Performance matters: integrating application performance management with security policy management

We blogged recently about a new capability in AlgoSec’s solution which enables security teams to tag the applications that are critical to their business, to ensure that the connectivity and traffic flows serving those applications are continually monitored.  Then if anything affects the applications’ connectivity, AlgoSec will automatically alert the security team so that the issue can be prioritized for urgent remediation.

This is also a key step in linking security processes with application performance management (APM).  Here, I will explore how security policy management can support an organization’s APM efforts, to accelerate triaging of application performance issues and minimize business disruption.

APM solutions use a range of techniques to monitor transaction speeds  and response times to user requests, to ensure that key applications are delivering the levels of performance, availability and user experience that the business expects and needs.

As part of their functions, APM solutions will also monitor network connectivity and how this is affecting application performance.  Typically, these checks include monitoring whether the relevant networking equipment is powered on, if it is allowing traffic at the expected speeds, and that servers are operating with adequate memory and storage resources to support the applications.

If any of these performance indicators turn from green to red, the APM system will trigger an alert that indicates the type and source of the problem.  For example, a network device might experience a component failure; a server might be out of resources; there may have been a power outage, or even a natural disaster.  The list goes on.

Security matters

However, another possible cause of application performance problems or outages is a security issue.  For example, a change could have been made to a rule or policy on a filtering device in the network, resulting in that device blocking the traffic that a critical application relies on.  And because of the siloed structure in many organizations, in which security teams work separately from application teams, APM systems often have very little visibility into security policies.

Many APM tools include application and topology views, but these are usually basic, and may not include the security devices associated with the network flows.  Even if the the APM system is monitoring the health of a network firewall, the level of that monitoring will be at a very basic level. In other words, the firewall may appear to be operating normally, according to the APM tool, but it could in fact be blocking traffic that an application requires to function.

As such, there’s a gap between the value provided by an APM system in terms of identifying the performance of IT equipment, and the value that the system could provide in terms of identifying connectivity problems that are caused by changes to security rules and policies.

Integrating security and performance monitoring

In my opinion this gap can be easily bridged by integrating the APM with a network security policy management. Through such an integration, when the APM system identifies that important traffic is not getting through and causing application performance issues or failures, the security policy management solution can quickly identify whether or not the traffic is being blocked by the security infrastructure.

If a security rule change has impacted application performance or connectivity, the security team can be immediately alerted to fix the problem.  Alternatively, if the security policy management solution’s connectivity check comes back ‘green’, then the application and IT teams can look for other possible causes of the problem, such as hardware or database failures, or power supply issues.

The integration between APM and Network Security Policy Management tools also enriches the APM topology network layer with additional information such as routing, and allowed or blocked network traffic routes.  This allows application owners using the APM tool to get additional information regarding policy risks and vulnerabilities associated with their applications, including recommendations of how to fix these issues.

The result of integrating APM with security policy management is the ability to triage and resolve both outages and performance issues faster – helping to ensure that the applications which drive the business continue to work at maximum speed.