October 18, 2021

EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection



Topics covered:

  • What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad?
  • How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific?
  • What should we do to build more good directions? Is this all about reducing false positives?
  • Can we really measure false negatives? How can we approach this?
  • How can we test for detection goodness in the real world? What are the methods that work? It can’t be just about paper ATT&CK coverage, right?
  • What are your top 3 tips for improving the detection practice at an organization?

Do you have something cool to share? Some questions? Let us know:

View more episodes