In this episode of Detection at Scale, Jack Naglieri chats with Darren LaCasse, Director of Threat Intelligence, Incident Response, & Threat Detection at Elastic. Darren offers insights into the innovative project around detection as code, shedding light on the methodologies Elastic employs to enhance security operations.

Darren touches on the challenges of managing massive amounts of data, the importance of prioritization in security tasks, and how automation has revolutionized their response strategies. He also shares practical advice on conducting gap analyses to focus on what truly matters.

Topics discussed:

• The importance of prioritizing security tasks to focus on critical business-impacting elements, ensuring a resilient security framework.
• Strategies for handling and analyzing large volumes of security data to maintain effective monitoring and response capabilities.
• How automation has halved alert volumes, freeing analysts from repetitive tasks and enhancing overall productivity.
• Conducting regular gap analyses and attack path discussions to visualize vulnerabilities and direct security efforts effectively.
• The role of tagging and context-aware responses in streamlining security operations and making analysts' lives easier.
• Prioritizing security efforts based on the criticality of vendors and data, focusing first on restricted and critical vendors.
• The importance of conducting at least annual reviews to reassess and improve security controls and monitoring strategies.
• Using metrics to measure the effectiveness of security measures and guide continuous improvement efforts.

Resources Mentioned:

• Darren LaCasse on LinkedIn
• Elastic Security Solution website

In this episode of the Detection at Scale podcast, Jack speaks to Daniel Wiley, Head of Threat Management and Chief Security Advisor at Check Point Software, to discuss the intricacies of balancing technology and human analytics in cybersecurity.

Daniel shares his experiences in building three successful internal startups at Check Point and emphasizes the importance of continuous learning throughout one’s career. He also touches on effective incident response strategies for small- to medium-sized businesses, and the vital role of adaptable data schemas in managing large-scale security operations.

Topics discussed:

• The highs and lows experienced in the cybersecurity startup journey, including the importance of quick decision-making and team-building.
• Strategies for developing effective IR playbooks tailored for small- to medium-sized businesses to handle security threats efficiently.
• The integration of machine analytics and human expertise to manage and interpret large volumes of cybersecurity data.
• Managing 24/7 global SOCs, including the challenges of shift rotations and ensuring analysts are not overloaded.
• Techniques for determining which data is crucial for cybersecurity efforts and how to handle terabytes of data per second.
• The necessity of ongoing education and staying updated with the latest in cybersecurity to maintain effectiveness in the field.
• The significance of hiring the right team from the start and making swift, decisive personnel changes when necessary.
• Check Point's focus on maintaining high operational margins and its impact on the business's success and sustainability.

Resources Mentioned:

• Daniel Wiley on LinkedIn
• Check Point Software website
• The Hard Thing About Hard Things by Ben Horowitz
• Cyber for Builders by Ross Haleliuk

In our latest episode of Detection at Scale, Jason Waits, CISO at Inductive Automation, shares insights learned in his journey from network administration to cybersecurity and the importance of SCADA systems.

He dives into the value of automation, ML, and AI in security operations, highlighting the need for asking the right questions for efficient data analysis. Jason also discusses building a security team with a focus on detection and response, leveraging automation for faster investigations.

Topics discussed:

• The role of SCADA systems in various industries and the importance of security in OT environments.
• The challenges and strategies in building a security program for scale, focusing on automation and infrastructure as code.
• The impact of IT-OT convergence on security issues and the need for enhanced controls and monitoring in interconnected systems.
• Embracing automation in security operations, including detection engineering and automating response actions for efficiency and scalability.
• Utilizing enrichment techniques for contextual data analysis and the significance of data sources for effective security investigations.
• The use of ML and AI in security operations, particularly in natural language querying and data analysis for actionable insights.
• Jason's advice on building a successful security team, emphasizing automation, staying informed on industry trends, and fostering collaboration with engineering teams.

Resources Mentioned:

• Jason Waits on LinkedIn
• Inductive Automation website
• Detection Engineering Weekly newsletter