Detection Engineering Dispatch

In this episode of Detection Dispatch, host Alex Hurtado welcomes Jimmel Peters (JP), a seasoned cyber threat detection engineer from a major media company, to unpack the million-dollar question: why are so many security teams still scratching their heads over detection engineering, even though everyone's talking about it? JP breaks it down for us, walking through how the field has evolved from a "nice-to-have" into an absolute necessity. He shares his take on why behavioral analysis is the new hotness in detection strategies. Plus, get the scoop on AI's impact, dealing with those pesky false positives, and why you really (really!) need to test your detection rules before pushing them live. If you're looking to level up your detection game, this conversation is packed with practical wisdom you won't want to miss.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Dispatch, host Alex Hurtado welcomes Lee Archinal from Intel 471 to dive deep into 12 significant emerging threats observed in late 2024. From Dark Casino's financial sector targeting to the devastating healthcare attacks by Phobos ransomware, discover the latest threat actor behaviors and practical detection strategies. Learn how to leverage Intel 471's hunting packages across major EDR platforms and understand the critical intersection between threat hunting and detection engineering. Whether you're dealing with novel SEO poisoning techniques or familiar Living-off-the-Land (LOL) binaries, this episode provides actionable intelligence and detection logic you can implement today.Get the comprehensive PDF guide with detailed hunting packages here: https://hubs.ly/Q0344ZZ00Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, host Alex Hurtado welcomes Zack Allen, the creator of Detection Engineering Weekly and Sr. Director of Security Detection & Research, to explore the traits of high-performing detection engineers. Discover why having "T-shaped" skills (deep knowledge in one area while maintaining broader understanding across domains) trumps being a pure specialist, and learn how psychological safety and blameless culture drive team success. Zack shares insights on emerging trends like Detection-as-Code (DaC) and AI integration and reveals why cross-team collaboration is crucial for effective threat modeling. Whether you're building a detection engineering team or looking to level up your skills, this episode offers practical wisdom from years of security leadership experience.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, Alex sits down with Sergio Albea, an accomplished Threat Hunter, Researcher, User Behavior Analyst, and Senior Cloud Security Engineer/Architect, to share a must-have resource for detection engineers: the Top 10 KQL Queries of 2024.From detecting DLL hijacking and MFA fatigue to uncovering anonymous file access in OneDrive and SharePoint, we’ll walk through each query and the data feeds/sources required for detection and discuss their practical uses. Whether you’re new to KQL or an experienced user, these queries are designed to elevate your detection capabilities.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode, Alex sits down with the brilliant Mike Hart, a data scientist whose mission is to outsmart the sneaky world of typosquatting attacks. Just in time for the holiday shopping frenzy, we explore how his open-source project leverages LLMs to safeguard users from clicking on malicious look-alike links.With online holiday shopping being a prime target for this attack vector, the risks of not double-checking URLs are bigger than ever. Organizations, especially those operating in hybrid environments, need to stay vigilant.Mike blesses us with how his LLM (available to deploy and use from Hugging Face) automates detection, saves precious time, and fights back against a landscape where vendors often prioritize profit over protection.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

Wade Wells, detection engineer and founder of WadingThruSecurity, brings practical Detection-as-Code experience. He explains treating detections like software, using version control and CI/CD. Conversations cover testing challenges, documentation strategies, cross-team alignment, centralizing repos, mapping to MITRE, and practical tips for adoption and automation.

In this episode, host Alex Hurtado chats with Micah Funderburk and Alex Stemaly, two detection engineering forces from LastPass, about their impressive risk-based alerting (RBA) system within Microsoft Sentinel. Dive into the world of entity correlation as they break down tagging key entities, stacking risk scores, and leveraging Microsoft's Advanced Security Information Model for data normalization.Learn how RBA aggregates events to provide valuable context for security analysts and explore the intricacies of building risk scores based on impact, confidence, and asset information. Discover the benefits of deploying detections-as-code and the importance of constant communication with security operations partners.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Engineering Dispatch, host Alex Hurtado chats with Chris Black, Sr. Detection Engineer at NBCUniversal, to reveal what it really means to be a Detection Engineer. Chris shares his journey from incident responder to detection engineer, diving into why creative problem-solving, a mix of red and blue team insights, API security know-how, and self-care are keys to thriving in this high-demand field. Because let’s face it—not all heroes wear capes… some write solid detections!Grab a seat and get the scoop on what it takes to excel in detection engineering. Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Engineering Dispatch, host Alex Hurtado sits down with Brady Stouffer, a Principal Detection and Response Engineer at Expel, to uncover the secret sauce behind effective alert management. Learn how to strike the perfect balance between detection coverage and alert fatigue through risk-based alerting, strategic threat hunting, and the art of creating alerts that tell a story. Brady shares practical insights from years of implementation experience, demonstrating why good alerts need context and how threat hunting can uncover critical visibility gaps in your security operations.Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering DispatchDetection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.

In this episode of Detection Engineering Dispatch, host Alex Hurtado sits down with Reanna Schultz, creator of the Defenders and Lab Coats podcast, to discuss how the rise of security data lakes is reshaping the skills needed to succeed in the modern security operations center (SOC). Reanna shares her unconventional journey into cybersecurity, emphasizing the importance of continuous learning and the value of the collaborative cybersecurity community.Discover key insights on understanding the diverse roles within a SOC, combating analyst burnout by finding your passions and focusing on value-added tasks, and leveraging metrics to drive impactful changes across the organization. [Disclaimer: The views and opinions expressed by Reanna Schultz in this podcast are solely her own and do not necessarily reflect her employer's official policy or position.]Join our live conversation bi-weekly on Thursdays! You only have to register once:➡️ Register HereStay in the loop! Connect with us on social:Website: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.youtube.com/@Anvilogic About Detection Engineering Dispatch Detection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.