The Cybersecurity Defenders Podcast #264 - Defender Fridays: Dive into SaaS Intrusion Trends with Julie Agnes Sparks from Datadog
Nov 7, 2025
Julie Agnes Sparks, a security engineer at Datadog, brings her expertise in detection engineering and SaaS threat hunting to the table. She discusses the rising incidence of SaaS breaches and the critical need for effective audit logging. The conversation dives into the challenges of inconsistent vendor logs and typical incident workflows that hinder visibility. Julie also highlights notable attack patterns like identity provider pivoting and the role of AI in enhancing detection strategies, making a case for clearer audit log quality to combat evolving threats.
AI Snips
Chapters
Transcript
Episode notes
SaaS Is A Primary Attack Vector
- Attackers increasingly target critical SaaS apps to steal data and credentials, then pivot to other services.
- Prioritizing SaaS detection and logging is essential because cloud focus alone misses this risk.
Costly Gaps In SaaS Audit Logs
- Julie described an incident where Salesforce logs were unavailable because they didn't pay for them and retroactive access cost thousands.
- That gap forced teams into painful IR blind spots and delayed response.
Enforce Logging In Procurement
- Tie security operations into procurement so logging requirements and costs are evaluated before purchase.
- Require logging standards or budget for audit data as part of vendor selection.