We need better detection feedback loops – Michael Mumcuoglu – ESW #399
It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however.
Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working?
In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections.
Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again.
Guest
Michael is a serial entrepreneur that is passionate about technology, cybersecurity and leadership. Prior to CardinalOps, Michael co-founded LightCyber, a pioneer in behavioral attack detection acquired by Palo Alto Networks (NYSE: PANW) in 2017 where he served as Vice President of Engineering for the Cortex XDR platform. Prior to founding his three startups, Michael served in various cybersecurity roles in an elite intelligence division of the Israel Defense Forces.
Hosts
