Cloud Security Podcast by Google artwork

EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther

Cloud Security Podcast by Google

English - May 29, 2023 14:11 - 39 minutes - 54.2 MB - ★★★★★ - 31 ratings
Technology cloudsecurity security cloud cybersecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: EP122 Firewalls in the Cloud: How to Implement Trust Boundaries for Access Control
Next Episode: EP124 Safe Browsing: Lessons from How Google Secures Five Billion Devices at Low False Positive Rates

Guest:

Jack Naglieri, Founder and CEO at Panther

Topics:

What is good detection, defined at micro-level for a rule or a piece of detection content? 

What is good detection, defined at macro-level for a program at a company? 

How to reliably produce good detection content at scale?

What is a detection content lifecycle that reliably produces good detections at scale?

What is the purpose of a SIEM today?

Where do you stand on a classic debate on vendor-written vs customer-created detection content?

Resources:

“Essentialism” book

“The 5 AM Club”  book

“Good to Great” book 

“Why Is Threat Detection Hard” blog

“Think Like a Detection Engineer, Pt. 2: Rule Writing” blog

“Detection as Code? No, Detection as COOKING!”  blog

Open Cybersecurity Schema Framework (OCSF)