This chapter is about security. Your telemetry systems provide details about how your production systems are operating, which includes a whole host of details that an attacker looking to hide their tracks would rather not be present. Outside attackers seek to prevent telemetry that shows their presence from entering the system. Inside attackers (evil insiders) remove or alter telemetry to hide their activities. Your telemetry systems need to be resilient to both kinds of attacks, which requires multiple defense techniques.
Your goal as a system defender is to prevent alteration wherever possible, and if you can’t do that, make it harder to perform alteration and slow the attacker down. By forcing an attacker to take more time or perform more steps, you increase your chance to catch them before they get too far. When you make alteration harder, attackers leave more traces that they have to modify, which increases the chances that they will miss one. That missed trace may be the key to detecting the attack.