EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
Dec 09, 2024•37 min•Season 1Ep. 202
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Guest:
-
Amine Besson, Tech Lead on Detection Engineering, Behemoth Cyberdefence
Topics:
- What is your best advice on detection engineering to organizations who don’t want to engineer anything in security?
- What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center?
- Why classic “tiered SOCs” fall flat when dealing with modern threats?
- Let’s focus on a correct definition of detection as code. Can you provide yours?
- Detection x response engineering - is there a thing called “response engineering”? Should there be?
- What are your lessons learned to fuse intel, detections, and hunting ops?
- What is this SIEMless yet SOARful detection architecture?
- What’s next with OpenTIDE 2.0?
Resources:
- Guide your SOC Leaders to More Engineering Wisdom for Detection (Part 9) and other parts linked there
- Hack.lu 2023: TIDeMEC : A Detection Engineering Platform Homegrown At The EC video
- OpenTIDE · GitLab
- OpenTIDE 1.0 Release blog
- SpectreOps blog series ‘on detection’
- Does your SOC have NOC DNA? presentation
- Kill SOC Toil, Do SOC Eng blog (tame version)
- The original ASO paper (2021, still epic!)
- Behind the Scenes with Red Canary's Detection Engineering Team
- The DFIR Report – Real Intrusions by Real Attackers, The Truth Behind the Intrusion
- Site Reliability Engineering (SRE) | Google Cloud
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast