Bottom Line: LogicMonitor knows first-hand how much pressure DevOps teams are under to produce high-quality code in record time during the pandemic. Acquiring Airbrake proves they get it: DevOps has a high need for speed right now.
LogicMonitor Aims To Solve Today’s DevOps Paradox
The pandemic is forcing every business to make DevOps a core part of their DNA faster than any of them expected. The competitive strengths many banked on in a pre-pandemic world aren’t as relevant as having a steady pipeline of new apps, platforms, and digital channels are. It’s creating a paradox for DevOps: on the one hand, they’re expected to deliver perfect code, and on the other, it needs to be delivered in record time. Pre-pandemic, a typical DevOps team in a $500M+ enterprise has over 200 concurrent projects in progress, with over 70% dedicated to safeguarding and improving customer experiences according to IDC. Today, there are up to 2X more projects, and up to 80% are focused on cybersecurity.
No organization is perfect at DevOps today. Everyone is at various stages of maturity and growth. The pandemic puts a lot of pressure on DevOps teams to get their code right quickly and into a released app in record time. LogicMonitor must see it in their customer base every day. The trade-offs DevOps teams have to make for speed versus quality – and even security – when pushing out a release are real and often tend to overlook diagnostics. That’s why the Airbrake acquisition makes so much sense today. LogicMonitor bought Airbrake to help DevOps teams do what they do best.
The often-quoted Boston Consulting Group (BCG) article, Going All In With DevOps, illustrates the typical pressure DevOps is under to perform, including catching bugs early, solving them, and getting code into test and deployment. According to Airbrake, 73% of their DevOps customers are pushing code multiple times per week – and many said they were deploying code “multiple times per day.” What makes Airbrake a perfect fit for LogicMonitor is how their developer-centric application error and performance monitoring service provides detailed diagnostics beyond the first layer of a bug or problem. In the context of the BCG graphic below, LogicMonitor buying Airbrake gives DevOps teams the diagnostics they need to move faster through error detection and into the test, deploy and release phases.
36% of DevOps team members are struggling to keep up with increased dev speeds and demands, according to Checkmarx’s survey.
55% of DevOps team members have taken on more security responsibility during the pandemic, according to Checkmark’s survey.
DevOps teams are struggling to keep up with their workloads today. LogicMonitor believes that by automating more monitoring processes and providing deeper contextual data and insight, DevOps teams can improve their response times and quality.
Automation pays off with more efficient continuous integration and deployment (CI/CD) cycles across DevOps teams, speeding up time-to-market and improving software quality in the process. Buying Airbrake extends LogicMonitor into developer environments and enables their shared customers to gain visibility into CI/CD workflows while reducing risk and ensuring every code release meets customer expectations. The following graphic illustrates how the CI/CD pipelines support DevOps. The more efficient continuous integration, testing, delivery, and operations, the more code releases DevOps can deliver at a higher quality, on time, and to customers’ expectations.
Source: Deloitte, DevOps Point of View, An Enterprise Architecture perspective, Amsterdam, 2020
The best aspect of LogicMonitor acquiring Airbrake is how practical, pragmatic, and immediately useful their vision of providing unified observability is in supporting DevOps teams under pressure to perform today. Airbrake is LogicMonitor’s second acquisition in just over a year, having also acquired Stockholm-based log analytics company Unomaly in January 2020. LogicMonitor’s Airbrake page provides additional information.
The Pharma industry has lost $14 billion through Intellectual Property (IP) cyber theft worldwide, according to the United Kingdom Office of Cyber Security and Information Assurance.
53% of pharmaceutical IP thefts and related breaches are carried out by someone with insider access, also according to the United Kingdom Office of Cyber Security and Information Assurance.
The pharma industry’s average total cost of a data breach is $5.06 million, with one of the highest costs of remediating the breach at $10.81 million across all industries, according to a recent ProofPoint study.
Over 93% of healthcare organizations experienced a data breach in the past three years, and 57% have had more than five data breaches, according to the Cybersecurity Ventures 2020 Healthcare Cybersecurity Report.
Gartner predicts the privileged access management (PAM) market will grow at a compound annual growth rate (CAGR) of 10.7% from 2020 through 2024, reaching $2.9 billion by 2024.
Bottom Line: Having developed COVID-19 vaccines in a fraction of the time it takes to create new treatments, pharmaceutical companies need to protect the priceless IP, supporting data, and supply chains from cyberattacks.
Showing how powerful global collaboration between pharmaceutical industry leaders can be, the world’s leading vaccine producers delivered new vaccines in record time. The IP behind COVID-19 vaccines and their supporting supply chains need state-of-the-art protection comprised of cybersecurity technologies and systems, as the vaccines’ IP is an asset that cyber attackers have already tried to obtain.
Pharmaceutical’s Growing Number of Threat Surfaces Make Cybersecurity a Priority
The report provides specifics about how cyber attackers could impersonate an executive from a Chinese biomedical company known for having end-to-end cold chain expertise, which is essential for delivering vaccines reliably. The cyber attackers conducted spear-phishing attacks against global companies who support the global cold chain needed for distributing vaccines. There were credential harvesting attempts against global organizations in at least six countries known today to access vaccine transport and distribution sensitive information.
Launching a phishing campaign with the goal of harvesting details on key executives and access credentials across the cold chain is just the beginning. According to Lookout’s Pharmaceutical Industry Threat Report, some of the most significant threat surfaces are the most problematic today, including the following:
Research & Development & Clinical Trials
Collaborative research teams across pharmaceutical manufacturers globally
Scientists creating initial compounds and completing primary research to define a vaccine.
Integration of study sites at the test device and reporting system level
Manufacturing and Distribution
Plant workers’ systems, including tablets with build instructions on them
Physician & Pharmacist Networks
Distribution Channels and their supporting IT systems
Cyber attackers are taking a more synchronized, multifaceted approach to attacking Covid-19 supply chains, reiterated in CISA’s report. There’s evidence that state-sponsored cyber attackers attempt to move laterally through networks and remain there in stealth, allowing them to conduct cyber espionage and collect additional confidential information from victim environments for future operations. Cyber attackers are initially focused on phishing, followed by malware distribution, registration of new Covid-specific domain names, and always looking for unprotected threat surfaces.
10 Ways Cybersecurity Can Protect COVID-19 Vaccine Supply Chains
By combining multiple cybersecurity best practices and strategies, pharmaceutical companies stand a better chance of protecting their valuable IP and vaccines. Presented below are ten ways the pharmaceutical industry needs to protect the COVID-19 vaccine supply chain today:
Prioritize Privileged Access Management (PAM) across the vaccine supply chain, ensuring least privilege access to sensitive data starting with IP. CISA’s note finds that there have been multiple attempts at capturing privileged credentials, which often have broad access privileges and are frequently left standing open. PAM is needed immediately to institute greater controls around these privileged accounts across the supply chain and only grant just enough just-in-time access to sensitive IP, shipping and logistics data, vaccination schedules, and more. Leaders include Centrify, which is noteworthy for cloud-based PAM implementations at the enterprise and supply chain levels. Additional vendors in this area include BeyondTrust, CyberArk, Ivanti, Thycotic, Ping Identity, and Senhasegura.
Assess every supplier’s security readiness in vaccine supply chains, defining minimum levels of compliance to security standards that include a single, unified security model across all companies. In creating a secured vaccine supply chain, it’s imperative to have every supplier network member on the same security model. Taking this step ensures accountability, greater clarity of roles and responsibilities, and a common definition of privileged roles and access privileges. Leaders in this area include BeyondTrust, Centrify, CyberArk, Ivanti, and Thycotic.
Taking a Zero Trust-based approach to secure every endpoint across the vaccine manufacturer’s R&D, Clinical Trials, Manufacturing, and Distribution networks is necessary to shut down cyber attackers taking advantage of legacy security weaknesses approaches. The pharmaceutical companies and myriad logistics providers see a much faster than the expected proliferation of endpoints today. Trusted and untrusted domains from legacy server operating systems are a time sink when it comes to securing endpoints – and proving unreliable despite the best efforts that Security Operations teams are putting into them. Worst of all, they leave vaccine supply chains vulnerable because they often take an outdated “trust but verify” cybersecurity approach. Leaders include Illumio, Ivanti (MobileIron), Cisco, Appgate, Palo Alto Networks, and Akamai Technologies.
Extend the Zero Trust framework across the entire supply chain by implementing microsegmentation and endpoint security requirements across all phases of the vaccine’s development cycles. This will ensure cyber attackers don’t have the opportunity to embed code to activate later. The goal is to push Zero Trust principles to all related processes integrating with the vaccines’ pipeline, including all dependencies across the entire development lifecycle.
Incorporating Multi-Factor Authentication (MFA) across every system in the vaccine supply chain is a given. Usernames and passwords alone are not enough, and MFA is low-hanging fruit to authenticate authorized users. MFA is based on two or more factors that can authenticate who you are based on something you know (passwords, PINs, code works), something you have (a smartphone, tokens devices that produce pins or pre-defined pins), or something you are (biometrics, facial recognition, fingerprints, iris, and face scans). For example, Google provides MFA as part of their account management to every account holder and has a thorough security check-up, which is useful for seeing how many times a given password has been reused.
Alleviate the conflicts of who will pay for increasing cybersecurity measures by making supplier-level security a separate line item in any CISOs and CIO’s budget. Today certain pharma supply chain CISOs are expected to ramp up cybersecurity programs with the same budget before Covid-19. While there are slight increases in cybersecurity budget levels, it’s often not enough to cover the higher costs of securing a broader scope of supply chain operations. CISOs need to have greater control over cybersecurity budgets to protect vaccine IP and distribution. Relying on traditional IT budgets controlled by CIOs isn’t working. There needs to be a new level of financial commitment to securing vaccine supply chains.
Consider using an AIOps platform adept at unifying diverse IT environments into a single, cohesive AI-based intelligence system that can identify anomalous network behavior in real-time and take action to avert breaches. Based on conversations with CIOs across the financial services industry, it is clear they’re leaning in the direction of AIOps platforms that provide real-time integration to cloud platforms combined with greater control over IT infrastructure. LogicMonitor’s prioritizing IT integration as a core strength of their platform shows, as they have over 2,000 integrations available out of the box. Relying on Collectors’ agentless system, LogicMonitor retrieves metrics such as cloud provider health and billing information. This collector then pulls metrics from different devices using various methods, including SNMP, WMI, perf Mon JMX, APIs, and scripts.
Unified Endpoint Security (UES) needs to become a standard across all vaccine supply chains now. Vendors who can rapidly process large amounts of data to detect previously unknown threats are needed today to stop cyberattacks from capturing IP, shipment data, and valuable logistics information. Absolute Software’s approach to leveraging its unique persistence, resilience, and intelligence capabilities is worth watching. Their approach delivers unified endpoint security by relying on their Endpoint Resilience platform, which includes a permanent digital tether to every enterprise’s endpoint. Absolute is enabling self-healing, greater visibility, and control by having an undeletable digital thread to every device. Based on conversations with their customers in Education and Healthcare, Absolute’s unique approach gives IT complete visibility into where every device is at all times and what each device configuration looks like in real-time.
Pharma supply chains need to have a strategy for achieving more consistent Unified Endpoint Management (UEM) across every device and threat surface of the vaccine supply chain. UEM’s many benefits, including streamlining continuous OS updates across multiple mobile platforms, enabling device management regardless of the connection, and having an architecture capable of supporting a wide range of devices and operating systems. Another major benefit enterprises mention is automating Internet-based patching, policy, configuration management. Ivanti is the global market leader in UEM, and their recent acquisition of Cherwell expands the reach of their Neurons platform, providing service and asset management from IT to lines of business and from every endpoint to the IoT edge. Neurons are Ivanti’s AI-based hyper-automation platform that connects Unified Endpoint Management, Security, and Enterprise Service Management. Ivanti is prioritizing its customers’ needs to autonomously self-heal and self-secure devices and self-service end-users.
Track-and-traceability is essential in any vaccine supply chain, making the idea of cyber-physical passports that include serialization for vaccine batches more realistic given how complex supply chains are today. Passports are an advanced labeling technology that provides the benefits of virtual tracking, verification of specific compounds, and yield rates of key materials. Serialization is a must-have for ensuring greater traceability across vaccine supply chains proving effective in stopping counterfeiting. Having digital passports traceable electronically can further help thwart cyber attackers.
By closing the cybersecurity gaps in vaccine supply chains, the world’s nations can find new, leaner, more efficient processes to distribute vaccines and protect their citizens. It’s evident from the results achieved so far in the U.S. alone that relying on traditional supply chains and means of distribution isn’t getting the job done fast enough, and cyber attackers are already looking to take advantage. By combining multiple cybersecurity tactics, techniques, and procedures, the vaccine supply chain stands to improve and be more secure from threats.
Bottom Line: Bad actors quickly capitalize on the wide gaps in machine identity security, creating one of the most breachable threat surfaces today.
Why Machines Are the Most Challenging Threat Surface To Protect
Forrester’s recent webinar on the topic, How To Secure And Govern Non-Human Identities, estimates that machine identities (including bots, robots and IoT) are growing twice as fast as human identities on organizational networks. Forrester defines machine, or non-human, identities as robotic process automation (bots), robots (industrial, enterprise, medical, military) and IoT devices.
The webinar points out that one of the fastest-growing automation types is software bots, with 36% used in finance and accounting, 15% used in business line and 15% in IT. The webinar also points out that in 2019, there were 2.25 million robots in the global workforce, twice as many as in 2010 and 32% of global infrastructure decision-makers expect their firms to use robotic process automation (RPA) over the next 12 months.
According to the Forrester Consulting white paper, Securing The Enterprise With Machine Identity Protection, over 50% of organizations find it challenging to protect their machine identities today. Unprotected machine identities are making it easy for bad actors to take control of entire networks of devices. Bad actors rely on organizations’ bots to provide the cover they need to attack networks and devices, often undetected for months or years.
Forrester found that machine identities are left exposed to bad actors because organizations aren’t adopting the tools they need to create and manage a centralized Identity Access Management (IAM) strategy across all machines. This includes defining and enforcing policies, auditing each machine and endpoint and better integrating support across machines and monitoring systems.
Furthermore, by adopting a more modern Privileged Identity Management (PIM) approach, organizations could solve many of these challenges. Leading PIM solutions providers include Centrify, which has succeeded in adapting to the ephemeral nature of securing machine identities by delivering machine identity and credential authentication based on a centralized trust model.
The Forrester report’s bottom line is that machines are isolated, exposed and more vulnerable than any other endpoint on a network. The following graphic compares protection strategies and finds a majority of organizations struggling to deliver them:
Machine Identities Are Networks’ Weakest Security Link
According to a Venafi study, machine identity attacks grew 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019. Malware capable of compromising machine identities continues to gain momentum, doubling between 2018 and 2019 and growing 300% over the five years leading up to 2019. According to Kount’s 2020 Bot Landscape and Impact Report, 81% of enterprises are regularly dealing with malicious bots today and one in four say a single bot attack has cost them $500,000 or more. Furthermore, many organizations may not realize how many bots and machine identities they have – and bad actors capable of creating hundreds using automated scripting tools.
Forrester provided the following data points underscoring how vulnerable machines are to botnet and identity-based attacks today:
The 2017 Mirai botnet attack is a cautionary tale of the dangers of using default security credentials on machines and IoT devices. Using botnets to automate scans of vast blocks of IP addresses for potential telnet ports to log into, the Mirai botnets were programmed to rapidly try a series of basic usernames and passwords to gain access to IoT devices and machines. The Mirai botnets were successful, gaining control of thousands of machines and orchestrating them to deliver one of the largest DDOS attacks in history.
It’s common for enterprises to lose track of how many bots they’ve created, giving malicious actors the perfect cover to mask their movements. Instead of creating their bots, malicious actors look to disguise their movements across a network with a company’s bots. Forrester’s webinar mentioned how a large North American insurance provider deployed 400 software bots for customer-facing digital chatbots and processing claims, among other tasks.
There’s often no oversight of who has the rights to create and launch bots internally, leading to potentially thousands of bots without secured identities. One of the most troubling findings presented during the webinar is how loose the process is to create a bot – with no checks and balances in place or means of achieving consistent identity management.
How To Strengthen Machine Security
The more challenging any machine threat surface is to protect, the more opportunity it provides bad actors to breach them. A good place to start is by clarifying who owns keeping Transport Layer Security (TLS) and previous-generation Secured-Sockets Layer (SSL) client and server certificates, code signing certificates, Secure Shell (SSH) host and cryptographic keys so they are kept up to date. Letting those fall through the cracks will leave thousands of machines exposed and exploitable on networks.
Prioritizing machine identities and securing machine credentials is a must-have in 2021, as botnet attacks are quickly increasing due to bad actors’ being able to spin up thousands of them in days. The following are key steps to get started:
Taking a Zero Trust approach to managing every machine identity authentication on a network now could save thousands of hours and dollars in the future. Taking a least privilege access approach to managing machines now will pay off in the future, as the workloads of machines and non-human entities continue to grow more complex. The Forrester webinar expands on this point by explaining how new, more complex inter-machine relationships are evolving quicker than legacy approaches to endpoint governance and security can keep up.
Privileged access controls need to be more adaptive, secure and scalable than many organizations’ static-based approaches to securing machines are today. Forrester recommends replacing long-standing hardcoded credentials with session-based ones assigned via API calls from a vault. Machines are being used 24/7 and have access patterns completely different from humans using the network, making dynamically-assigned, ephemeral credentials even more important to protect a network. Privileged Identity Management (PIM) proves effective at providing privileged access controls for machine identities, with Forrester mentioning Centrify, HashiCorp and others as leaders in this area. Centrify’s approach is noteworthy in enrolling machines with its platform via a client to establish a trust relationship, so applications running on that machine can also be authenticated using a short-lived, scoped token.
Monitoring more machines on a network often leads to a transition from legacy to integrated log monitoring systems that can capture, analyze and report anomalous activity across a network. Log Monitoring systems are proving invaluable in identifying machine endpoint configuration and performance anomalies in real-time. AIOps is proving effective in identifying anomalies and performance event correlations in real-time, contributing to greater business continuity. One of the leaders in this area is LogicMonitor, whose AIOps-enabled infrastructure monitoring and observability platform have proven successful in troubleshooting infrastructure problems and ensuring business continuity.
Perform periodic audits to track all bots and machines in use across an organization, using Microsoft Active Directory to inventory and manage all of them. One of the most valuable take-aways from the Forrester webinar is the need to manage machine identities and their credentials centrally. Forrester mentions Microsoft Active Directory as one option. The companies providing services in this area include Centrify, which pioneered Active Directory bridging to authenticate human and machine identities based on a centralized model from a single identity repository.
Machines, or as Forrester calls them in their webinar, non-human identities require more precise, adaptive and ephemeral identity structures and access controls. CISOs and CIOs need to take greater ownership of machine identity authentication and provide Identity Access Management (IAM) and Privileged Access Management (PAM) down to the bot and non-human identity level. With the exponential growth of malicious bots tracking machine identities, now is the time to place machine identities among the highest priority of any cybersecurity strategy in 2021.
Bottom Line: Capitalizing on AI and machine learning’s inherent strengths to create contextual intelligence in real-time, LogicMonitor’s early warning and failure prevention systems reflect where AIOps is delivering results today.
LogicMonitor’s track record of making solid contributions to their customers’ ability to bring greater accuracy, insight, and precision into monitoring all IT assets is emerging as a de facto industry standard. Recently I was speaking with a startup offering Hosted Managed Services of a variety of manufacturing applications, and the must-have in their services strategy is LogicMonitor LM Intelligence. LogicMonitor’s AIOps platform is powered by LM Intelligence, enabling customers’ businesses to gain early warning into potential trouble spots in IT operations stability and reliability. LogicMonitor does the hard work for you with automated alert thresholds, AI-powered early warning capabilities, customizable escalation chains, workflows, and more.
Engineers who are working at the Hosted Managed Services provider I recently spoke with say LM Intelligence is the best use case of AI and machine learning to provide real-time alerts, contextual insights, discover new patterns in data, and make automation achievable. The following is an example of the LM Intelligence dashboard:
How LogicMonitor’s Architecture Supports AIOps
One of the core strengths LogicMonitor continues to build on is integration, which they see as essential to their ability to excel at providing AIOps support for their customers. Their architecture is shown below. By providing real-time integration to public cloud platforms, combined with control over the entire IT infrastructure structure along with over 2,000 integrations from network to cloud, LogicMonitor excels at unifying diverse IT environments into a single, cohesive AIOps-based intelligence system. The LogicMonitor platform collects cloud data through our cloud collectors. These collectors retrieve metrics such as the cloud provider health and billing information by making API calls to the cloud services. The collector is a Windows Service or background process that is installed in a virtual machine. This collector then pulls metrics from the different devices using a variety of different methods, including SNMP, WMI, perf Mon JMX, APIs, and scripts.
Using AIOps To Monitor, Analyze, Automate
LogicMonitor has created an architecture that’s well-suited to support the three dominant dimensions of AIOps, including Monitoring, Analytics (AIOps), and Automating. Their product and services strategies in the past have reflected a strong focus on Monitoring. The logic of prioritizing Monitoring as a product strategy area was to provide the AI and machine learning models with enough data to train on so they could identify anomalies in data patterns faster. Their 2018/2019 major releases in the Monitor area reflect how the unique strength they have of capturing and making use of any IT asset that can deliver a signal is paying off. Key Monitor developers recently include the following:
Public Cloud Monitoring
LogicMonitor’s core strengths in AIOps are in the Anomaly Detection and Early Warning System areas of their product strategy. Their rapid advances in the Early Warning System development show where AIOps is delivering solid results today. Supporting the Early Warning System, there are Dynamic Thresholds and Root Cause Analysis based on Dependencies as well.
The Automate area of their product strategy shows strong potential for future growth, with the ServiceNow integration having upside potential. Today Alert Chaining and Workflow support integrations to Ansible, Terraform, Slack, Microsoft, Teama, Putter, Terraform, OpsGenie, and others.
LogicMonitor’s platform handles 300B metrics on any given day and up to 10B a month, with over 28K collectors deployed integrated with approximately 1.4M devices being monitored. Putting AI and machine learning to work, interpreting the massive amount of data the platform captures every day to fine-tune their Early Warning and Failure Prevention Systems, is one of the most innovative approaches to AIOps today. Their AIOps Early Warning System is using machine learning Algorithms to fine-tune Root Cause Analysis and Dynamic Thresholds continually. AIOps Log Intelligence is also accessing the data to complete Automatic Log Anomaly Detection, Infrastructure change detection, and Log Volume Reduction to Signal analysis.