Thanks for this insightful article. I'm just left wondering: what about ML? The use case seems attractive, since the rules to flag suspicious "behavioural patterns" would not even need to be written by someone. The sheer amount of logs considered also seems to indicate that it is a good fit. I imagine there are already companies betting on that to improve the quality of security signals across the organization.
Don't you think that detection engineering will be more influenced by data engineering in the future?
There are definitely parameters (thresholding or allow/deny, for example) within this style of detection that could benefit from ML. And I do believe that a good Defense-in-Depth practice correlates the output of several detection techniques together for higher fidelity.
Detection Engineering should never be required to learn data engineering in the future, the onus should be on the SaaS providers.
Hi Jack,
Thanks for this insightful article. I'm just left wondering: what about ML? The use case seems attractive, since the rules to flag suspicious "behavioural patterns" would not even need to be written by someone. The sheer amount of logs considered also seems to indicate that it is a good fit. I imagine there are already companies betting on that to improve the quality of security signals across the organization.
Don't you think that detection engineering will be more influenced by data engineering in the future?
There are definitely parameters (thresholding or allow/deny, for example) within this style of detection that could benefit from ML. And I do believe that a good Defense-in-Depth practice correlates the output of several detection techniques together for higher fidelity.
Detection Engineering should never be required to learn data engineering in the future, the onus should be on the SaaS providers.