Sign up to save your podcasts
Or
Share EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
Guest:
- David French, Staff Adoption Engineer, Google Cloud
Topic:
- Detection as code is one of those meme phrases I hear a lot, but I’m not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it?
- What gets better for security teams and security outcomes when you start managing in a DAC world? What is primary, actual code or using SWE-style process for detection work?
- Not every SIEM has a good set of APIs for this, right? What’s a team to do in a world of no or low API support for this model?
- If we’re talking about as-code models, one of the important parts of regular software development is testing. How should teams think about testing their detection corpus? Where do we even start? Smoke tests? Unit tests?
- You talk about a rule schema–you might also think of it in code terms as a standard interface on the detection objects–how should organizations think about standardizing this, and why should they?
- If we’re into a world of detection rules as code and detections as code, can we also think about alert handling via code? This is like SOAR but with more of a software engineering approach, right?
- One more thing that stood out to me in your presentation was the call for sharing detection content. Is this between vendors, vendors and end users?
Resources:
- Can We Have “Detection as Code”?
- Testing in Detection Engineering (Part 8)
- “So Good They Can't Ignore You: Why Skills Trump Passion in the Quest for Work You Love” book
- EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
- EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams
- EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther
- Getting Started with Detection-as-Code and Google SecOps
- Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise
- From soup to nuts: Building a Detection-as-Code pipeline
- David French - Medium Blog
- Detection Engineering Maturity Matrix
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guest:
- David French, Staff Adoption Engineer, Google Cloud
Topic:
- Detection as code is one of those meme phrases I hear a lot, but I’m not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it?
- What gets better for security teams and security outcomes when you start managing in a DAC world? What is primary, actual code or using SWE-style process for detection work?
- Not every SIEM has a good set of APIs for this, right? What’s a team to do in a world of no or low API support for this model?
- If we’re talking about as-code models, one of the important parts of regular software development is testing. How should teams think about testing their detection corpus? Where do we even start? Smoke tests? Unit tests?
- You talk about a rule schema–you might also think of it in code terms as a standard interface on the detection objects–how should organizations think about standardizing this, and why should they?
- If we’re into a world of detection rules as code and detections as code, can we also think about alert handling via code? This is like SOAR but with more of a software engineering approach, right?
- One more thing that stood out to me in your presentation was the call for sharing detection content. Is this between vendors, vendors and end users?
Resources:
- Can We Have “Detection as Code”?
- Testing in Detection Engineering (Part 8)
- “So Good They Can't Ignore You: Why Skills Trump Passion in the Quest for Work You Love” book
- EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
- EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams
- EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther
- Getting Started with Detection-as-Code and Google SecOps
- Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise
- From soup to nuts: Building a Detection-as-Code pipeline
- David French - Medium Blog
- Detection Engineering Maturity Matrix
More shows like Cloud Security Podcast by Google
View all
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
636 Listeners
The Cloudcast
152 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
CyberWire Daily
1,009 Listeners
AWS Podcast
202 Listeners
Click Here
415 Listeners
Cybersecurity Today
166 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cloud Security Podcast
58 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners