You can’t secure what you can’t see, the old adage goes, so it’s not much of a leap to expect security and observability to converge.
“Security and observability are coming together,” said Cisco Chief Strategy Officer Liz Centoni, speaking at this week’s Raymond James technology investors’ conference. She used Cisco’s AppDynamics as an example: the platform monitors performance and secures apps in runtime.
But the same holds true for other Cisco products like ThousandEyes, for example, that look for security breaches and ensure that an organizations’ infrastructure performs as it should.
“If you look at how we’ve done our strategic pillars, they go across domains, across architectures, and across organization because our focus is really on deliver outcomes, deliver experiences,” Centoni said, according to a transcript. “And we are pulling capabilities and portfolios from different parts of the organizations for that matter.”
Specific to AppDynamics, this means creating a dynamic baseline for application performance, she added.
Cisco paid $3.7 billion for AppDynamics in 2017, and since then has been adding new capabilities to the platform, largely through other acquisitions, to build out what it calls full-stack observability. This uses machine learning and artificial intelligence (AI) to troubleshoot performance and security issues, and also help predict and optimize costs across the network and up through the application layer.
Earlier this year, Cisco’s AppDynamics team co-developed a new runtime protection tool called Cisco Secure Application with Cisco Security. It is built into AppDynamics’ application performance monitoring platform, and it also integrates with Cisco’s SecureX security platform to provide application-level visibility and insights to the security team.
“We’re feeding from our security portfolio, alerts, incidents, and advisories that then help us then correlate in terms of understanding the risk to an application at the end of the day,” Centoni said at the investor conference. “When we feel like it’s a security issue, we can actually then communicate that back into the SecOps teams as well. So it's a bidirectional kind of communication that happens.”
ThousandEyes, another Cisco $1 billion acquisition, plays another key role in the vendor’s full-stack observability strategy. It provides multi-cloud network visibility, and internet outages — like yesterday’s Amazon Web Services’ outage — highlights the importance of this type of fine-grain network monitoring and analysis.
In fact, ThousandEyes’ revenue grew triple digits during its more recent earnings quarter, Cisco CEO Chuck Robbins said on a call with investors last month.