cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is Dynatrace capable of monitoring Security Vulnerability and DDOS attacks?

bchintapalli
Participant

Is Dynatrace capable of monitoring Security Vulnerability and DDOS attacks?

 

If a hacker access our server in DMZ location?
Any unusual activity can be tracked from an unusual location?

Using features in an unexpected sequence?

Types and amounts of transactions

Using features not typically used etc.

 

What can dynatrace do if the above anomalies are detected?

Log and alert

Log with no alert

Prevent the activity from moving forward.

2 REPLIES 2

AntonioSousa
Leader

@bchintapalli 

I'm CTO at a Dynatrace partner, and we also work in security projects. I can tell you that despite Dynatrace not specifically having a security offering around the scenarios you mentioned, it can be used in those scenarios. I'm going to reference two cases where we have had such "close" encounters:

  • In one case, Davis alerted us to a problem in a site with several failures. On close inspection, we figured out that those requests were clearly a security scan. On a more detailed inspection, we figured out that the server had been compromised! This was all done with Dynatrace data alone. Given the RUM data we were able to follow everything the hacker did from his hacking console, that he uploaded to the site. We were also able to pinpoint the backdoors that he left behind, including all the hacking console code. Unfortunately, we didn't have the time to setup Session Replay, as that would give us a video of what the hacker had seen!!! This case is particularly special for us, as in this client we only do Dynatrace; security is done by another company and they were absolutely clueless about what was going on.
  • In another case, we were asked to track down something that was bringing some site down. In this case we discovered a very big bot that was making so many requests, that it represented more than half of the total requests to the site. It was particularly easy to track it down, and ACL the bot. It then "mutated", but Davis (the AI) tracked it immediately when it came back 🤣 Some more interactions ensued, but eventually the bot left... This is not a typical DDOS, but Dynatrace will certainly catch it!

I would say that most of the questions you make will be alerted by the AI engine, but it will not track it down as a security incident, at least by now. But I expect some of this knowledge being incorporated into Davis in the near future.

Antonio Sousa

gilgi
Mentor

One of the anomalies that can be looked for are traffic spikes and drops for both services and applications. This means you can turn it on and when there are much more attempts to invoke anything on your services, you will have a problem opened immediately at the service/application level.

 

If you suspect some entry points have greater chances to be attacked, you can also mark them as key requests and the traffic anomaly detection will be also done for them specifically.