Detection at Scale

Meta's Justin Anderson on How to Understand, Identify, and Execute Your Detection Strategy

Feb 27, 2024

Meta's Justin Anderson discusses how they built a detection platform treating it like software code, gauging risk using TTPs, and taking a shift-left approach. They emphasize the need for strong engineering and investigation skills, AI limitations in detection, and advice for building a security program.

28:39

Creator website

Episode guests

Justin Anderson

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Meta prioritizes coding skills for all employees to treat detections as software problems, fostering a systematic approach to detection engineering.

Assessing risk at Meta involves evaluating TTPs relevant to the environment and measuring their coverage to communicate the overall risk posture effectively.

Deep dives

Embracing Coding Skills Across the Organization

Having a high hiring bar, the company emphasizes coding skills from employees ranging from EMs to ICs, treating coding as essential in a tech environment. By approaching detections for attacks as software problems, a systematic process named surface coverage is used. This involves extensive collaboration across teams to develop end-to-end detection response coverage.

Introduction

3min

Optimizing Detection Engineering Practices in Tech Companies

12min

Balancing Latency in Real-Time and Batch Processing for Data Detection

2min

AI in Detection Engineering

8min

Evolution and Optimism in Cybersecurity Detection Strategies

2min

Discussion on Security Program Methodologies and Life Advice

2min

On this week's episode of the Detection at Scale podcast, Jack talks with Justin Anderson, Security Engineering Manager, Detection & Response at Meta. They discuss how Meta has built its detection engineering program, how it treats detection-as-code like software, and how it gauges risk by assessing the TTPs applicable to the environment. They also talk about where AI is able to help out in development, the greater need for engineering and investigation skills, and three things to remember when building a security program.

Topics discussed:

How Meta gauges risk by assessing the TTPs applicable to the environment and measuring coverage across those TTPs.
How they built out their detection platform on a custom infrastructure and treat detection-as-code like software.
Why they take a shift left approach to detection, starting with TTPs hypotheses and then eliminating as much noise as possible.
How taking a page from the vulnerability management playbook helps reduce noise around detections.
AI’s current limitations in detection and response, yet how it helps with writing code and speeding up development times.
Why there's a greater need for stronger engineering and investigation skills, in addition to coding skills.
Advice to security professionals to focus on understanding, identifying, and executing when building out their program.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Detection at Scale

Meta's Justin Anderson on How to Understand, Identify, and Execute Your Detection Strategy

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Embracing Coding Skills Across the Organization

Data-Driven Detection Engineering

Risk Measurement Through TTPs

Significance of Code in Detection Engineering

Remember Everything You Learn from Podcasts