Detection at Scale

WP Engine’s Christopher Watkins on Cost-Effective Threat Hunting Strategies

Jul 9, 2024

Christopher Watkins from WP Engine shares insights on efficient logging with native tools and API gateways. Strategies for cost-effective threat hunting and optimizing queries. Importance of mental well-being in cybersecurity. Tips on data management across cloud services.

21:08

Creator website

Episode guests

Christopher Watkins

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Leveraging native tools and API gateways for efficient logging management across cloud platforms at WP Engine.

Implementing cost-effective threat hunting strategies through table partitioning and optimized queries for efficient security operations.

Deep dives

Logging Pipeline Strategies at WP Engine

At WP Engine, they use a diverse set of cloud providers, including Azure, GCP, and AWS, creating a unique logging situation that requires innovative solutions. By leveraging native tools from the cloud providers creatively, the team at WP Engine has built a robust logging pipeline. They transform logs into the Elastic Common Schema Format for consistency, enabling effective threat detection and analytics in BigQuery.

Intro

3min

Optimizing Threat Detection in Cloud Environments

11min

Automating Response Workflows in Cybersecurity

3min

Exploring Strategies for Balancing Stress and Avoiding Burnout in Incident Response

2min

Morning Routines, Community, and Security Advice

3min

In this episode of Detection at Scale, Jack welcomes Christopher Watkins, Senior Staff Cloud Security Engineer at WP Engine, to discuss innovative logging solutions and efficient data management across multiple cloud platforms. Chris reveals how WP Engine leverages native tools and robust API gateways to streamline logging processes.

He shares strategies for cost-effective threat hunting, such as optimizing large-scale queries through table partitioning. Chris also emphasizes the importance of mental and physical well-being, and the role of community support in maintaining a sustainable career in cybersecurity.

Topics discussed:

How WP Engine uses native tools and robust API gateways to manage logging across multiple cloud platforms efficiently.
Strategies for optimizing large-scale queries, such as table partitioning and avoiding costly operations, to maintain efficiency and reduce expenses.
Techniques for moving data efficiently across different cloud services, ensuring consistency and reliability in data management.
The importance of partitioning tables and being selective with queries to enhance threat detection and incident response efforts.
The role of a well-designed schema in speeding up threat detection by understanding key value pairs frequently used in security data.
Leveraging best practices from data teams to optimize queries and improve security use cases.
Ensuring human oversight with two-person reviews of scripts and dry runs to maintain accuracy and reliability in automated processes.
The importance of mental, physical, and spiritual health routines to manage the stress of incident response and avoid burnout.
The role of community and trusted conversations in sharing experiences about breaches, vulnerabilities, and other challenges in the cybersecurity field.
How WP Engine's mantra of "detection as code" and "pipelines as code" extends to response workflows for increased efficiency and effectiveness.

Resources Mentioned:

Chris Watkins on LinkedIn
WP Engine website

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Detection at Scale

WP Engine’s Christopher Watkins on Cost-Effective Threat Hunting Strategies

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Logging Pipeline Strategies at WP Engine

Efficient Data Transfer Between Clouds at WP Engine

Balancing Automation and Human Involvement in Incident Response

Remember Everything You Learn from Podcasts