Can We Have “Detection as Code”?

One more idea that has been bugging me for years is an idea of “detection as code.” Why is it bugging…

Back in August, we released our first Google/Chronicle — Deloitte Security Operations Center (SOC) paper titled “Future of the SOC: Forces shaping modern security operations” (launch blog, paper PDF) and promised a series…

For some time, I’ve been also fascinated with the concept of detection-in- depth and a somewhat related concept of optimal detection coverage.

This fascination was born out of a particular type of analyst inquiry I used to get: if…

For some reason, I just cannot leave the topic of Security Operation Center (SOC) alone. In fact, I now am participating in a very fun effort to write a series of papers on the future of SOC by Google…

Note: this blog series now exists in a cleaned-up full whitepaper form at https://hubs.ly/H0pvD_30

We call our approach YARA-L because it is inspired by YARA — invented by Google VirusTotal for malware…

… is Chronicle a SIEM?

However, if you are impatient and need to get the answer right now, here it is: Chronicle can address many…

When I “invented” (well, not really invented, but defined) Endpoint Detection and Response (EDR) back in 2013 at Gartner, I did think of the EDR concept as “detection and response on the endpoint.” In other words, I saw the defining primacy of…