Threat detection isn’t a new concept, and detection and response teams have been around for decades. Today, security teams tasked with keeping their organizations safe must do so in a much faster world filled with ballooning amounts of data, sophisticated adversaries, and increasing cloud complexities. However, many teams are trying to combat threats with processes and approaches that are still designed for the past and tools that have yet to be kept up. In my ten years in incident response, I saw that while security teams had the skills and talent, they needed more effective approaches.
What is the best tool that security practitioners can use today? Detection-as-code. Here’s why.