Season 1 · Episode 123

EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther

Cloud Security Podcast by Google · Anton A Chuvakin

May 29, 202339m 24s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Guest:

Jack Naglieri, Founder and CEO at Panther

Topics:

What is good detection, defined at micro-level for a rule or a piece of detection content?
What is good detection, defined at macro-level for a program at a company?
How to reliably produce good detection content at scale?
What is a detection content lifecycle that reliably produces good detections at scale?
What is the purpose of a SIEM today?
Where do you stand on a classic debate on vendor-written vs customer-created detection content?

Resources:

"Essentialism" book
"The 5 AM Club" book
"Good to Great" book
"Why Is Threat Detection Hard" blog
"Think Like a Detection Engineer, Pt. 2: Rule Writing" blog
"Detection as Code? No, Detection as COOKING!" blog
Open Cybersecurity Schema Framework (OCSF)

← All episodes of Cloud Security Podcast by Google