Kyle Bailey

I released a new version of the detection engineering maturity matrix at detectionengineering.io. This update adds sub-categories to make the matrix more consumable and includes a few content updates.

@0x4D31 Thanks!

a good read by @KyleBailey22! linkedin.com/pulse/bitter-l…

Just downloaded Gemini Live, and I’m absolutely blown away. Speaking directly to AI with zero latency—this voice interaction is the future of consumer AI. Incredible work, @sundarpichai. Truly groundbreaking. Try it immediately: apps.apple.com/us/app/google-…”

@anton_chuvakin Aka “If you give a mouse a cookie” SecOps edition

So, I am writing a blog on "if you have a #SOC, and somebody gave you a $1m, what is the best way to spend it?" (1/3)

🚨 Breaking: A zero-day vulnerability (CVE-2024-47575) has been observed impacting Fortinet FortiManager devices, posing serious risks. Learn how the exploit works, and how to defend against the threat. Read more -> bit.ly/4hbqmuR #ThreatIntelligence

This is still true about APT, 10 years later. China is more advanced than they were and Russia more persistent.

Oh god this is so profoundly ignorant, for an audience as uneducated as he is. The completely independence of the central bank is what separates good economies from bad. There's no such thing as having some sort of "gut feel" that's better than a team of experts analyzing huge amounts of data. It's incredibly narcissistic for anybody to think they can do this. Trump famously wanted to meddle for political reasons. He wanted the Fed to lower rates in 2020 to improve his election chances by boosting the economy, and he's been telling the fed not to lower rates before the 2024 election to hurt Biden's chances. Sure, lowering rates in 2020 as Trump wanted would've temporarily boosted the economy, but the consequence would've been even more inflation a year later. Examples of countries with economies driven into the ground are Hugo Chavez's Venezuela. Chavez took over the central bank, started printing money, caused massive inflation, and moved Venezuela from one of the richest Latin American countries to one of the poorest. Trump's gut instincts are political ones. He'd tell the Fed to do things that are best for him (as he's already done) rather than what's best for us. This is why in every advanced/rich nation in the world takes great pains to keep their central banks out of control/influence of politicians, to prevent from happening exactly what Trump wants to happen.

🚀 Dive into our latest blog to see how Gemini 1.5 Flash is changing malware analysis! Tested with 1,000 files from @virustotal, it processes each in just 12 seconds. Get fast, accurate reports! ⚡️ Read more: bit.ly/3SsOLRC #MalwareAnalysis #Gemini #AI

@0x4D31 I kind of see your point, but I think if someone designs, implements, tests, debugs, maintains, etc detection rules I would consider that DE. It’s effectively the same engineering process as a SWE the output is just different.

please respond if you consider yourself a detection engineer (and not a security analyst), or if you have opinions about what DEs should be doing. there's no right or wrong answer. :-) q: as a detection engineer, I (also) do:

Heard an interesting comparison today… Cloud control plane detection is really hard because it is essentially comparable to doing endpoint detection using only LotL bins.

My team is hiring a cloud detection engineer in Austin. This is a pretty unique opportunity to build detection with a lot of threat data and resources at your fingertips 😊 please apply if you’re interested: google.com/about/careers/…

@jorgeorchilles Ya! Same here

@KyleBailey22 Obviously 😂 It has been a while man! My fault since I haven’t been around the bird site

Just heard on a webinar that #purpleteam is hard and expensive. Do you agree?

@kpolley @runpanther Interesting… @jack_naglieri

I created a chatbot that can search and understand @runpanther's public threat detection repo. It was wildly easier to do than I expected! Every DevX team should be exploring how fine-tuned, internally-facing AIs can improve the engineering and operations experience. This is so cool

@ateixei Also.. hot new TTP that APT x used once 6 months ago

How to prioritize a detection backlog? #DetectionEngineering

@cyb3rops Tracer T

Sorry @jsecurity101 but this might be one of the worst takes of all time 😂

Purple Teams surface issues with telemetry ingestion, alerting/detection logic, and detection/response processes. Do more Purple Teams!

If we’re talking about cloud control plane detection I think the short answer is everything could be considered living off the land. Lolapis.

@ateixei I can think of a few vendors this might be, are you able to share who it is?

"Teams can query data using SQL, Python, or other preferred languages, rather than being restricted to proprietary languages associated with SIEMs." Next PoC candidate. Please.