D1. Detection as Code: Apply the Software Development Lifecycle to Your Blue Team
Wednesday, May 9, 2018
3:15 PM - 4:15 PM
After decades of evolution, today’s software development lifecycle (SDLC) provides a well-tested process to help millions of software engineers launch and maintain high quality systems. Meanwhile, the hunting and detection capabilities used by Blue Teams are in relative infancy and heavily rely on vendor products and tribal knowledge. This talk will teach Blue Teams how to apply the SDLC to make hunting and detection more predictable and reliable while increasing coverage.
After completing this session, learner will:
- Learn how to apply elements of the SDLC to make hunting and detection more predictable, reliable, and effective
- Gain a new perspective on how to treat detection as code
- Apply hands-on techniques like source controlling detection alerts with Git and using pull requests and peer reviews as change control
- Deploy proven testing processes to detection techniques and alerts, and get tested changes into production
Brian Beyer is the CEO and co-founder of Red Canary, based in Denver, Colorado. Prior to Red Canary, Brian incubated cybersecurity products at Kyrus, where he specialized in building and delivering innovative cybersecurity solutions. He also developed big data processing solutions at Northrop Grumman and worked in computer forensics & intrusion analysis group at ManTech.