On this week's episode of the Detection at Scale podcast, Jack talks with Charles Anderson, Director, Global SOC at Sony. They discuss better approaches to risk-based alerting that leverage metadata, how they fine tune detections across a global organization, and what factors to use when determining thresholds. They also talk about how to use Time to Detect to improve your strategies, how LLMs can help with baseline detection, and why it's key to not lose sight of risk in pursuit of threat.
Topics discussed:
- A better way to approach risk-based alerting by leveraging metadata to connect the dots.
- Which factors to consider when determining your thresholds for alerting.
- How Sony is using machine learning and why applying a single model to the entire organization doesn't work.
- Why organizations are targets of opportunity and accidental exposure more than they are of planned attack.
- The process Sony's SOC uses to fine tune their detections and how it has to be different across the globe.
- How to use Time to Detect to tell the story of what you're covering and what you're missing.
- Advice to other security professionals that includes not losing sight of risk in pursuit of threat.