
Detection at Scale
Meta's Justin Anderson on How to Understand, Identify, and Execute Your Detection Strategy
Feb 27, 2024
Meta's Justin Anderson discusses how they built a detection platform treating it like software code, gauging risk using TTPs, and taking a shift-left approach. They emphasize the need for strong engineering and investigation skills, AI limitations in detection, and advice for building a security program.
28:39
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Meta prioritizes coding skills for all employees to treat detections as software problems, fostering a systematic approach to detection engineering.
- Assessing risk at Meta involves evaluating TTPs relevant to the environment and measuring their coverage to communicate the overall risk posture effectively.
Deep dives
Embracing Coding Skills Across the Organization
Having a high hiring bar, the company emphasizes coding skills from employees ranging from EMs to ICs, treating coding as essential in a tech environment. By approaching detections for attacks as software problems, a systematic process named surface coverage is used. This involves extensive collaboration across teams to develop end-to-end detection response coverage.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.