article thumbnail

Who Does What In Cloud Threat Detection?

Anton on Security

This post is a somewhat random exploration of the cloud shared responsibility model relationship to cloud threat detection. Funny enough, some popular shared responsibility model visuals don’t even include detection, response or security operations. Related blogs: “Why is Threat Detection Hard?” “On

article thumbnail

Build for Detection Engineering, and Alerting Will Improve (Part 3)

Anton on Security

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#3 in the series), we will start to define and refine our detection engineering machinery to avoid the problems covered in Parts 1 and 2. Stay tuned!

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Detection Engineering and SOC Scalability Challenges (Part 2)

Anton on Security

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Contrary to what some may think, a detection and response (D&R) success is more about the processes and people than about the SIEM.

article thumbnail

The State of Threat Detection and Response

Security Boulevard

In my more than ten years as a security analyst, engineer and now founder of a company that solves the challenges of security operations at scale, I’ve seen the successes and. The post The State of Threat Detection and Response appeared first on Security Boulevard.

article thumbnail

How to Make Threat Detection Better?

Anton on Security

I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write. Related blog posts: “Modern Threat Detection at Google” (ep17) “Security Correlation Then and Now: A Sad Truth About SIEM” “What Are You NOT Detecting?” “Can

article thumbnail

SIEM Content, False Positives and Engineering (Or Not) Security

Anton on Security

To me, this SIEM content and false positives debate is a micro instantiation of a much bigger debate: the paradox between consuming security and engineering security. They essentially want to consume security, rather than engineer it. No, Detection as COOKING!” “How How to Measure Threat Detection Quality for an Organization?”

article thumbnail

Role of Context in Threat Detection

Anton on Security

The debate focused on the role of context in threat detection. Specifically, it is about the role of local context (environment knowledge, organization context, site details, etc) in threat detection. Can threat detection work well without such local context? Now, some of you will say “yes, of course!”