November 17, 2023 at 09:02AM
At Black Hat Europe, senior staff engineer Allyn Stott from Airbnb will discuss the need for a proactive approach in detecting and responding to modern attackers. Stott emphasizes the importance of involving the entire organization and aligning skill sets during the design and development phase. He suggests considering third-party security operations centers (SOCs) for support during the product building phase. Finally, Stott highlights the significance of using metrics to evaluate and report the program’s performance.
The key takeaways from the meeting notes are as follows:
1. A robust and comprehensive detection and response program is essential for combating modern attackers.
2. Challenges such as alert fatigue, costly tools, talent acquisition difficulties, and an overworked team hinder progress.
3. The focus should shift from reactive to proactive detection and response.
4. It is important to shift the focus from technology tools and vendors to the capabilities of the security team.
5. Collaboration and alignment with other teams in the organization is crucial for a modern detection and response approach.
6. The implementation of threat detection and response modernization should involve four phases: assessment, design and development, buying and product building, and evaluation and reporting.
7. Understanding and aligning skill sets are crucial to avoid building tools beyond the team’s capabilities.
8. Consider bringing in a third-party SOC to build the program while still being operational.
9. Metrics that tell a story about the program’s performance are important for evaluation and reporting.
10. Tying metrics to top threats, environments at risk, and incident trends will help in securing funding and additional headcount for the program.