EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther

Guest:

• Jack Naglieri, Founder and CEO at Panther

Topics:

• What is good detection, defined at micro-level for a rule or a piece of detection content?

• What is good detection, defined at macro-level for a program at a company?

• How to reliably produce good detection content at scale?

• What is a detection content lifecycle that reliably produces good detections at scale?

• What is the purpose of a SIEM today?

• Where do you stand on a classic debate on vendor-written vs customer-created detection content?

Resources:

• "Essentialism" book

• "The 5 AM Club" book

• "Good to Great" book

• "Why Is Threat Detection Hard" blog

• "Think Like a Detection Engineer, Pt. 2: Rule Writing" blog

• "Detection as Code? No, Detection as COOKING!" blog

• Open Cybersecurity Schema Framework (OCSF)