EP96 Cloud Security Observability for Detection and Response

Topics covered:

• Observability sounds cool (please define it for us BTW), but relating it to security has been “hand-wavy” at best. What is your opinion on the relevance of observability data for security use cases? What use cases are those, apart from saving the data for IR just in case?
• How can we best approach observability in the cloud, particularly around network communications, so that we improve security as a result?
• Are there other areas of cloud where observability might be more relevant? Does the massive shift to TLS 1.3 impact this?
• If the Internet is shifting towards an end-user/device centric model with everything as a service (SaaS), how does security monitoring even work anymore? 
• Does it mean the end of both endpoint and network eras and the arrival of the application security monitoring era?
• Can we do deep monitoring of complex applications and app clusters for abuse or should we just focus on identity and profiling?