Detection at Scale

Alessio Faiella, the Director of Security Engineering & Security Operations at ThoughtSpot, shares his expertise on building forward-looking security initiatives. He emphasizes the importance of understanding product nuances and user behavior in security strategy. Alessio discusses how AI enhances detection and response, offering real-time recommendations during incidents. He highlights the need for detailed playbooks to optimize resource allocation and covers the balance between automation and human oversight to strengthen security operations.

Roger Allen, Senior Director and Global Head of Detection and Response at Sprinklr, delves into the complexities of cybersecurity. He emphasizes the importance of understanding adversaries' tactics to enhance detection capabilities. Roger discusses integrating adversary simulations to strengthen security measures and improve response strategies. He addresses team burnout through balanced workloads and meaningful discussions. With actionable insights on data management and alert prioritization, he provides a roadmap for building resilient security operations.

Christopher Watkins from WP Engine shares insights on efficient logging with native tools and API gateways. Strategies for cost-effective threat hunting and optimizing queries. Importance of mental well-being in cybersecurity. Tips on data management across cloud services.

In this episode of Detection at Scale, Jack Naglieri chats with Darren LaCasse, Director of Threat Intelligence, Incident Response, & Threat Detection at Elastic. Darren offers insights into the innovative project around detection as code, shedding light on the methodologies Elastic employs to enhance security operations.  Darren touches on the challenges of managing massive amounts of data, the importance of prioritization in security tasks, and how automation has revolutionized their response strategies. He also shares practical advice on conducting gap analyses to focus on what truly matters.    Topics discussed: The importance of prioritizing security tasks to focus on critical business-impacting elements, ensuring a resilient security framework. Strategies for handling and analyzing large volumes of security data to maintain effective monitoring and response capabilities. How automation has halved alert volumes, freeing analysts from repetitive tasks and enhancing overall productivity. Conducting regular gap analyses and attack path discussions to visualize vulnerabilities and direct security efforts effectively. The role of tagging and context-aware responses in streamlining security operations and making analysts' lives easier. Prioritizing security efforts based on the criticality of vendors and data, focusing first on restricted and critical vendors. The importance of conducting at least annual reviews to reassess and improve security controls and monitoring strategies. Using metrics to measure the effectiveness of security measures and guide continuous improvement efforts.   Resources Mentioned:  Darren LaCasse on LinkedIn Elastic Security Solution website

Daniel Wiley, Head of Threat Management at Check Point, discusses the highs and lows of cybersecurity startups, effective incident response strategies for SMBs, and the integration of machine analytics and human expertise in managing large amounts of cybersecurity data.

Jason Waits, CISO at Inductive Automation, discusses the role of SCADA systems in security, challenges in building scalable security programs with automation, and the impact of IT-OT convergence. He emphasizes the importance of automation in security operations, ML, and AI for efficient data analysis to enhance detection capabilities.

In our recent special Hot Ones-style episode of Detection at Scale, Panther CEO Will Lowe and Founder & CTO Jack Naglieri sit down to taste hot sauces and talk hot topics in the field of cybersecurity. Jack shares his evolution from security professionals to founders, emphasizing the importance of experience and understanding attacker profiles.  Jack also gives his insights on the foundational skills to becoming a detection engineer, including building detection engineering functions and having war room experience. He also discusses the evolving role of AI in the security field, such as its usefulness in generating code for detection programs.  Topics discussed: Jack’s transition from practitioner to company founder, emphasizing the importance of saying yes to opportunities and keeping an open mind. Building detection engineering functions with a focus on understanding what needs to be detected and why. The significance of measurement in detection engineering and the importance of a growth mindset for continuous improvement. The importance of understanding the experiences of security practitioners and software engineers. The role of war room experience in understanding attacker profiles and the importance of incident response strategies to prepare for a role as a detection engineer. The importance of sharing knowledge and experiences within the cybersecurity community.  Resources Mentioned: Jack Naglieri’s Substack

In a recent episode of the Detection at Scale podcast recorded at the RSA conference, Jack chats with Corey Quinn, Chief Cloud Economist at The Duckbill Group, an AWS cost-management agency. They talked about the intersection of security and billing in the context of AWS environments, highlighting the significance of observability through billing data to enhance security measures.  Corey also discussed key offenders in AWS services for security and highlighted the challenges companies face in determining optimal investments in security services. Throughout our discussion, Corey offers valuable takeaways on navigating the evolving landscape of AWS security practices and optimizing billing strategies for enhanced cloud security. Topics discussed: The importance of observability via billing data to bolster AWS security measures and optimize investments in security services. How to identify key security offenders in AWS services to enhance cloud security practices and mitigate potential breaches. The challenges in determining optimal security investments within AWS environments. Detecting potential breaches through AWS billing insights and the significance of understanding billing intricacies for security enhancements. The impact of billing data on identifying security vulnerabilities and navigating the AWS security landscape with enhanced strategies. The role of services like Route 53 in bolstering security measures and considerations for AWS spending on security services.  Resources Mentioned:  Corey Quinn on LinkedIn The Duckbill Group website 

In this episode, Jack Naglieri speaks to Jeff Bollinger, Director of Incident Response and Detection Engineering at LinkedIn, who shares valuable insights on his journey in security, key technological shifts he's witnessed, and his approach to threat intelligence, incident response, and monitoring.  Jeff highlights the importance of contextual understanding in security operations and emphasized the critical role of human intuition, adaptability, and creativity in addressing security challenges. He also discussed the need for a balanced team with diverse skill sets and his views on the evolving role of AI in security operations. Topics discussed: Technological shifts in the field of incident response and detection engineering, from the Y2K era to the present. The nuances of monitoring behaviors and moving towards higher-level monitoring: it’s useful but imperfect because humans can be unpredictable. Automation in security operations and how human analysts are still important and relevant because they have intuition that AI does not. Incorporating threat intelligence effectively in security programs: knowing what your scale is and what threats correspond to it. Building effective incident response programs and key considerations in security operations. 

In this episode, Jack Naglieri speaks to Josh Liburdi, Staff Security Engineer at Brex. Josh explains the process of developing their new security data pipeline toolkit, Substation and how it has been working. He also discusses the importance of quality data, highlighting the impact of data transformation.  Josh also shares his insights on the value of human analysis in SecOps and modern incident response strategies, from handling alerts to understanding program gaps.  Topics discussed: The development process of Substation, a security data pipeline toolkit to enhance log collection and data quality for threat detection The importance of quality data in security operations and how sometimes it is helpful to collect it even if you don’t analyze it right away. The data transformation process and its impact on threat detection, as well as how it’s made the team at Brex more efficient. Enhancing the ability to write better rules after implementing Substation. Josh's advice for security practitioners: it’s ok to seek help and “soft skills” are important.