We need better detection feedback loops – Michael Mumcuoglu – ESW #399

Summary: The video discusses the evolution of detection engineering in cybersecurity, featuring insights from Michael Mumuagloo, co-founder and CEO of Cardinal Ops. He explains the critical importance of detection as part of an organization’s security posture, emphasizing the need for automation, continuous improvement, and effective prioritization of detection efforts. Mumuagloo also highlights the significance of understanding attackers’ tactics and utilizing threat intelligence to enhance detection capabilities.

Keypoints:

• The discussion highlights the role of Fastly in delivering secure online experiences through application security and cloud platform services.
• Detection has become an integral part of organizational defense strategies over the years, transitioning from optional to essential.
• Mumuagloo introduces the concept of “flipping the odds,” suggesting defenders have multiple opportunities to detect attackers once they gain initial access.
• Organizations must anticipate that employees will click on phishing links, necessitating a proactive defense strategy focused on later stages of an attack.
• Challenges in detection engineering include the dynamic nature of networks and ineffective existing detection measures that may be broken or misconfigured.
• Automation is promoted as a solution to reduce mundane tasks, allowing security teams to focus on higher-value activities like risk assessment and understanding threats.
• Organizations should utilize threat intelligence to prioritize areas for improvement in detection capabilities based on industry relevance.
• Continuous assessment and improvement of detection measures are vital; organizations should regularly validate their detection systems and be prepared for evolving threats.
• Different organizations exhibit varying levels of success in testing and validating detection measures, with a minority utilizing ongoing simulations to ensure effectiveness.
• Mature detection engineering practices include prioritizing critical vulnerabilities, effective use of threat intelligence, and integrating detection with prevention strategies for an overall security approach.