Threat Detection cost & value: a few lessons from the field.
Below is a question I started asking myself some years ago when I had realized I could write log-based detection content for a living:
How to determine detection value?
How could customers buy a “detection” if they cannot evaluate its value? Or how could I estimate value for a detection I design?
Just sharing some ideas around this interesting yet controversial topic.