DIY: In-house Threat Detection Engineering
As organizations evolve in terms of detection & response capabilities, more than a decade old SIEM remains an enterprise security must, acting as one of the main platforms within a cyber defense program.
Despite being overshadowed by easy to justify initiatives like vulnerability management, investments in SIEM will be among the fastest-growing, with Security Analytics playing an important part.
As F-Secure's Mikko Hypponen says:
Every company is a software company.
In addition to in-house built, custom applications, for pretty much every new technology an enterprise brings in, it is likely producing new telemetry which is the 'raw material' for widening the detection surface.
Given the amount of non-standard data types and distinct threat models or different priorities seen in enterprise environment, it comes as no surprise that organizations should not rely on vendors to come up with ways to leverage that data for detection.
In other words, it's rather naive to assume or expect that a set of out of the box rules shipped with a product (aka canned content) will be able to fulfill even the basic needs when it comes to detection coverage.
