Threat Detection cost & value: a few lessons from the field.

Below is a question I started asking myself some years ago when I had realized I could write log-based detection content for a living:

How to determine detection value?

How could customers buy a “detection” if they cannot evaluate its value? Or how could I estimate value for a detection I design?

Just sharing some ideas around this interesting yet controversial topic.

Risk management, anyone?