Security monitoring

DeepFactor unifies performance and security monitoring for developers

DeepFactor today launched what it describes as the first continuous monitoring platform designed specifically for pre-production environments.

Company CEO Kiran Kamity said the DeepFactor pre-production monitoring platform combines security, performance and behavior monitoring into a single offering. Based on a “Deep Passive Monitoring” capability that requires developers to add a file to a container image to instrument an application, the platform forwards telemetry data collected through this file to an Application Runtime Intelligence engine. This engine highlights potential security and performance issues as well as risky and unexpected behavior changes between app versions, he said.

Scans of application environments are launched via a DeepFactor portal. Each analysis is then compared against a set of configurable rules that are developed and maintained by the DeepFactor research team to identify indicators of poor application behavior. The engine also learns the application’s environment, which over time allows DeepFactor to generate alerts based on threshold triggers, known bad behavior, anomaly detection, and other attributes.

The DeepFactor pre-production monitoring platform also comes with pre-packaged integrations for widely used DevOps tools including Jira, Jenkins, Slack, and GitHub.

In addition to the commercial platform, DevOps teams can also use a DeepFactor Standard Edition, which is free for non-commercial open source projects with no user limitation.

In an ideal world, developers would address issues, including security, long before an application is deployed to a production environment. The problem is that developers are asked to navigate too many tools to achieve this goal. The DeepFactor pre-production monitoring platform will make it easier for developers to surface information smoothly, Kamity said.

Most organizations that adopt DevOps best practices consider observability a fundamental principle. The challenge they face is to allow developers to easily instrument applications as they are built, and then make sense of all the telemetry data collected. This is especially important as developers attempt to strike a balance between fixing security issues and optimizing performance to better ensure the overall user experience. Existing development tools are optimized for performance; asking developers to switch tools to address potential cybersecurity issues is a task that can be delayed to the point of being essentially forgotten or simply ignored.

It’s unclear to what extent DevOps teams might have the budget to deploy their own monitoring tools versus the existing provided monitoring tools deployed by an IT operations team. However, deploying and updating the agent software required by legacy IT monitoring platforms is usually time consuming. DeepFactor makes the case for capturing telemetry data using a relatively lightweight container that can be added to a monolithic or microservices-based application.

Of course, if an application is already instrumented in a pre-production environment, it might make sense to use the same monitoring platform to observe applications in a production environment. However, convincing IT operations teams to replace their existing monitoring tools with something that makes life easier for developers can be a difficult task.