EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

Guest:

• Amine Besson, Tech Lead on Detection Engineering, Behemoth Cyberdefence

Topics:

• What is your best advice on detection engineering to organizations who don’t want to engineer anything in security? 
• What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center? 
• Why classic “tiered SOCs” fall flat when dealing with modern threats?
• Let’s focus on a correct definition of detection as code. Can you provide yours?
• Detection x response engineering - is there a thing called “response engineering”? Should there be?
• What are your lessons learned to fuse intel, detections, and hunting ops?
• What is this SIEMless yet SOARful detection architecture?
• What’s next with OpenTIDE 2.0?

Resources:

• Guide your SOC Leaders to More Engineering Wisdom for Detection (Part 9) and other parts linked there
• Hack.lu 2023: TIDeMEC : A Detection Engineering Platform Homegrown At The EC video
• OpenTIDE · GitLab 
• OpenTIDE 1.0 Release blog
• SpectreOps blog series ‘on detection’
• Does your SOC have  NOC DNA? presentation
• Kill SOC Toil, Do SOC Eng blog (tame version)
• The original ASO paper (2021, still epic!)
• Behind the Scenes with Red Canary's Detection Engineering Team
• The DFIR Report – Real Intrusions by Real Attackers, The Truth Behind the Intrusion
• Site Reliability Engineering (SRE) | Google Cloud