Best Practices for Detection as Code

When I was young, a teacher once told me, while it’s important to learn from your mistakes - learn from the mistakes of others. It’s less painful. It appears that the realm of threat detection has not done a good job of adopting that lesson. An overwhelming number of rules, outdated rules, flooding incident response with alerts, redundant detections, slow deployments - these are just a few of the problems that many security operations teams face. Fortunately, many of these problems have already been solved by those in the software development, site reliability engineering, and cloud engineering fields. Decades of software development has produced an immense amount of knowledge and lessons learned that the security industry can adopt to solve similar problems. By embracing their best practices for infrastructure as code, deployment engineering, and management process, security teams can build effective and scalable threat detection operations. In this talk, I’ll present how Snowflake has adopted these principles into our security architecture and discuss our triumphs and failures so you can learn from our mistakes (it’s less painful that way).

Register Today!