Learn to DevOpsify your Threat Detection Development!
Guest: Wasim Halani, Director - Detection Engineering at Securonix
SOC teams face a continuous challenge of evolving threats and a difficulty in developing #analytics to detect such #threats. Recent times have seen the Detection Engineering function evolve along the lines of Software Engineering - which means the Agile and DevOps methodologies also apply to new detections being developed and deployed.
Continuous development, continuous testing and continuous deployment are part of the game.
In this episode, we dive into the challenges faced by traditional #SOC teams in building effective threat detections, explore why threat detection is inherently difficult, and discuss how #DevOps principles can enhance this process. We also cover the groundwork for implementing these principles and the most challenging aspects of developing a #detection #engineering #program.
Recommended reading/viewing for practitioners:
1. https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc79
2. https://www.securonix.com/blog/ddlc-detection-development-life-cycle/
3. https://medium.com/snowflake/detection-development-lifecycle-af166fffb3bc
Follow us on LinkedIn: @breakpoint-security-podcast
Breakpoint Youtube: BreakpointSecurityPodcast
https://youtube.com/@breakpointsecuritypodcast
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below: