EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther

Guest: Jack Naglieri, Founder and CEO at Panther Topics: What is good detection, defined at micro-level for a rule or a piece of detection content?  What is good detection, defined at macro-level for a program at a company?  How to reliably produce good detection content at scale? What is a detection content lifecycle that reliably produces good detections at scale? What is the purpose of a SIEM today? Where do you stand on a classic debate on vendor-written vs customer-created detection content? Resources: “Essentialism” book “The 5 AM Club”  book “Good to Great” book  “Why Is Threat Detection Hard” blog “Think Like a Detection Engineer, Pt. 2: Rule Writing” blog “Detection as Code? No, Detection as COOKING!”  blog Open Cybersecurity Schema Framework (OCSF)