Summary: The video discusses a Black Hills Information Security webcast focusing on detection engineering and alert disposition, featuring Jason Blanchard, Hal Denton, and Paul Lamers. The presenters aim to clarify common misunderstandings about false positives and benign alerts, emphasizing the importance of effective detection engineering in enhancing cybersecurity operations.
Keypoints:
- Jason Blanchard introduces the webcast on detection engineering, highlighting its relevance for those unfamiliar with terms like false positives and benign alerts.
- Hal Denton and Paul Lamers emphasize the significance of alert disposition in evaluating detection effectiveness.
- Detection engineering involves creating detections to identify malicious behaviors, relying on teamwork and insight from both red teaming and incident response experiences.
- The presenters outline a seven-phase lifecycle for detection engineering: collection, research, validation, verification, release, maintenance, and measurement of detections.
- A metaphorical “hot dog paradox” illustrates the confusion surrounding alert dispositions and the importance of clearly defining terms to avoid misleading metrics.
- Paul and Hal present the four quadrants of alert disposition: true positives, false positives, true negatives, and false negatives, emphasizing the need to limit false negatives while managing false positives.
- They discuss a subcategory of dispositions, particularly the controversial “true positive benign” classification and its implications for metric reporting.
- Effective communication and mutual agreement on terminology are vital for maintaining clarity in incident response and detection strategies.
- The presenters encourage interactive participation from viewers, inviting feedback and suggestions for future content, including an upcoming course on detection engineering.
- Hal Denton’s upcoming webcast and training class are highlighted as valuable opportunities for further learning in detection engineering.
Youtube Video: https://www.youtube.com/watch?v=ASau2WoGsRQ
Youtube Channel: Black Hills Information Security
Video Published: Fri, 25 Apr 2025 06:29:48 +0000