Cisco folds vulnerability management into AppDynamics AIOps

A new module for AppDynamics' AIOps platform uses APM data to perform vulnerability management monitoring and automated attack blocking as DevSecOps market buzz continues.

Cisco and AppDynamics hope to boost their AIOps platform's DevSecOps appeal this week with a new integration between vulnerability management and observability tools.

IT pros began 2021 under pressure to perfect a blend of security management and DevOps roles, and software vendors are expected to make cloud security acquisitions to cater to them. Meanwhile, Cisco already had security intellectual property it could fold in with the AppDynamics APM software it acquired in early 2017, as well as a security product team it realigned under AppDynamics management. That newly combined team's first product, Secure Application, shipped this week.

"This was built very closely with the Cisco security team," said Ty Amell, who joined AppDynamics two years ago and took over as CTO eight months ago. "We recently moved that team over to AppDynamics, because we want to make sure we have a close, tight integration with the AppDynamics product, since it's based on our applications."

Secure Application is an add-on for the AppDynamics Application Performance Monitoring (APM) platform. It monitors a vulnerability management data feed jointly created by AppDynamics and Cisco security engineers. The product then applies AppDynamics' Cognition Engine AIOps algorithms to that feed to detect issues, identify any application's behavioral deviations from normal baselines, and automatically block attacks. Its first release supports only the AppDynamics Java APM agent, but support for more languages and serverless workloads is planned.

Stephen Elliot, IDCStephen Elliot

Automated remediation is a step further than some other DevSecOps software vendors are willing to go, citing customer concerns about granting a high level of access privileges to a vendor's product. This feature of Secure Application is optional, but Amell said automated attack blocking is a necessary component of any cloud-native vulnerability management tool.

"We do believe that to do this right you need to block," he said. "It's one thing to say, 'here are the vulnerabilities that you have,' but in a dynamic environment ... without the ability to block, we think the value is limited."

Automated remediation has also been part of past AppDynamics AIOps updates, such as a previous integration with Cisco's Intersight Workload Optimizer. While not every IT team is ready to trust AIOps tools to make changes, some AppDynamics customers such as Alaska Airlines have indicated that they're willing to try out such features.

This isn't necessarily going to replace other vulnerability management tools, but it could be an opportunity to drive more collaboration.
Stephen ElliotAnalyst, IDC

Cisco is also considering integration of Secure Application data into its existing SIEM products for IT security teams. Amell said the goal, however, is to encourage the same kind of cross-functional collaboration among customers that it's begun internally with the security team shift into AppDynamics.

The approach could resonate with some customers as a way to help establish DevSecOps practices, one analyst said.

"This isn't necessarily going to replace other vulnerability management tools, but it could be an opportunity to drive more collaboration across security and app owners or app support teams," said Stephen Elliot, an analyst at IDC. "Access [to APM] data may highlight certain vulnerabilities in code [that are] particularly [useful] for DevSecOps discussions."

DevSecOps tools and cloud security are hot topics throughout the industry; AppDynamics APM competitor Dynatrace added application security features to its Software Intelligence Platform in December. Log analytics vendors Splunk, Elastic Inc. and Sumo Logic also offer security management alongside observability and AIOps tools.

"It's a general theme across the board, and a growing theme that major competitors are looking at," Elliot said. "Organizations need to bridge the gap between security teams and application data and transform development with better application security."

Dashboard of AppDynamics Secure Application
AppDynamics Secure Application dashboard

Still, many enterprises will need to enact organizational changes before they can effectively use tools such as Secure Application. Specifically, IT organizations may have to rethink security team responsibilities as automated attack blocking features similar to the one included with Secure Application become available to DevOps pros, Elliot said.

"DevSecOps is changing roles and responsibilities -- that's part of the point," Elliot said. "In a way, some of these [tools] are forcing very uncomfortable conversations, but they are necessary."

Beth Pariseau, senior news writer at TechTarget, is an award-winning 15-year veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Dig Deeper on Systems automation and orchestration