EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

Guest: Amine Besson, Tech Lead on Detection Engineering, Behemoth Cyberdefence Topics: What is your best advice on detection engineering to organizations who don’t want to engineer anything in security?  What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center?  Why classic “tiered SOCs” fall flat when dealing with modern threats? Let’s focus on a correct definition of detection as code. Can you provide yours? Detection x response engineering - is there a thing called “response engineering”? Should there be? What are your lessons learned to fuse intel, detections, and hunting ops? What is this SIEMless yet SOARful detection architecture? What’s next with OpenTIDE 2.0? Resources: Guide your SOC Leaders to More Engineering Wisdom for Detection (Part 9) and other parts linked there Hack.lu 2023: TIDeMEC : A Detection Engineering Platform Homegrown At The EC video OpenTIDE · GitLab  OpenTIDE 1.0 Release blog SpectreOps blog series ‘on detection’ Does your SOC have  NOC DNA? presentation Kill SOC Toil, Do SOC Eng blog (tame version) The original ASO paper (2021, still epic!) Behind the Scenes with Red Canary's Detection Engineering Team The DFIR Report – Real Intrusions by Real Attackers, The Truth Behind the Intrusion Site Reliability Engineering (SRE) | Google Cloud