Hello everyone. I'm Chita Eshi and I'm principal Product Manager working on the cybersecurity industry. I have close to eight years of experience working as a product manager, mainly in the cybersecurity space. In the last couple of years, the importance of edge computing has grown significantly. With the increase in edge computing, the security risk have also gone up. So today I'm here to talk about the importance of observability to ensure edge devices are secure. So let's get started. Before talking about the security challenges associated with edge computing, let's talk about why edge market size is increasing significantly. First of all when all the applications are running on the cloud, either public cloud or private cloud. The latency between the application and the cloud is significantly higher. However, if all those applications start running on the edge, that reducing, that reduces the network latency significantly to mere millisecond. As a result, applications that need near real time response are better suited for edge computing. Second of all, operational efficiency. Imagine a situation where your critical applications are running in the public. One, if the internet goes down, let's take an example of a self-driving car. Let's say self-driving car is running in the remote location where there is a limited internet connectivity. What happens in that situation? If there is a critical decisions that need to be made by the self-driving car, without the internet connectivity, it won't be able to make the right decision, and that is where the importance of edge computing really matters. With edge computing, even if the internet connection is lost for the timing, the application or the device will continue to function as it is. Ensuring the operation resiliency as well as efficiency. Last thing is the reduced bandwidth. Imagine all the applications running in the public cloud. Then there will be a significant data transfer between the application running on the edge and rest of the database running, or the rest of the applications running on the cloud that will require significant ban bandwidth consumption. With edge computing, a lot of the data processing happens locally, which results in reduction in the bandwidth required. Just now let's talk about the US Edge computing market. As of 2025, the US Edge computing market is already over one $60 billion. However, by 2034, it is expected to go. As high as $1.5 trillion, which is a growth of 25% year over year, between 2025 and 2034. Because of this high growth, the importance of edge computing as well as security associated with the Edge computing devices is increasing day by day. Let's talk about the security challenges associated with the Edge devices. First of all, edge devices operate outside the traditional network boundaries. Today, most of the applications are running on the public cloud. However, there are some applications which are still running on the private cloud. Now, edge computing devices operate outside this network boundary. As a result, the traditional monitoring tools that are monitoring. Cloud applications as well as the hybrid or on-prem applications, they are oblivious to what is happening on the edge devices. Secondly, limited visibility. The legacy monitoring system usually lack the ability to detect edge specific threats, compromises, or if there are any unusual behavior in the edge devices. Now because of that, attacker can take advantage of this edge devices and then they can treat edge devices as an entry point to get inside the network. Once they are inside the network edge devices are obviously talking to rest of the applications running on public and private cloud as well, right? Bad actors can take advantage of this situation and once they are inside the network, they can penetrate the threats to the rest of the organization. And that is why observability is so important for all the applications running on the edge because of these threat challenges on the edge devices. The threat landscape of the edge devices has gone up significantly in the last couple of years. According to one of the recent studies, 45, 40 5% of the organizations have experienced at least one significant edge security incident in last one year. Here are some of the ways that attackers attack the edge device network. First of all, the network mentioned in the previous slide. Lot of times edge devices have limited CPU and memory. As a result. There is always a compromise between the fast response and the security capability. Now, lot of times because for edge devices, speed is really important. Lot of times network security teams or a security team end up compromising on the security capabilities of the Edge devices. Now attacker can take advantage of this situation to make edge device as an entry point for their attack. Attack. Once the edge device is infected, attacker will try to. Move their threats or mal malware laterally to the rest of the organization, to the cloud devices or on-prem devices. As a result, edge devices need to be secured all the time. The second is data breaches. Many times the edge devices are not properly secured. There is a lack of observability on the behavior of the edge devices. And many times, many of these edge devices have unencrypted data. As a result, they become the easy target for the bad actors, and once bad actors have the access to the edge devices, they can easily exfiltrate the rest of the network has. Finally, third thing is the DDoS attack. The edge devices have limited capability. To protect against attacks which are sophisticated in nature. With the beginning of AI era, botnets are often designed to create the DDoS attacks. Considering the edge devices have limited capability to protect against such attacks, on top of that edge devices are not properly secured from time to time. Edge devices are especially vulnerable to DDoS attacks. Because of this increased threat landscape for the Edge devices, it is important to continuously observe the edge devices for their normal behavior so that we can identify the difference between the known normal behavior and the attack. And on top of that, it is important to secure the edge devices because they are the extension of the existing network. All the existing applications running on public cloud and privately private. Next, let's talk about the importance of observability for your edge devices. In order to identify the attack or the malicious activity for the edge devices, it is really important to continuously monitor the edge devices in real time in order to do that. Re edge devices should be equipped with smaller micro agents, which will be able to detect the behavior of the edge devices along with the CPU and memory footprint of the applications based on the subtle differences, indifferent signals, along with CPU and memory utilization, the observability tool. Should be able to detect any suspicious activity or unusual behavior. For the Edge devices, this is applicable not only for a single Edge device, but this should be implemented across all the Edge devices as well. And with Observate observability tool, you should be able to correlate these signals, these metrics across different edge devices. So that you can identify the attack in real time. Once the attack or the unusual behavior is identified, there should be a automated process or automated defense mechanism so that rather than waiting for the manual intervention, the observability tool or the security devices should be able to take the necessary corrective action within milliseconds. So that Compromise device is isolated, and that will ensure that threats are not moving laterally to the rest of the organization. Now that we covered how to implement observability tools and monitoring tools for your edge devices in your architecture, let's talk about the impact of implementing observability for your edge devices. Here is the case study of the large. Automotive manufacturing plant. This particular customer implemented edge security monitoring for three straight months. Within three months, they were able to reduce the incident escalations by 78%. Secondly, they were able to identify 89% of the. Unauthorized access attempts between the edge system and the core infrastructure that resided on public and private cloud. Third advantage was they were able to identify 80% of the critical security anomaly within literally their first hour of deploying the Observa observability tool on their edge devices. The end result was that after introducing observability and monitoring tools for their edge device, they were able to reduce MTDD, which is mean time to detection from 1 97 hours to only four hours, which was a significant improvement on on how they were implementing edge security for their environment. Before talking about how to implement observability and monitoring for your edge devices, let's talk about how to secure edge devices because monitoring and observability are just a starting point. So here are some ways, first of all, continuous authentication. So all the devices and all the users should be authenticated all the time. The normal policy would be, verify everything, trust nothing. And this aligns with the zero trust architecture as well. The second most important thing to do is provide the least privilege enforcement. Basically, if an employee is requesting an access to any particular resources, either on the edge device or on the public cloud. We should be providing minimum privileges to that employee to get the work done. More the privileges for that person, the higher the chance that if the vulner, if that particular user is compromised, it'll in impact or infect the rest the other parts of the infrastructure as well. Third important thing to do is implement the micro segmentation. What microsegmentation is to divide the network, either on the edge or on the cloud, into different subsections so that even if one of the devices either on the edge or on the cloud are infected, it won't, the threat won't spread to the rest of the infrastructure easily so that you can minimize the impact of the breach. And third or the last important thing is to implement the runtime protection. Even after implementing all these policies, there are chances that your applications running are impacted by unpatched and unknown vulnerability. One example I would like to give here is the log four J vulnerability. Log four J. Vulnerability was detected in the software in December, 2021. Even though it existed in a software for seven plus years. So even after implementing all the right measures, it is possible that you might be impacted by unpacked and unknown vulnerabilities, and to protect against those, you need to have the runtime security protection in place. So here are the steps you can take to secure your edge devices. Please note that monitoring is just the first step You need to implement these additional measures to ensure your edge devices and the rest of the infrastructure are secure from the malware and the bad actors. Before talking about how to implement monitoring and observability for your edge devices, let's think about our overall goal. In the large organization you would have. The devices across devices and applications across all different environments. Lot of the organizations today would have applications running on cloud. That includes AWS or Jaw, GCP, and some of the other cloud providers as well. They would also have some applications running on premises system like Red Hat, OpenShift, ESXI, and others. On top of that, they will have the Network, secu Network fabric. From which all the data is being transferred from one place to the other. So all these things have to be secured properly. On top of that, there should be an end-to-end visibility and monitoring across all these different infrastructure, including cloud, infrastructure, on-prem, and network fabric. Additionally. Lot of the companies are starting to have the edge devices on top of that manufacturing plant. Also have the IOT devices, which are monitoring different parts of the plant. And then they are providing the critical data all the time. So in order to get end-to-end visibility across the entire environment, it is really important that observability across all these different tools are integrated so that you can get. Complete visibility into your infra entire in infrastructure, irrespective of whether your applications are running on public cloud, private cloud, on premises, on IOT devices, and so on. And once you correlate this data from D coming from different devices, then only you will be able to have centralized visibility, centralized monitoring, and that will help you enhance your security capability in the long run. Finally, let's talk about how to implement and introduce monitoring and observability for your edge devices. First of all, start with the assessment. Identify all the edge devices and critical vulnerabilities or point of vulnerability that you think that are part of your edge device. Second point would be to identify the most critical edge device that you want to secure. Once you have identified that, start implementing the observability and monitoring tools for a single edge device. And over time, implement the performance to see how you are able to reduce your mean time to detection. How are you able to ensure reduction in lateral movements of threats as well as other improvements once you have seen significant improvement in your mean time to detection. Also called as MTTD. You can integrate your edge monitoring with the rest of the platform. And the rest of the platform could be running on the public cloud, private cloud, anywhere. That way you can get consolidated single pane of monitoring and observability across your entire environment. Once you feel that you have integrated your single or few of your edge devices with the rest of the platform, the next step and the final step would be expand that to your entire Edge network available anywhere. This will be specifically challenging for the organizations that have edge devices worldwide. So by integrating all the devices worldwide with your entire in rest of the infrastructure that includes public cloud, private cloud, network, fabric, IOT devices, you will be able to get a centralized visibility. And monitoring across your entire devices. And that is the roadmap that we laid out in the previous previous slide. So once you have that visibility, you will be able to completely visualize everything that is going in your environment. And over the long run, you will be able to improve the security posture of your edge devices, as well as your entire infrastructure. With that, I want to thank you for your time. Hope this session was helpful on how monitoring and observability for your edge devices, plays a critical role in securing your edge infrastructure as well as your entire organizations in infrastructure. Thanks a lot and feel free to reach out to me if you have any additional questions. Thank you.