EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection - podcast episode cover

EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection

Cloud Security Podcast by Google
Oct 18, 202131 minSeason 1Ep. 39
--:--
--:--
Listen in podcast apps:
Metacast
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Guest:

  • Jared Atkinson, Adversary Detection Technical Director at SpecterOps

Topics:

  • What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad?
  • How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific?
  • What should we do to build more good directions? Is this all about reducing false positives?
  • Can we really measure false negatives? How can we approach this?
  • How can we test for detection goodness in the real world? What are the methods that work? It can’t be just about paper ATT&CK coverage, right?
  • What are your top 3 tips for improving the detection practice at an organization?

Resources:

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection | Cloud Security Podcast by Google - Listen or read transcript on Metacast