Name
D1. Detection as Code: Apply the Software Development Lifecycle to Your Blue Team
Track
App Sec
Date
Wednesday, May 9, 2018
Time
3:15 PM - 4:15 PM
Description
Session Description:
After decades of evolution, today’s software development lifecycle (SDLC) provides a well-tested process to help millions of software engineers launch and maintain high quality systems. Meanwhile, the hunting and detection capabilities used by Blue Teams are in relative infancy and heavily rely on vendor products and tribal knowledge. This talk will teach Blue Teams how to apply the SDLC to make hunting and detection more predictable and reliable while increasing coverage.
Learner Objectives
After completing this session, learner will:
- Learn how to apply elements of the SDLC to make hunting and detection more predictable, reliable, and effective
- Gain a new perspective on how to treat detection as code
- Apply hands-on techniques like source controlling detection alerts with Git and using pull requests and peer reviews as change control
- Deploy proven testing processes to detection techniques and alerts, and get tested changes into production
Speakers
Speaker Bio(s)
Brian Beyer is the CEO and co-founder of Red Canary, based in Denver, Colorado. Prior to Red Canary, Brian incubated cybersecurity products at Kyrus, where he specialized in building and delivering innovative cybersecurity solutions. He also developed big data processing solutions at Northrop Grumman and worked in computer forensics & intrusion analysis group at ManTech.
CEUs
1