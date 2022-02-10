DevSecOps tools vendors such as Dynatrace continue to integrate intellectual property from previously specialized IT management domains, but it's unclear whether these hybrid products will supplant what IT teams already use.

For now, some DevOps pros say new DevSecOps tools, such as Dynatrace's Application Security module, that combine observability data with security automation could add defense in depth alongside existing security automation­ software. Dynatrace launched its Application Security module in late 2020; other observability vendors making forays into SecOps now include Splunk, Elastic, Sumo Logic, Cisco's AppDynamics and Datadog, among many others.

This week, Dynatrace added teeth to the Application Security module's threat detection features with the ability to proactively block detected attacks, beginning in the first release with command and SQL injection attacks. The attacks covered will also include injection attacks that target the Java Naming and Directory Interface, which are associated with the critical Log4j vulnerability discovered in December.

Dynatrace CTO Bernd Greifeneder was clear about the company's intention to promote "NoSOC" -- complete hands-off AIOps automation for security -- where it has previously marketed the concept of "NoOps" in the DevOps realm.

"Dynatrace moved to NoOps already years ago," Greifeneder said in a keynote presentation during the company's Perform virtual event this week. "We want the same autonomous approach with security to protect applications proactively ... because the reality is the world is becoming so complex that you only have two choices -- either you automate or you die."

However, Dynatrace's previous NoOps push didn't extend far beyond its own internal environment -- few mainstream enterprises have chosen to eliminate hands-on IT operations work completely. Similarly, it's likely that "one-stop" DevSecOps tools will find a place amid a mix of products used by enterprises, according to one industry analyst.

"These products can solve problems for DevOps engineers and help give them the confidence to talk to their security teams," said Stephen Elliot, an analyst at IDC. "But when you're coming from a developer or ops point of view and start talking security, even though there's an evolution of who owns what tasks, you might get, 'Whoa, whoa, what are you talking about? This is my turf.'"