A trio of trends is converging and promises to drive significant change in security in 2024.
It would be easy to ignore signals in the market in favor of simply saying that generative AI is the top technology and trend this year.
There is no doubt that generative AI is having a significant—even seismic—impact on the market and, subsequently, on every business. We acknowledge this, but also recognize there is little need to point this out. We are all aware of the need to adopt and incorporate AI into our businesses, products, services, and workflows, and thus there is no real value in preaching this to a choir of thousands.
What we do need to point out is that generative AI has overshadowed a separate but no less significant trend that has no catchy name—the convergence of security and observability.
It’s no surprise to us that “85% of technologists state that observability is now a strategic priority for their organization” (AppDynamics). When we dug into the digital maturity of enterprises, we found that even the most mature digital organizations struggle with visibility and siloed data. The latter often contributes to the former as needed data points are locked up in disparate sources. The lack of expertise cited by the same organizations is likely also a contributing factor.
And of the importance of security, little needs to be said. Security remains a top challenge and concern from the board room to the server room. Investments in security remain high in priority regardless of how dim or bright a view from the executive economic outlook.
Indeed, in the latter half of 2023 we have seen the gravitational pull of generative AI on these converging two trends create a vortex into which security is quickly falling: that of AISecOps.
Throughout FY23, we have seen activity in the security and observability domains continue to rise separately and converge toward one another. What we mean is this: observability companies have begun offering security services, and security companies have acquired or built considerable capabilities in observability to offer greater visibility.
Perhaps unsurprisingly, the next step in this convergence is the integration of AI.
88% of CIOs say the convergence of observability and security practices will be critical to building a DevSecOps culture, and 90% say increasing the use of AIOps will be key to scaling up these practices (Dynatrace).
We see this evolution as extant in the market. AI—and in particular, generative AI—has driven significant activity in both security and observability. This impact accelerated during the second half of 2023, with no deceleration in sight.
The convergence of observability and security is extant, and the integration of both with AI imminent.
This is because both security and AI rely heavily on observability. That is, both require significant volumes of data to deliver meaningful and actionable insights that produce business value. In the operational and security markets, AI without a robust repository of operational data (telemetry) is useless.
Conversely, the volume of telemetry required by both security and general operational concerns is such that without AI, the data will not produce meaningful results. Indeed, performance and availability data without complementary security data is increasingly seen by the market as sub-optimal. More than half (56%) of technologists are looking for observability solutions that integrate application availability and performance data with security data (AppDynamics). They are searching for a “single source of truth” for their operational need to feed a systemic AI-based solution to manage multi-cloud and hybrid environments.
Thus, observability serves as a foundational capability for both AI and future security offerings.
We anticipate that 2024 will be the year that the practice of AISecOps forms and establishes itself as ‘the way’ forward.
This convergence will bring not only traditional AI and ML approaches to analyzing real-time traffic to detect and neutralize threats faster and more efficiently but revolutionize the way security professionals interact with threat data. Hence the inclusion of AI.
But more interesting, perhaps, are the technologies that are enabling observability, security, and AI. These are the technologies that make new capabilities and use cases possible and are driving us toward convergence much faster than would otherwise be possible.
Those technologies are:
eBPF (extended Berkley Packet Filter) is a lightweight, kernel-level Linux construct that can act as both a collection and control point for telemetry. It is popular because it does not require modifications to the kernel or recompilation, allowing it to act as a frictionless way to insert capture and control capabilities into systems. While it is primarily used for capturing telemetry from a system, it can also be used as a control point because it is able to perform a limited set of functions.
For example, it can prevent propagation of suspicious packets as well as act as a sort of packet-level router. This dual nature is why the technology is gaining significance in both the observability (capture) and security (control) markets. eBPF enables analysis by offering a more robust set of capture points than is possible or financially feasible with traditional agent-based technologies. eBPF is an enabler of observability and security capabilities.
APIs (Application Programming Interfaces) have risen to dominate both the security and observability markets over 2023. They are used as endpoints to invoke logic, execute tasks, and initiate processes. While they share many characteristics with application endpoints (URIs), their unique characteristics pose special security and operational challenges. Additionally, APIs are extensively used to implement automation of operational tasks and processes, making APIs a systemic enterprise concern rather than simply a business concern related to customer-facing applications. APIs are a key enabler of automation and observability.
GraphQL is a query language for APIs and a runtime for executing those queries against your data. GraphQL allows clients to request the specific data they need and receive responses in a predictable format, reducing the amount of over- or under-fetching of data. Its rise is driven by the increased usage of and dependency on APIs, which organizations are struggling to govern and manage. GraphQL is also able to support more direct data access, which elevates data within application architectures to a first-class citizen with traditional business logic. Like APIs, GraphQL introduces new security challenges that must be addressed and require observability.
A Data Processing Unit (DPU) is a specialized hardware component designed to offload and accelerate data processing tasks from the CPU (Central Processing Unit). These are not unlike GPUs (Graphic Processing Unit) that make possible advanced cryptography and incredible gaming experiences in that they are hyper-focused on performing a specific computational task. DPUs are optimized for handling data movement, data transformation, and data management tasks, freeing up the CPU to focus on general-purpose computation and improving overall system efficiency. DPUs can improve the performance of data-intensive applications, reduce system bottlenecks, and lower power consumption. DPUs are increasingly used in modern data center architectures, edge computing, and AI/ML workloads, where the efficient processing of large amounts of data is crucial for performance and scalability.
Together, these four technologies are accelerating the capabilities for observability, security, and the integration of generative and traditional AI. We anticipate greater adoption and usage of all four in 2024 as organizations embrace the move toward AIOps and its convergence with security.
F5 is not alone in its plans to leverage AI—and in particular, generative AI. Our mission at F5 is to make app delivery and security “ridiculously easy.” Indeed, the path to ridiculously easy deployment and operation of such technologies is through the integration and application of AI in all its forms. We are actively working on new ways to incorporate traditional AI—such as the models that drive our bot and fraud detection technologies—as well as generative AI.
But we also recognize that doing so requires an investment in the technologies that underpin its success. That’s why we helped form the OPI (Open Programmable Infrastructure) project to accelerate adoption of DPUs and increased our investment in and support for open source. It’s also why we’re expanding our innovation efforts around incorporating AI in all its forms to enhance and augment our offerings.
We believe that AI is evolutionary and will take the capabilities of automation to a new level, leading to increased productivity and efficiency for all roles, but especially those involved in the delivery and security of the apps and APIs that power the digital business.