationEngine,
and Notebooks are all available for customers to use today.
In the coming months, we look forward to further enhancing analyst productivity
with Davis CoPilot generative AI and security-specific user experiences. Davis
CoPilot will enable natural language queries, suggest CISO dashboards to track
progress, and auto-create security incident response workflows using
AutomationEngine.
LEAVE THE BEATEN PATH OF TRADITIONAL SECURITY TOOLING FOR A FUTURE WITH UNIFIED
OBSERVABILITY AND SECURITY
Proactive incident response is based on understanding what’s happening at
runtime in real-time across the full stack by identifying suspicious activities
that may lead to potential breaches. This modern approach puts security analysts
in the driver’s seat. A coordinated organizational approach to patching
vulnerabilities or initiating incident response before an actual breach occurs
increases speed, and reduces costs, and accelerates innovation. The overall
reduced risk of falling victim to cyber-crimes readies organizations utilizing
Dynatrace’s unified observability and security platform for the projected
increase in cyber-attacks.
Attending the Black Hat conference in Las Vegas? Come meet us at booth #2608 to
see Security Analytics in action and learn how to elevate your cyber defenses
with Dynatrace.
SHARE BLOG POST
STAY UPDATED
Enter your email
* All updates
* Blog posts
* Product news
Subscribe now
Tags: featured, forensics, incident response, Security Analytics, threat
detection, threat hunting
Disclaimer: The views expressed on this blog are my own and do not reflect the
views of Dynatrace LLC or its affiliates.
You may also like
FIND VULNERABILITIES IN YOUR CODE—DON’T WAIT FOR SOMEONE TO EXPLOIT THEM
By Gerhard Byrne -
February 13, 2023
Read now
DYNATRACE EXPANDS DAVIS AI WITH DAVIS COPILOT, PIONEERING THE FIRST HYPERMODAL
AI PLATFORM FOR UNIFIED OBSERVABILITY AND SECURITY
By Alois Reitbauer -
July 25, 2023
Read now
TTP-BASED THREAT HUNTING WITH DYNATRACE SECURITY ANALYTICS AND FALCO ALERTS
SOLVES ALERT NOISE
By Mario Kahlhofer -
August 9, 2023
Read now
LOOKING FOR ANSWERS?
Start a new discussion or ask for help in our Q&A forum.
Go to forum
A Leader and positioned furthest for Vision and highest in Execution in the 2023
Gartner®️ Magic Quadrant™️
Download report
This website uses cookies and other tracking technologies to enhance user
experience and to analyze performance and traffic on our website. With your
permission, we also share information about your use of our site with our social
media, advertising and analytics partners. By clicking “Accept All Cookies”, you
agree to the storing of cookies on your device to enhance site navigation,
analyze site usage, and assist in our marketing efforts.Privacy Notice
Cookies Settings Strictly Necessary Cookies Only Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalization. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices