EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
Guest:
-
Amine Besson, Tech Lead on Detection Engineering, Behemoth Cyberdefence
Topics:
- What is your best advice on detection engineering to organizations who don’t want to engineer anything in security?
- What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center?
- Why classic “tiered SOCs” fall flat when dealing with modern threats?
- Let’s focus on a correct definition of detection as code. Can you provide yours?
- Detection x response engineering - is there a thing called “response engineering”? Should there be?
- What are your lessons learned to fuse intel, detections, and hunting ops?
- What is this SIEMless yet SOARful detection architecture?
- What’s next with OpenTIDE 2.0?
Resources:
- Guide your SOC Leaders to More Engineering Wisdom for Detection (Part 9) and other parts linked there
- Hack.lu 2023: TIDeMEC : A Detection Engineering Platform Homegrown At The EC video
- OpenTIDE · GitLab
- OpenTIDE 1.0 Release blog
- SpectreOps blog series ‘on detection’
- Does your SOC have NOC DNA? presentation
- Kill SOC Toil, Do SOC Eng blog (tame version)
- The original ASO paper (2021, still epic!)
- Behind the Scenes with Red Canary's Detection Engineering Team
- The DFIR Report – Real Intrusions by Real Attackers, The Truth Behind the Intrusion
- Site Reliability Engineering (SRE) | Google Cloud
Information
- Show
- FrequencyUpdated Weekly
- PublishedDecember 9, 2024 at 3:11 PM UTC
- Length37 min
- Season1
- Episode202
- RatingClean