Is Dynatrace capable of monitoring Security Vulnerability and DDOS attacks?
If a hacker access our server in DMZ location?
Any unusual activity can be tracked from an unusual location?
Using features in an unexpected sequence?
Types and amounts of transactions
Using features not typically used etc.
What can dynatrace do if the above anomalies are detected?
Log and alert
Log with no alert
Prevent the activity from moving forward.
Solved! Go to Solution.
I'm CTO at a Dynatrace partner, and we also work in security projects. I can tell you that despite Dynatrace not specifically having a security offering around the scenarios you mentioned, it can be used in those scenarios. I'm going to reference two cases where we have had such "close" encounters:
I would say that most of the questions you make will be alerted by the AI engine, but it will not track it down as a security incident, at least by now. But I expect some of this knowledge being incorporated into Davis in the near future.
One of the anomalies that can be looked for are traffic spikes and drops for both services and applications. This means you can turn it on and when there are much more attempts to invoke anything on your services, you will have a problem opened immediately at the service/application level.
If you suspect some entry points have greater chances to be attacked, you can also mark them as key requests and the traffic anomaly detection will be also done for them specifically.
Right now, Dynatrace Application Security is capable of detecting security vulnerabilities in Java, .NET, Node.js and PHP libraries and Kubernetes. No attacks are detected right out-of-the-box at the moment.
However, as already said by the others, you can already monitor various security-relevant scenarios with the means that Dynatrace gives you right now. In addition to that, we're already working on new features which will help with even more AppSec use cases.
So stay tuned to learn more about those features in the future, e.g. at Dynatrace Perform 2022.
With Dynatrace Azure integration you can ingest the metric "IfUnderDDoSAttack", which says if Under DDoS attack or not and has unit Count. Metrics described here https://www.dynatrace.com/support/help/shortlink/azure-public-ip#available-metrics & https://docs.microsoft.com/en-us/azure/ddos-protection/telemetry#metrics.