Discovery
Main purpose of discovery
Identify challenges, gaps, problems, pain points, etc.
Do we need to show everything we offer, every time?
False
Unlike Dynatrace's passive continuous runtime security approach that operates with minimal overhead in production, this black box testing security tooling typically consumes significant resources and is avoided in live environments due to performance impact.
What are DAST Tools
When SecOps teams say "Dynatrace can't integrate with our SIEM or provide the security context we need," this response shows why our runtime visibility actually enhances their security operations.
What is "We make your SIEM alerts actionable with real-time application context and attack details that security-only tools can't provide"
Dynatrace’s convergence of observability and application security gives this security executive a clear case for reducing tool sprawl and improving operational efficiency. Which Persona would this align with?
Who is the CISO or Head of Cybersecurity
Asking a customer how they decide which vulnerabilities to fix first aligns with what differentiator?
What is Davis Security Advisor
In Dynatrace filtering vuln findings by ‘public exploit available’ plus ‘internet-facing process’ illustrates the power of this AI-driven risk lens.
What is the Davis Security Advisor / Contextual prioritization
This legacy computing architecture has been largely phased out across the technology industry, with major vendors including us at Dynatrace, Microsoft, Intel, and enterprise software companies discontinuing support. (Hint: .Net)
What are 32-bit processes?
An advantage we have over Crowdstrike's EDR is we are deeper than binary layer
True
What persona/leader are CISO's increasingly reporting to?
CIO
Asking "What's your biggest challenge in prioritizing which production security issues to fix first?" instead of "what are you doing for security" accomplishes these two key discovery objectives.
What are identifying specific pain points and uncovering business impact
During the Demo, what is this single component that auto-instruments apps, collects observability data, and finds vulns—no code changes required.
What is the Dynatrace OneAgent
RAP blocks active exploitation of code-level vulnerabilities by using this technique that immediately stops malicious execution when dangerous functions are called with suspicious parameters.
What is runtime exception for function call?
What feature allows customers to query mass amounts of data to find ad-hoc answers up to 3X-5X more efficiently?
What is Security Investigator
Dynatrace helps this persona shift left and right - embedding security into pipelines while surfacing runtime risk post-deployment.
Who is DevOps / Security Engineering
This discovery sequence: "What's your biggest challenge in detecting and responding to attacks targeting your production applications?" followed by "What would success look like?" then "What tools do you currently use?" accomplishes this strategic objective.
What is uncovering business value/pain before diving into technical details
By the end of the demo, the prospect should be clear around these two critical elements that drive purchasing decisions rather than just understanding product features.
How Dynatrace fits into their existing security program/process and the unique value of runtime security
When customers say "We have thousands of vulnerabilities but don't know which ones are actually exploitable in our running applications," this Dynatrace capability provides automated risk assessment by analyzing actual data access paths and production execution.
What is Runtime Vulnerability Analytics (RVA)?
When customers inquire about blast radius, what can we show them?
What is Smartscape
This persona typically does not know what a trace/span is or why applciation layer traffic is useful for their team.
What is SecOps
There are three categories of gaps that we can identify during discovery
Technological (platform), Operational (process), Content (analytics)
When a prospect asks "How complex is the implemenentation?" this demo response leverages the fact that observability agents already provide the mechanism needed for runtime security insights.
"OneAgents are already deployed so you just enable security features with zero application changes"
"Our security configurations are inconsistent and we can't keep up with compliance requirements" - this operational challenge is solved by this Dynatrace management capability.
What is Security Posture Management (SPM)?
Dynatrace tackles the ‘cloud alert overload’ problem by adding application context that pure CNAPP or network CDR tools lack. Name this converged category.
What is Cloud Application Detection & Response (CADR)?
"We need to demonstrate to our board and auditors that we're effectively managing application security risks and can report on our security posture," this persona represents a key stakeholder who benefits from Dynatrace's continuous compliance and risk visibility capabilities
GRC/Risk Management