Detection

On Trust and Transparency in Detection

This blog / mini-paper is written jointly with Oliver Rochford.

I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM — What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common for SANS webinars, we got a lot of great questions that I feel…

A lot of people ask me how Chronicle is doing inside Google Cloud (TLDR: doing well), and I wanted to share some good news. I also wanted to reveal some of our lessons building our threat detection capabilities (that we just released).

Can We Have “Detection as Code”?

One more idea that has been bugging me for years is an idea of “detection as code.” Why is it bugging…

For some time, I’ve been also fascinated with the concept of detection-in- depth and a somewhat related concept of optimal detection coverage.

This fascination was born out of a particular type of analyst inquiry I used to get: if…

Let me ask you this: do smaller businesses (say, SMBs) get more security vendor lies than large enterprises? My past analyst experience certainly seems to suggest so. When I was an analyst, the most…