your123 - stock.adobe.com

Dynatrace security AI roots out Log4j, sets tone for roadmap

Dynatrace must prove itself beyond application security, but its AI's effectiveness against the Log4j vulnerability has some customers receptive to its product expansion plans.

LAS VEGAS -- Dynatrace executives disclosed bold long-term plans to expand the company's security AI products, which have also turned heads among enterprise customers as they battled the Log4Shell vulnerability last year.

The vulnerability discovered in the Log4j Java language library rocked the enterprise IT industry when it was disclosed in late 2021. Log4Shell was both critical, as it allowed attackers to perform remote code execution on vulnerable systems, and widespread, as it affected an often-used open source component of enterprise applications. Worse, it was difficult for most enterprises to detect whether they had vulnerable versions of Log4j, and where, because of gaps in software supply chain security.

But Dynatrace customers at the Perform user conference this week said the observability vendor's Application Security module helped them pin down vulnerable instances of Log4j.

"We used it during the Log4j episode, where we had to identify systems that were at risk for that compromise, and it enabled us to find them very quickly before we ever [had an incident]," said Dave Catanoso, acting director of application hosting, cloud, and edge solutions, infrastructure operations at the U.S. Department of Veterans Affairs, during a customer panel at the conference.

The VA wasn't alone in this experience, according to one analyst.

"In many cases, Dynatrace was identifying vulnerable applications more quickly than dedicated security tools" for several of his clients, said Gregg Siegfried, an analyst at Gartner.

Another Dynatrace customer, Michael Cabrera, director of site reliability engineering at home automation company Vivint Smart Home in Provo, Utah, echoed these comments.

"Not only could it help me pinpoint where [I had the vulnerability], but then it helped me validate when it was all gone and remediated," Cabrera said.

Dynatrace CTO reveals security goals

Now, Dynatrace executives are explicitly targeting a broader set of dedicated security tools from competitors in their product plans, based on the Grail data management platform the company launched in October.

We are going to revolutionize security analytics for threat intelligence.
Bernd GreifenederFounder and CTO, Dynatrace

"We are going to disrupt how current SIEM [security information and event management] works," said Bernd Greifeneder, founder and CTO at Dynatrace, in a keynote presentation. "We are going to revolutionize security analytics for threat intelligence, because with Grail, we go beyond just logs."

While Dynatrace has aspirations beyond logs, Grail also represents a fresh attempt to improve Dynatrace's support for such data. Log analytics are clearly the first point of attack in the company's competitive plans -- namely, the log analytics vendors that are already established in security, such as Splunk and Sumo Logic.

The new Dynatrace Query Language was designed to appeal to IT pros familiar with Splunk's query language to make migration to Grail easier, Greifeneder said during his presentation, to applause from the audience.

These are long-range plans, added Bob Wambach, vice president of product marketing at Dynatrace, in a later interview with TechTarget Editorial.

"We're not trying to be a SIEM vendor this year," Wambach said. "But there are customers that are looking at the power we have in the data; there's definite market demand."

Some enterprise customers already deeply invested in Dynatrace said they are preparing to consolidate log analytics tools onto Grail and Dynatrace Application Security.

"Retention with Splunk is hard, because it directly ties to cost," said Cabrera, who uses Dynatrace AIOps tools to manage application performance and reliability.

Splunk introduced new pricing alternatives in response to customer cost complaints in 2021, but that hasn't helped in his case, Cabrera said.

"[Splunk pricing] is a reason I am starting to use Dynatrace logging more and more," he said. "With Grail coming, I could have everything under one roof."

Testing Grail's log analytics already has another customer -- Ken Schirrmacher, CTO and senior director of IT at Park 'N Fly, a travel services company in Atlanta -- planning to swap out Sumo Logic. Upcoming enhancements to Grail dashboards and reporting unveiled this week could also help it better compete with Splunk, Schirrmacher said.

These new features include automated and customizable reporting, Notebooks for exploratory data collaboration and more flexible visualizations, all of which Schirrmacher said he'd been waiting for Dynatrace to deliver.

"When we first got [access to Grail], it was a fairly feature-rich environment, but the No. 1 thing it's lacking was the robustness of its reporting capabilities," he said. "What I had suggested [to Dynatrace] was, 'If you could figure out a way to use ML or whatever algorithm you want to automatically build reports and whatever [dashboards] you want, you don't have to have anybody sitting there manually doing any of this coding … and that makes [my] job a whole lot easier.'"

Other Dynatrace customers sounded a more cautious note following a presentation about Grail at a conference keynote this week.

"With these announcements, it's clear we're going to have to have a migration path to take advantage of Grail and SaaS," said Randy Hunter, senior vice president of IT at America First Credit Union, a credit card company based in Ogden, Utah. "But we need to understand more about what Grail does to know where it fits. Right now, we have no plans to replace Splunk."

Dynatrace CTO discusses security AI roadmap onstage at the Perform conference
Dynatrace founder and CTO Bernd Greifeneder presents the company's long-term security AI ambitions onstage at Perform 2023.

Security AI push 'just talk' for now

Tech analysts were also cautious about Dynatrace's plans to break into security product categories such as SIEM.

"Few organizations are looking to replace existing security tools with something like this … certainly not yet," Siegfried said. "But there's a lot of low-hanging fruit [for Dynatrace] in DevSecOps, vulnerability management, and software composition analysis -- that's more likely where they would go."

That's only if Grail performs as advertised, pointed out Andy Thurai, vice president and principal analyst at Constellation Research. So far, the data management platform is still adding key features, such as support for distributed tracing and metrics data, which is set to ship next quarter.

"I've got to see proof because it's all just sort of talk to me at this point," he said. "Grail is a good announcement … but I need to see more of it. When I say I'm looking for a log provider, does Dynatrace come to mind first? Absolutely not. Splunk still owns the game, along with newer log analytics players."

Still, enterprises are keen to consolidate the number of tools they use amid turbulent macroeconomic conditions. And while security in general has established incumbent vendors, security AI is still a young enough field for new competitors to break in, said Carlos Casanova, an analyst at Forrester.

"I just look at it as a new vendor entering that market, and I don't expect Dynatrace to be the only one to do it," Casanova said. "At the base levels, they offer very similar capabilities [to security analytics vendors] around detection of activity and devices, collection of sensory and telemetry data across the IT ecosystem and analysis for eventual action."

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Dig Deeper on IT systems management and monitoring