EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

Описание к видео EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

Guest:



Amine Besson (  / behemoth  ) , Tech Lead on Detection Engineering, Behemoth Cyberdefence


Topics:


• What is your best advice on detection engineering to organizations who don’t want to engineer anything in security? 

• What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center? 

• Why classic “tiered SOCs” fall flat when dealing with modern threats?

• Let’s focus on a correct definition of detection as code. Can you provide yours?

• Detection x response engineering - is there a thing called “response engineering”? Should there be?

• What are your lessons learned to fuse intel, detections, and hunting ops?

• What is this SIEMless yet SOARful detection architecture?

• What’s next with OpenTIDE 2.0 (https://code.europa.eu/ec-digit-s2/op...) ?

Resources:


• Guide your SOC Leaders to More Engineering Wisdom for Detection (Part 9) (  / guide-your-soc-leaders-to-more-engineering...  ) and other parts linked there

• Hack.lu 2023: TIDeMEC : A Detection Engineering Platform Homegrown At The EC video (   • Hack.lu 2023: TIDeMEC : A Detection E...  )

• OpenTIDE · GitLab (https://code.europa.eu/ec-digit-s2/op...)  

• OpenTIDE 1.0 Release blog (https://code.europa.eu/groups/ec-digi...)

• SpectreOps blog series ‘on detection’ (https://posts.specterops.io/on-detect...)

• Does your SOC have  NOC DNA? presentation (https://www.slideshare.net/slideshow/...)

• Kill SOC Toil, Do SOC Eng (  / kill-soc-toil-do-soc-eng  ) blog (tame version (https://cloud.google.com/blog/product...) )

• The original ASO paper (https://services.google.com/fh/files/...) (2021, still epic!)

• Behind the Scenes with Red Canary's Detection Engineering Team (https://redcanary.com/blog/security-o...)

• The DFIR Report – Real Intrusions by Real Attackers, The Truth Behind the Intrusion (https://thedfirreport.com/)

• Site Reliability Engineering (SRE) | Google Cloud (https://cloud.google.com/sre?hl=en)

 

Комментарии

Информация по комментариям в разработке