Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

What's the Difference Between 'Observability' and 'Visibility' in Security?

To drive holistic security success, we have to start with the interlinking of visibility and observability.

Joe Vadakkan, Global Cloud Security Leader, Optiv Security

February 8, 2021

1 Min Read

Question: What's the difference between "observability" and "visibility" in security?  

Joe Vadakkan, global cloud security leader, Optiv Security: As enterprises digitally transform, they are naturally undergoing security modernization as well. These efforts are dependent on mapping various security elements to keep up with dynamic environments in cloud, K8 clusters, infrastructure-as-code (IaC) deployment, and third-party toolsets. To drive holistic security success, though, we have to start with the interlinking of visibility and observability.

"Visibility" is achieved through monitoring systems, networks, applications, performance, through-point, or several-point solutions and aggregating that data. In the past, organizations wanted visibility into everything and went on shopping sprees for every point solution product out there. API-driven architecture allowed us to aggregate more logs, which gave us a single pane of glass and the first generation of security analytics. It also turned aggregated security logs into a data landfill.

"Observability" expands on that monitoring and enables correlation and inspection of the raw data to provide much deeper insights. With the proper instrumentation, observability allows an enterprise, both inside and outside of the security organization, to solve an extensive number of use cases. Observability requires several elements of logs, metrics, and deep tracing. All data from security, business, and technology sources is pipelined for enrichment and modeling. It opens us up to the second generation of analytics. We’re now able to mine the data, build patterns, make useful calculations out of artificial intelligence and machine learning samples, and improve remediation with proactive and reactive hyper-automation.

In my opinion, observability is the latest, most important fabric within a security modernization program. The more we expand the baseline understanding of our systems, the more proactive we can be in continuously improving our efforts.

About the Author(s)

Joe Vadakkan

Global Cloud Security Leader, Optiv Security

Joe Vadakkan brings more than 18 years of global infrastructure architecture and security experience, focusing on all aspects of cyber and data security to his role of global practice leader, cloud security, for Optiv. Vadakkan's expertise in information security and IT infrastructure spans public and private sector companies across diverse industries, including aerospace and defense, software development, finance and insurance, healthcare, transportation logistics, retail, government, and consulting. Prior to his role at Optiv, Vadakkan worked and consulted at various Fortune 500 organizations building secure architecture solutions for 100s of clients in public cloud, building large scale ITO portfolio solutions for "big 10" IT service providers, designing secure public cloud for Iaas and SaaS consumption for a top 5 public cloud service provider, and architecting/implementing private cloud for government and defense programs.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights