Sign up to save your podcasts
Or
Share EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection
Guest:
- Jared Atkinson, Adversary Detection Technical Director at SpecterOps
Topics:
- What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad?
- How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific?
- What should we do to build more good directions? Is this all about reducing false positives?
- Can we really measure false negatives? How can we approach this?
- How can we test for detection goodness in the real world? What are the methods that work? It can’t be just about paper ATT&CK coverage, right?
- What are your top 3 tips for improving the detection practice at an organization?
Resources:
- “The Pyramid of Pain” post by David Bianco
- “On Threat Detection Uncertainty”
- “Detection Coverage and Detection-in-Depth”
- “Detection in Depth” by SpecterOps
- “Philosophy of Science: Rationality Without Foundations" by Karl Popper (yes, really)
- Red Canary “2021 Threat Detection Report”
- "The Black Swan: The Impact of the Highly Improbable" by Nassim Nicholas Taleb
- John Piaget's theory of cognitive development
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guest:
- Jared Atkinson, Adversary Detection Technical Director at SpecterOps
Topics:
- What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad?
- How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific?
- What should we do to build more good directions? Is this all about reducing false positives?
- Can we really measure false negatives? How can we approach this?
- How can we test for detection goodness in the real world? What are the methods that work? It can’t be just about paper ATT&CK coverage, right?
- What are your top 3 tips for improving the detection practice at an organization?
Resources:
- “The Pyramid of Pain” post by David Bianco
- “On Threat Detection Uncertainty”
- “Detection Coverage and Detection-in-Depth”
- “Detection in Depth” by SpecterOps
- “Philosophy of Science: Rationality Without Foundations" by Karl Popper (yes, really)
- Red Canary “2021 Threat Detection Report”
- "The Black Swan: The Impact of the Highly Improbable" by Nassim Nicholas Taleb
- John Piaget's theory of cognitive development
More shows like Cloud Security Podcast by Google
View all
Risky Business
362 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
633 Listeners
The Cloudcast
154 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
CyberWire Daily
1,013 Listeners
AWS Podcast
200 Listeners
Smashing Security
314 Listeners
Click Here
389 Listeners
Cybersecurity Today
162 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
312 Listeners
Defense in Depth
76 Listeners
Cyber Security Headlines
120 Listeners
Risky Bulletin
33 Listeners