Detection Engineering Dispatch

Join Snowflake’s Insider Threat team for a direct discussion on separating everyday behavioral drift from true malicious intent. We examine role changes, privilege creep, and off-hour access, showing how context—identity, project timelines, and data lineage—sharpens detection and reduces noise. The conversation ends with a clear-eyed look at the trade-off between missing an insider and overwhelming analysts with false alerts, offering practical guidance for any modern UBA program.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

LLMs are rewriting the rules of app security—and not always in a good way.In this episode Alex sits down with Scott Rogers, a seasoned data scientist at ANvilogic to unpack why LLMs are the new wild west of application risk—and how old-school OWASP principles are making a serious comeback.We cover:Real-world prompt injection failures (yes, including Air Canada’s rogue chatbot)How RAG systems can accidentally leak sensitive dataWhy GenAI risk ≠ traditional appsec—but it rhymesHow classic tools like SAST, DAST, and logs can still save your baconWhether you're threat modeling your first LLM system or already knee-deep in GenAI, this episode is full of spicy detection ideas, war stories, and practical advice you won’t want to miss.Stay in the loop! Connect with us:Join Dispatch Community: https://www.anvilogic.com/workshopWebsite: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this discussion, Oliver Rochford, founder of aunoo.ai and writer of the Curious AI newsletter, reveals essential truths about agentic AI. He highlights the misconceptions surrounding autonomy in AI agents, the danger of 'agent washing,' and the need for critical oversight in security operations. Rochford emphasizes the importance of reliable data and human collaboration, challenging listeners to rethink the hype around AI technologies. The conversation underscores the necessity for clear communication and foundational infrastructure to successfully leverage AI in cybersecurity.

Join John Dempsey, Senior Manager of Security Operations at the National Audubon Society, as he shares his expertise on optimizing detection logic. He reveals five signs that your detection rules may be too complex, potentially causing alert overload. John emphasizes the importance of clarity in detection design and the dangers of over-engineering systems. The conversation also touches on simplifying detection processes with AI and encouraging creative approaches in cybersecurity, all while maintaining effectiveness and transparency within teams.

Mike Hart returns to walk through URL Guardian, our new LLM for malicious URL detection. Now live on HuggingFace, it’s built to spot suspicious patterns and reduce false positives—without the regex headaches.Check out the Hugging Face here: https://huggingface.co/Anvilogic/URLGuardianStay in the loop! Connect with us:Join Dispatch Community: https://www.anvilogic.com/workshopWebsite: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Alex sits down with Kevin Gonzalez to pull back the curtain on User and Entity Behavior Analytics (UEBA), and expose the gap between its promises and real-world pitfalls. Hear his stories from the trenches of deploying UEBA multiple times at different organizations, and his blueprint for how teams should align UEBA with real attacker behaviors.Read his blog about his experience: https://www.anvilogic.com/learn/bg-ue...If you want to join our sessions live, join our community here: https://www.anvilogic.com/workshopStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Our last drop for International Women's Month featuring Sydney Marrone—Principal Threat Hunter at Splunk and co-author of PEAK Threat Hunting—to explore how ML-driven techniques are transforming detection strategies.Tune in to hear Sydney and Alex break down real-world applications of advanced analytics to surface threats hidden in HTTP datasets. Check out the HEARTH community on their github here: https://github.com/THORCollective/HEARTHIf you want to join our sessions live, join our community here: https://www.anvilogic.com/workshopStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

This International Women’s Month, we’re celebrating leaders and supporters driving the future of threat hunting and detection engineering. Next up in our series is Edna Jonsson, a cybersecurity engineer and forever student of the trade, introducing DECEIVE—Splunk’s new DECeption with Evaluative Integrated Validation Engine.DECEIVE brings AI-powered honeypots directly into the hands of security teams, opening new possibilities for proactive threat intelligence and modern detection strategies.If you want to join our sessions live, join our community here: https://www.anvilogic.com/workshopStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Tune in with us for a discussion on HEARTH—a community-driven threat hunting GitHub repository that you’re going to want to fork as well as the importance of community intel-sharing.This episode is about community, innovation, and the women leading the way in threat hunting. Happy International Womens Month! Check out the HEARTH community on their github here: https://github.com/THORCollective/HEARTHIf you want to join our sessions live, join our community here: https://www.anvilogic.com/workshopStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, host Alex Hurtado welcomes back Andrew VanVleet, who breaks down a comprehensive approach to technique analysis using Detection Data Models (DDMs). Andrew walks through a 10-step process for analyzing Kerberoasting (T1558.003), identifying four distinct attack procedures and their detection strategies. Learn how to map telemetry to detection opportunities, recognize security blind spots, and develop multi-layered strategies that make successful attacks nearly impossible. Grab your notebook for this workshop-style episode that transforms complex threat modeling into actionable defense strategies that will leave attackers rolling the dice against increasingly unfavorable odds.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.