CatsCrdl

CatsCrdl

Daniel's thoughts on infosec

The Pillars of Security Monitoring: A Comprehensive Guide

Why do the distinctions between threat detection and abuse detection matter? Is vulnerability management related to posture monitoring? We'll cover how these, and other security capabilities, are all related yet distinct under the umbrella term of 'Security Monitoring' and how that relates to the SOC vs SOCLess architecture.

Daniel Wyleczuk-Stern

19-Minute Read

Security Monitoring Pilalrs

As you may know by now if you’ve read a few of my blog articles, I’m a big fan of decomposing ideas in threat detection into various frameworks. This latest blog post will touch on another area that I feel strongly about - specifically, that detection engineers need to take a step back and realize that they’re part of a larger “security monitoring” capability which consists of related but distinct pillars. We’ll explore these interrelated pillars of security…

Detection as Code: A Maturity Framework

Detection as Code (DaC) is transforming how we handle threat detection by merging software engineering practices with security operations. Breaking down DaC into functional areas can enhance your organization's detection capabilities and maturity.

Daniel Wyleczuk-Stern

11-Minute Read

Detection as Code Maturity Improvement

In the ever-evolving landscape of cybersecurity, the methodologies and tools we rely on are continually advancing. One of the latest trends is Detection as Code (DaC), which promises to revolutionize threat detection by integrating software engineering practices into security operations. Having worked in an organization that practices DaC for several years, I’ve come to realize that it’s not simply a matter of whether or not to adopt DaC.

There are Only Two Rules

One mental model I've maintained for a long time is that there are only two types of detection rules. We'll cover what those rules are and why this distinction matters.

Daniel Wyleczuk-Stern

12-Minute Read

A cyber security professional offering a choice between a red pill and a blue pill in a style reminiscent of the Matrix. The scene captures a futuristic and mysterious atmosphere.

In the field of detection engineering, understanding and applying the right frameworks is crucial for effectively identifying and responding to threats. Mental models provide a structured way of categorizing and approaching the myriad of security alerts and anomalies we face daily. These models help us dissect and understand the behavior of potential threats, allowing for a more targeted and effective defense strategy. In this blog post, I’ll explain how I use one mental model to clearly…

Recent Posts

Categories

About

A random collection of thoughts on cybersecurity.