EP96 Cloud Security Observability for Detection and Response
33 min •
14 november 2022
Guest:
Jeff Bollinger, Director of Incident Response and Detection Engineering @ Linkedin
Topics:
Observability sounds cool (please define it for us BTW), but relating it to security has been “hand-wavy” at best. What is your opinion on the relevance of observability data for security use cases? What use cases are those, apart from saving the data for IR just in case?
How can we best approach observability in the cloud, particularly around network communications, so that we improve security as a result?
Are there other areas of cloud where observability might be more relevant? Does the massive shift to TLS 1.3 impact this?
If the Internet is shifting towards an end-user/device centric model with everything as a service (SaaS), how does security monitoring even work anymore?
Does it mean the end of both endpoint and network eras and the arrival of the application security monitoring era?
Can we do deep monitoring of complex applications and app clusters for abuse or should we just focus on identity and profiling?