EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther
Cloud Security Podcast by Google - A podcast by Anton Chuvakin - Mondays
Categories:
Guest: Jack Naglieri, Founder and CEO at Panther Topics: What is good detection, defined at micro-level for a rule or a piece of detection content? What is good detection, defined at macro-level for a program at a company? How to reliably produce good detection content at scale? What is a detection content lifecycle that reliably produces good detections at scale? What is the purpose of a SIEM today? Where do you stand on a classic debate on vendor-written vs customer-created detection content? Resources: “Essentialism” book “The 5 AM Club” book “Good to Great” book “Why Is Threat Detection Hard” blog “Think Like a Detection Engineer, Pt. 2: Rule Writing” blog “Detection as Code? No, Detection as COOKING!” blog Open Cybersecurity Schema Framework (OCSF)