A Blueprint for Detection Engineering: Tools, Processes, and Metrics
RSA Conference 2024 · Track Session
This talk, presented by Jose and Eric from the Splunk Threat Research team at RSAC 2024, delves into the critical discipline of **detection engineering**. It addresses a fundamental challenge faced by security organizations: the ability to definitively prove an organization can detect a specific attack and to do so rapidly. The speakers articulate a comprehensive blueprint encompassing tools, processes, and metrics designed to mature an organization's detection capabilities from ad-hoc, reactive measures to a continuous, automated, and highly effective defensive posture.