Cloud Security Podcast by Google

EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

Dec 9, 2024

Amine Besson, Tech Lead on Detection Engineering at Behemoth Cyberdefence, shares his insights on the evolution of security operations and the importance of detection engineering. He discusses the inadequacies of traditional tiered SOCs against modern threats and introduces 'detection as code' as a transformative approach. Amine also elaborates on the fusion of threat intelligence with detection and response, stressing real-time actionable insights. Finally, he highlights new architectures like OpenTIDE that enhance threat detection and efficiency.

37:09

Creator website

Episode guests

Amine Besson

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Organizations must embrace ownership in detection engineering to enhance their understanding and effectiveness in addressing potential security threats.

The evolution of Security Operations Centers towards integrated Cyber Defense Centers highlights the importance of collaboration between detection and response engineering for improved security outcomes.

Deep dives

The Importance of Ownership in Detection Engineering

The podcast emphasizes the significance of ownership in detection engineering within security operations, arguing that individuals and organizations must understand and take responsibility for their technology. Instead of relying on third-party services for detection, organizations benefit from actively engaging in the engineering of their detection processes. This approach fosters a deeper understanding of the systems and allows for more effective responses to potential threats. The discussion highlights that a lack of ownership often leads to inefficiencies and missed opportunities for improvement.

Intro

3min

Evolving Security Operations: From SOCs to Expertise-Driven Models

13min

Understanding Detection as Code in Modern Security Operations

3min

Integrating Threat Intelligence in SOCs

14min

Understanding Alerts vs. Signals in Cybersecurity

3min

Harnessing Detection as Code for Enhanced Development

2min

Guest:

Amine Besson, Tech Lead on Detection Engineering, Behemoth Cyberdefence

Topics:

What is your best advice on detection engineering to organizations who don’t want to engineer anything in security?
What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center?
Why classic “tiered SOCs” fall flat when dealing with modern threats?
Let’s focus on a correct definition of detection as code. Can you provide yours?
Detection x response engineering - is there a thing called “response engineering”? Should there be?
What are your lessons learned to fuse intel, detections, and hunting ops?
What is this SIEMless yet SOARful detection architecture?
What’s next with OpenTIDE 2.0?

Resources:

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Cloud Security Podcast by Google

EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Ownership in Detection Engineering

Evolving Perspectives on Security Operations Centers (SOCs)

Challenges and Opportunities in Threat Intelligence

Adoption of Detection as Code and the Future of OpenTide

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Cloud Security Podcast by Google

EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Ownership in Detection Engineering

Evolving Perspectives on Security Operations Centers (SOCs)

Challenges and Opportunities in Threat Intelligence

Adoption of Detection as Code and the Future of OpenTide

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights