It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however.
Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working?
In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections.
Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again.
Show Notes: https://securityweekly.com/esw-399)
