OpenTelemetry traces reveal what logs and metrics miss: the full sequence of an attack. We break down how to use traces as a threat detection tool — from latency-based lie detection to threat graph mapping, smart sampling strategies, and building a security culture around observability.
Show Notes
Traditional logs and metrics catch pieces of an attack, but traces tell the full story. In this episode, we explore how OpenTelemetry traces transform cloud security monitoring by linking events into narratives that expose attacker intent.
Based on a recent article from SEC.co, we cover:
- Why traces deserve a seat at the security table alongside logs and metrics
- Latency as a lie detector — how timing anomalies betray attackers
- Drop-in auto-instrumentation that eliminates developer friction
- Enrichment strategies at the collector layer for faster investigations
- Query tactics: stateful pattern matching, threat graph mapping, and unusual call chain analysis
- Sampling with surgical precision to control costs without creating blind spots
- Storage architecture that balances speed and budget
- Building shared language between security and development teams
- Turning trace data into ML training data for future-proofing
- Why open standards protect your investment
What is SEC.co Podcast ?
A podcast about latest trends, techniques and learnings in cybersecurity and cyberdefense.