-
Detection Engineering 101: Using AI to Write One Rule and Convert It Everywhere
Detection engineering is a beautiful, frustrating, and often tedious art. You write a killer detection for one SIEM, pat yourself on the back, and then—bam—your SOC lead tells you it also needs to work in Splunk. And Sentinel. And whatever other logging monstrosity they’re using this week. Now, you have two choices: Welcome to the…
-
Why SOC Automation Usually Fails: Lessons from the Field
Security Operations Centers (SOCs) are always under pressure—too many alerts, not enough analysts, and an ever-growing attack surface. Enter automation, the supposed magic bullet to eliminate manual work, reduce response times, and make security teams more efficient. Except… it rarely works as advertised. Despite the promises of AI-driven SOAR (Security Orchestration, Automation, and Response) and…
-
The Practitioner’s Guide to Kubernetes Security
Kubernetes has change the way we deploy and manage containerized applications, enabling scalability and automation in ways we never imagined. However, with great power comes great responsibility. Which means a whole lot more complexity and security challenges. From misconfigured RBAC to exposed APIs, Kubernetes clusters are a prime target for attackers. Securing a Kubernetes environment…
-
Securing Data in a Privacy-First World: Challenges and Solutions
I’ve decided to change it up a bit and switch to a conversation on protecting sensitive data in your cloud environments. But, it still has a SecOps feel! I’m focusing on AWS in this post, but this should be applied anywhere, no matter the cloud host. This technical guide dives into how organizations can secure…
-
The Art and Science of Threat Detection: SIEM and Detection Engineering Essentials
I’ve decided to tie this post and one other on Building an Effective Security Operations Program together instead of posting them weeks apart. I wanted to focus on the high level aspect of building out a proper security operations focused on Detection and Response, but I also felt like we needed to really dig into…
-
Building an Effective Security Operations Program: Focusing on Detection and Response
Hey everyone! We’re going to be focusing on building out the core competent of your SOC! This post is going to be pretty high level, not too in the weeds as I want to cover the hot items that go into the average SOC these days. There is a more technical blog along side this…
-
From Detection to Prevention: Crafting a Proactive Threat Detection Strategy
Recently, I’ve been thinking more and more about our Threat Detection processes and what we’ve been doing to increase our detection capabilities. Because of that, I thought I would try and articulate at a high level a relatively normal Threat Detection Strategy that focuses on Detection & Prevention. I’ll be doing a series of posts…
-
The Brutus Botnet
UPDATE 03/14/25 Since publishing our research on what we suspected to be a botnet—Brutus—back in 2024, new findings have surfaced that confirm some of our theories while also filling in the gaps we couldn’t quite close. A recent report from EclecticIQ (link) finally ties Brutus to the Black Basta ransomware operation. Turns out, what we…