Exploring the Convergence of Observability and Security - Part 4: Dashboards

Pete Goldin
APMdigest

With input from industry experts — both analysts and vendors — this 8-part blog series will explore what is driving the convergence of observability and security, the challenges and advantages, and how it may transform the IT landscape.

Start with: Exploring the Convergence of Observability and Security - Part 1

Start with: Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces

Start with: Exploring the Convergence of Observability and Security - Part 3: Tools

In Part 3 of this blog series, most experts concurred that observability and security tools should be combined, or at least integrated. Interestingly, some experts say that — although convergence is happening, and sharing the data has great value — the security dashboards should not necessarily be combined with observability dashboards for ITOps, NetOps or DevOps.

"I think security and ops will need different dashboards — security staff and operations staff are asking different questions about similar data," Mike Loukides, VP of Emerging Tech Content at O'Reilly Media predicts.

"Are there intruders on the site?" isn't the same as "Is the load too high on server 7 in the Amsterdam colo?" At a minimum, they will remain distinct specialties, with their own tools and dashboards, Loukides says.

Roger Floren, Principal Product Manager at Red Hat suggests that there may be challenges with combining security and observability dashboards. "Using a single platform will ensure the data to be consistent and up-to-date. This will lead to more actionable insights for security and observability. On the other hand the integration challenges to bring this together can be complex and time consuming, leading to compatibility issues and vendor lock-in. You would also risk some feature trade-offs."

Ajit Sancheti, GM, Falcon LogScale at CrowdStrike explains that DevOps, ITOps and SecOps teams will likely want their own dashboards and views of data. Each team will care about different priorities, such as threats, resource utilization or VM health monitoring, and their individual dashboards will reflect their areas of interest.

Dashboards Converging Over Time

Over time, we will see combined dashboards for security, ITOps, NetOps and DevOps, according to other experts.

"As NetOps, SecOps, and DevOps come together, having tools that can integrate both log data and network-derived intelligence into a single interface or dashboard will provide the deep observability they require to enhance business agility, ensure cloud security, and contain hybrid cloud cost and complexity," says Chaim Mazal, Chief Security Officer at Gigamon.

Colin Fallwell, Field CTO of Sumo Logic agrees, "I do see more convergence happening here. DevOps and SRE teams are interested in overlaying security data, intel threat feeds and such, and security teams are seeing the value in operational metrics and top-level application health."

Ideally, merging security and observability should include the dashboards, given they provide a clear visual of application health and availability, and provide flexibility to enable security information from the application to also be integrated to broader reaching SEIM tools as well, Gregg Ostrowski, CTO Adviser at Cisco AppDynamics concludes. "To take full advantage of application monitoring with observability and security insights, customizable dashboards are a great way to extend visibility and support cross-team collaboration, showcasing all the performance data in one place."

Different Organizations Have Different Needs

Prashant Prahlad, VP of Cloud Security Products at Datadog believes the level of dashboard convergence depends on the organization. "Dashboards may converge, but it depends on the size and maturity levels of the teams involved. At startups and smaller organizations where there is no centralized security function, you will likely see the same dashboards used for security and operations. But as organizations mature and security becomes a central function, dashboards may separate."

"In even more advanced organizations, however, the reverse may start happening where centralized security dashboards exist but security starts becoming part of the operations dashboards to provide more context to DevOps or SecOps teams for remediation efforts."

Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at Enterprise Management Associates (EMA) says, "Some dashboards will be converged, usually the ones used for tier 1 response and event management. But tier 2 and tier 3 support will involve specialists with siloed dashboards and specialized tools."

McGillicuddy suggests that convergence of tools will depend on the individual organization. "Users/owners of security tools and users/owners of observability tools have very different skillsets, processes, and cultures. These differences will present barriers to converging on shared tools. However, some organizations will welcome this, especially smaller ones that have fewer silos and more IT generalists than specialists. NetOps teams have told me that they want more security insights in their network observability solutions, but not necessarily because they're sharing those tools with the cybersecurity team. They simply want more context."

Use the player or download the MP3 below to listen to EMA-APMdigest Podcast Episode 2 — Shamus McGillicuddy talks about Network Observability, the convergence of observability and security, and more.

Click here for a direct MP3 download of Episode 2 - Part 1

Similarly, Asaf Yigal, CTO of Logz.io feels that different teams, or even unique use cases, will probably always demand unique dashboards for specific workflows that drive a related response, such as monitoring app performance, threat detection, and prioritization of alerts. Even within a shared observability and security platform, there will be unique UIs for monitoring uptime of applications services versus monitoring and alerting of threats, such as with a SIEM.

Yet, driven by the convergence of data as well as security and performance issues, the overlap of something like a threat that causes an outage somewhere in the apps or infrastructure clearly illustrates increasing value in some shared dashboards, such as top-level overviews or home pages where there is some percolating up of all of this data.

"For the immediate future, we think that there is a need for dashboarding to support every variant of this work," Yigal says. "This is where customization also plays a key role to support the unique makeup of every team and organization. In the long term, there will be more and more crossover."

"Dashboards have not yet converged, however, when they begin to, they should be more elastic to the needs of the business and not determined by third parties," Jam Leomi, Lead Security Engineer at Honeycomb advises. "Each business should determine what its specific needs are to create custom and flexible dashboards for effective observability. To emphasize, observability is all about the efficiency of the business doing it and should be specific to engineering and business priorities."

Go to: Exploring the Convergence of Observability and Security - Part 5: Teams

Pete Goldin is Editor and Publisher of APMdigest

Related Links

Hot Topics

The Latest

Why AI Is No Longer Optional for IT Operations

The rise of hybrid cloud environments, the explosion of IoT devices, the proliferation of remote work, and advanced cyber threats have created a monitoring challenge that traditional approaches simply cannot meet. IT teams find themselves drowning in a sea of data, struggling to identify critical threats amidst a deluge of alerts, and often reacting to incidents long after they've begun. This is where AI and ML are leveraged ...

Outages Aren't the Enemy, Complacency Is

Three practices, chaos testing, incident retrospectives, and AIOps-driven monitoring, are transforming platform teams from reactive responders into proactive builders of resilient, self-healing systems. The evolution is not just technical; it's cultural. The modern platform engineer isn't just maintaining infrastructure. They're product owners designing for reliability, observability, and continuous improvement ...

The Changing World of Application Delivery (and why it pays to have choices)

Getting applications into the hands of those who need them quickly and securely has long been the goal of a branch of IT often referred to as End User Computing (EUC). Over recent years, the way applications (and data) have been delivered to these "users" has changed noticeably. Organizations have many more choices available to them now, and there will be more to come ... But how did we get here? Where are we going? Is this all too complicated? ...

When a Metadata Change Broke the Internet: What the Cloudflare Outage Really Revealed

On November 18, a single database permission change inside Cloudflare set off a chain of failures that rippled across the Internet. Traffic stalled. Authentication broke. Workers KV returned waves of 5xx errors as systems fell in and out of sync. For nearly three hours, one of the most resilient networks on the planet struggled under the weight of a change no one expected to matter ... Cloudflare recovered quickly, but the deeper lesson reaches far beyond this incident ...

Cybersecurity Awesomeness Podcast: Cloudflare Outage

Chris Steffen and Ken Buckler from EMA discuss the Cloudflare outage and what availability means in the technology space ...

When Milliseconds Matter: What Every Industry Can Learn From the Self-Driving Playbook

Every modern industry is confronting the same challenge: human reaction time is no longer fast enough for real-time decision environments. Across sectors, from financial services to manufacturing to cybersecurity and beyond, the stakes mirror those of autonomous vehicles — systems operating in complex, high-risk environments where milliseconds matter ...

The Path to Technojoy: How to Tackle the Silent Drivers of Technostress

Technology's role in the workplace has expanded rapidly, framing how we work and communicate. Now, with the explosion of new and innovative AI-driven tools, people are struggling to navigate how to work in this new emergent era. And although the majority of these applications are designed to make our lives easier, for many knowledge workers, they've become a source of stress and anxiety. "Technostress" ... describes the feelings of being overwhelmed by constant connectivity and cognitive overload from information and notifications, and it's on the rise ...

When Automating Forever Becomes Faster Than Doing It Once

People want to be doing more engaging work, yet their day often gets overrun by addressing urgent IT tickets. But thanks to advances in AI "vibe coding," where a user describes what they want in plain English and the AI turns it into working code, IT teams can automate ticketing workflows and offload much of that work. Password resets that used to take 5 minutes per request now get resolved automatically ...

Smarter Systems for Disinformation: How Data-Centric Design Could Transform Online Trust

Governments and social platforms face an escalating challenge: hyperrealistic synthetic media now spreads faster than legacy moderation systems can react. From pandemic-related conspiracies to manipulated election content, disinformation has moved beyond "false text" into the realm of convincing audiovisual deception ...

The 5 Pillars of Cross-Platform Observability

Traditional monitoring often stops at uptime and server health without any integrated insights. Cross-platform observability covers not just infrastructure telemetry but also client-side behavior, distributed service interactions, and the contextual data that connects them. Emerging technologies like OpenTelemetry, eBPF, and AI-driven anomaly detection have made this vision more achievable, but only if organizations ground their observability strategy in well-defined pillars. Here are the five foundational pillars of cross-platform observability that modern engineering teams should focus on for seamless platform performance ...

Exploring the Convergence of Observability and Security - Part 4: Dashboards

Pete Goldin
APMdigest

With input from industry experts — both analysts and vendors — this 8-part blog series will explore what is driving the convergence of observability and security, the challenges and advantages, and how it may transform the IT landscape.

Start with: Exploring the Convergence of Observability and Security - Part 1

Start with: Exploring the Convergence of Observability and Security - Part 2: Logs, Metrics and Traces

Start with: Exploring the Convergence of Observability and Security - Part 3: Tools

In Part 3 of this blog series, most experts concurred that observability and security tools should be combined, or at least integrated. Interestingly, some experts say that — although convergence is happening, and sharing the data has great value — the security dashboards should not necessarily be combined with observability dashboards for ITOps, NetOps or DevOps.

"I think security and ops will need different dashboards — security staff and operations staff are asking different questions about similar data," Mike Loukides, VP of Emerging Tech Content at O'Reilly Media predicts.

"Are there intruders on the site?" isn't the same as "Is the load too high on server 7 in the Amsterdam colo?" At a minimum, they will remain distinct specialties, with their own tools and dashboards, Loukides says.

Roger Floren, Principal Product Manager at Red Hat suggests that there may be challenges with combining security and observability dashboards. "Using a single platform will ensure the data to be consistent and up-to-date. This will lead to more actionable insights for security and observability. On the other hand the integration challenges to bring this together can be complex and time consuming, leading to compatibility issues and vendor lock-in. You would also risk some feature trade-offs."

Ajit Sancheti, GM, Falcon LogScale at CrowdStrike explains that DevOps, ITOps and SecOps teams will likely want their own dashboards and views of data. Each team will care about different priorities, such as threats, resource utilization or VM health monitoring, and their individual dashboards will reflect their areas of interest.

Dashboards Converging Over Time

Over time, we will see combined dashboards for security, ITOps, NetOps and DevOps, according to other experts.

"As NetOps, SecOps, and DevOps come together, having tools that can integrate both log data and network-derived intelligence into a single interface or dashboard will provide the deep observability they require to enhance business agility, ensure cloud security, and contain hybrid cloud cost and complexity," says Chaim Mazal, Chief Security Officer at Gigamon.

Colin Fallwell, Field CTO of Sumo Logic agrees, "I do see more convergence happening here. DevOps and SRE teams are interested in overlaying security data, intel threat feeds and such, and security teams are seeing the value in operational metrics and top-level application health."

Ideally, merging security and observability should include the dashboards, given they provide a clear visual of application health and availability, and provide flexibility to enable security information from the application to also be integrated to broader reaching SEIM tools as well, Gregg Ostrowski, CTO Adviser at Cisco AppDynamics concludes. "To take full advantage of application monitoring with observability and security insights, customizable dashboards are a great way to extend visibility and support cross-team collaboration, showcasing all the performance data in one place."

Different Organizations Have Different Needs

Prashant Prahlad, VP of Cloud Security Products at Datadog believes the level of dashboard convergence depends on the organization. "Dashboards may converge, but it depends on the size and maturity levels of the teams involved. At startups and smaller organizations where there is no centralized security function, you will likely see the same dashboards used for security and operations. But as organizations mature and security becomes a central function, dashboards may separate."

"In even more advanced organizations, however, the reverse may start happening where centralized security dashboards exist but security starts becoming part of the operations dashboards to provide more context to DevOps or SecOps teams for remediation efforts."

Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at Enterprise Management Associates (EMA) says, "Some dashboards will be converged, usually the ones used for tier 1 response and event management. But tier 2 and tier 3 support will involve specialists with siloed dashboards and specialized tools."

McGillicuddy suggests that convergence of tools will depend on the individual organization. "Users/owners of security tools and users/owners of observability tools have very different skillsets, processes, and cultures. These differences will present barriers to converging on shared tools. However, some organizations will welcome this, especially smaller ones that have fewer silos and more IT generalists than specialists. NetOps teams have told me that they want more security insights in their network observability solutions, but not necessarily because they're sharing those tools with the cybersecurity team. They simply want more context."

Use the player or download the MP3 below to listen to EMA-APMdigest Podcast Episode 2 — Shamus McGillicuddy talks about Network Observability, the convergence of observability and security, and more.

Click here for a direct MP3 download of Episode 2 - Part 1

Similarly, Asaf Yigal, CTO of Logz.io feels that different teams, or even unique use cases, will probably always demand unique dashboards for specific workflows that drive a related response, such as monitoring app performance, threat detection, and prioritization of alerts. Even within a shared observability and security platform, there will be unique UIs for monitoring uptime of applications services versus monitoring and alerting of threats, such as with a SIEM.

Yet, driven by the convergence of data as well as security and performance issues, the overlap of something like a threat that causes an outage somewhere in the apps or infrastructure clearly illustrates increasing value in some shared dashboards, such as top-level overviews or home pages where there is some percolating up of all of this data.

"For the immediate future, we think that there is a need for dashboarding to support every variant of this work," Yigal says. "This is where customization also plays a key role to support the unique makeup of every team and organization. In the long term, there will be more and more crossover."

"Dashboards have not yet converged, however, when they begin to, they should be more elastic to the needs of the business and not determined by third parties," Jam Leomi, Lead Security Engineer at Honeycomb advises. "Each business should determine what its specific needs are to create custom and flexible dashboards for effective observability. To emphasize, observability is all about the efficiency of the business doing it and should be specific to engineering and business priorities."

Go to: Exploring the Convergence of Observability and Security - Part 5: Teams

Pete Goldin is Editor and Publisher of APMdigest

Related Links

Hot Topics

The Latest

Why AI Is No Longer Optional for IT Operations

The rise of hybrid cloud environments, the explosion of IoT devices, the proliferation of remote work, and advanced cyber threats have created a monitoring challenge that traditional approaches simply cannot meet. IT teams find themselves drowning in a sea of data, struggling to identify critical threats amidst a deluge of alerts, and often reacting to incidents long after they've begun. This is where AI and ML are leveraged ...

Outages Aren't the Enemy, Complacency Is

Three practices, chaos testing, incident retrospectives, and AIOps-driven monitoring, are transforming platform teams from reactive responders into proactive builders of resilient, self-healing systems. The evolution is not just technical; it's cultural. The modern platform engineer isn't just maintaining infrastructure. They're product owners designing for reliability, observability, and continuous improvement ...

The Changing World of Application Delivery (and why it pays to have choices)

Getting applications into the hands of those who need them quickly and securely has long been the goal of a branch of IT often referred to as End User Computing (EUC). Over recent years, the way applications (and data) have been delivered to these "users" has changed noticeably. Organizations have many more choices available to them now, and there will be more to come ... But how did we get here? Where are we going? Is this all too complicated? ...

When a Metadata Change Broke the Internet: What the Cloudflare Outage Really Revealed

On November 18, a single database permission change inside Cloudflare set off a chain of failures that rippled across the Internet. Traffic stalled. Authentication broke. Workers KV returned waves of 5xx errors as systems fell in and out of sync. For nearly three hours, one of the most resilient networks on the planet struggled under the weight of a change no one expected to matter ... Cloudflare recovered quickly, but the deeper lesson reaches far beyond this incident ...

Cybersecurity Awesomeness Podcast: Cloudflare Outage

Chris Steffen and Ken Buckler from EMA discuss the Cloudflare outage and what availability means in the technology space ...

When Milliseconds Matter: What Every Industry Can Learn From the Self-Driving Playbook

Every modern industry is confronting the same challenge: human reaction time is no longer fast enough for real-time decision environments. Across sectors, from financial services to manufacturing to cybersecurity and beyond, the stakes mirror those of autonomous vehicles — systems operating in complex, high-risk environments where milliseconds matter ...

The Path to Technojoy: How to Tackle the Silent Drivers of Technostress

Technology's role in the workplace has expanded rapidly, framing how we work and communicate. Now, with the explosion of new and innovative AI-driven tools, people are struggling to navigate how to work in this new emergent era. And although the majority of these applications are designed to make our lives easier, for many knowledge workers, they've become a source of stress and anxiety. "Technostress" ... describes the feelings of being overwhelmed by constant connectivity and cognitive overload from information and notifications, and it's on the rise ...

When Automating Forever Becomes Faster Than Doing It Once

People want to be doing more engaging work, yet their day often gets overrun by addressing urgent IT tickets. But thanks to advances in AI "vibe coding," where a user describes what they want in plain English and the AI turns it into working code, IT teams can automate ticketing workflows and offload much of that work. Password resets that used to take 5 minutes per request now get resolved automatically ...

Smarter Systems for Disinformation: How Data-Centric Design Could Transform Online Trust

Governments and social platforms face an escalating challenge: hyperrealistic synthetic media now spreads faster than legacy moderation systems can react. From pandemic-related conspiracies to manipulated election content, disinformation has moved beyond "false text" into the realm of convincing audiovisual deception ...

The 5 Pillars of Cross-Platform Observability

Traditional monitoring often stops at uptime and server health without any integrated insights. Cross-platform observability covers not just infrastructure telemetry but also client-side behavior, distributed service interactions, and the contextual data that connects them. Emerging technologies like OpenTelemetry, eBPF, and AI-driven anomaly detection have made this vision more achievable, but only if organizations ground their observability strategy in well-defined pillars. Here are the five foundational pillars of cross-platform observability that modern engineering teams should focus on for seamless platform performance ...