From SIEM to Detection as Code
Cloud-Native SIEM: Scaling Security for the Modern Era
00:00 - Introduction to Jack Naglieri and Panther
01:23 - Discussing the possibility of keeping pace with modern threats
02:08 - Common reasons organizations seek out new SIEM solutions
03:29 - The concept of detection-as-code and its benefits
05:50 - Challenges of monitoring diverse cloud environments and SaaS tools
07:17 - The importance of identity in correlating security data
08:46 - Best practices for collecting and organizing security data
10:51 - The essentialist approach to security monitoring and alert management
12:46 - Team structures for handling security alerts and investigations
13:48 - Recommendations for fine-tuning SIEM alerts
15:35 - The role of SIEMs in threat remediation and prevention
17:07 - Learning from patterns in security events
19:20 - Views on AI and machine learning in threat detection
19:59 - Log retention strategies and considerations
21:12 - Addressing unknown threats and improving visibility
22:55 - Using SIEMs for retroactive incident analysis
23:31 - Current challenges facing security teams
24:38 - Tips for transitioning to detection-as-code
25:45 - Cost considerations when adopting new SIEM solutions
27:21 - Jack's key tip: Focus on intentionality in security operations
Key Takeaways:
Detection-as-code offers improved governance, collaboration, and scalability
Start with a clear understanding of critical threats to your organization
Balance comprehensive monitoring with intentional, focused alerts
Consider cloud-native SIEM solutions for cost-effectiveness and scalability
Regularly review and update security playbooks and runbooks
Resources Mentioned:
Panther: Cloud-native SIEM platform (https://panther.com/)
Detection at Scale: Jack Naglieri's podcast and blog (https://podcasts.apple.com/us/podcast/detection-at-scale/id1582584270)