Cloud ‘posture visibility’ is the new observability

Key Takeaways

The complexity of cloud environments necessitates effective Application Performance Management (APM) for better internal systems insight and control.

Cloud Security Posture Management (CSPM) is critical for addressing security blind spots that arise from continuously evolving cloud services and the need for end-to-end network visibility.

Utilizing machine learning can significantly enhance the detection of abnormal traffic patterns, helping security teams focus on serious threats while reducing unnecessary alerts.

Cloud is complex, yes, we know that part. So convoluted, coalesced, co-located and essentially complex is cloud that an entire sub-genre of information technology has grown up to provide APM (or Application Performance Management to afford it its full moniker) in order to gain a much needed level of internal systems insight and control.

With many systems architects and other software engineering professionals now working to ensure that their ERP systems have the ability to deliver an appropriate level of insight into their inner workings, state and status, the need to surface APM insight has (arguably) never been more prevalent or pressing.

APM vendors like to talk about so-called ‘observability’ and the need to provide a clear view into cloud application services and data operations throughout the daily course of workflow execution and business operations.

But can we go one step backwards (or perhaps deeper) than observability and talk about visibility.

Cloud Security Posture Management (CSPM)

Rather more skewed towards the security side of the total DevOps responsibility list, the term itself is championed by Palo Alto Networks in relation to its Prisma Cloud product, which in and of itself attempts to define a sub-genre sub-genre in the shape of what the company calls Cloud Security Posture Management (CSPM).

The company says reminds us that cloud environments grow ever more complex, deployments typically feature more cloud providers, more users, more applications and more resources.

Varun Badhwar, senior vice president, Prisma Cloud at Palo Alto Networks warns that this can lead to a ‘cacophony of false-positive alerts’ if cloud monitoring solutions fail to provide the right kind of end-to-end capabilities.

Badhwar calls our what his firm calls ‘True Internet Exposure’ i.e. a notion of end-to-end network path visibility between any source and destination, a function which is supposed to eliminate needless alerts associated with unexposed cloud instances and security groups.

Security blind spots

Cloud service providers release and update hundreds of new services for their platforms each year. When organisations use these new services before their CSPM solution supports them, they are left with security blind spots.

“With Visibility-as-Code, Prisma Cloud can now support new cloud services in days, providing development teams with the freedom to take advantage of the latest cloud services while giving the security teams the security measures they need,” said the company, in a press statement.

Badhwar and team say that many basic security solutions solely focus on detecting misconfigurations based on static rules, so they may not be effective when it comes to real security attack objectives, such as data exfiltration.

Avoiding unnecessary alert storms

According to Palo Alto Networks, “Prisma Cloud uses machine learning to analyse vast amounts of network flow logs and understand the typical traffic pattern of each customer, which is then used to detect and alert on abnormal egress traffic to any IP address, including TOR exit nodes. This allows security teams to focus their remediation efforts on the most dangerous data exfiltration attacks and avoid unnecessary alert storms.”

We’re building the cloud fast, so it is (arguably) hugely important to gain visibility (and, observability if you must) into misconfigurations as we work to and identify cloud infrastructure weaknesses across dynamic ever-changing cloud environments.

We need anomalous detection power and we need automated (i.e. with ML inside, as shown here) anomalous detection and we need it now, it’s visibly clear that we do, right?