Best Practices for Detection as Code

Presented at NolaCon 2022, May 20, 2022, 1 p.m. (Unknown duration)

<p>When I was young, a teacher once told me, while it&#39;s important to learn from your mistakes - learn from the mistakes of others. It&#39;s less painful. It appears that the realm of threat detection has not done a good job of adopting that lesson. An overwhelming number of rules, outdated rules, flooding incident response with alerts, redundant detections, slow deployments - these are just a few of the problems that many security operations teams face. Fortunately, many of these problems have already been solved by those in the software development, site reliability engineering, and cloud engineering fields. Decades of software development has produced an immense amount of knowledge and lessons learned that the security industry can adopt to solve similar problems. By embracing their best practices for infrastructure as code, deployment engineering, and management process, security teams can build effective and scalable threat detection operations. In this talk, I&#39;ll present how Snowflake has adopted these principles into our security architecture and discuss our triumphs and failures so you can learn from our mistakes (it&#39;s less painful that way).</p>

Presenters:

  • Daniel Wyleczuk-Stern
    <p>Daniel is a recent convert to the blue team after spending the majority of his career breaking systems at Praetorian and the USAF. At Snowflake, he spends his time helping to improve the threat detection program. When he&#39;s not working, you can find him spending time with his wife and cats, enjoying a nice cup of coffee, or in the gym practicing Muay Thai and Brazilian Jiu Jitsu.</p>

Links:

Similar Presentations: