Guest:

• Keith McCammon, Co-founder and Chief Security Officer, Red Canary

Topics:

• What is Detection Engineering? How it differs from just building rules/analytics?
• How to convert threat intelligence into detections?
• How to tell good detections from bad? And perhaps also good from great?
• How to test detections in the real world?
• Anything special about building detections for cloud environments?
• What do you think is the role of "rule-less" (such as ML) detections? Is "ML unicorn cavalry" coming?

Resources:

• The Red Canary Blog
• 2021 Threat Detection Report
• Alerting and Detection Strategy Framework
• Atomic Red Team toolset