The New Rules of Detection Engineering

← View all sessions

Detection engineering is no longer about coverage, volume, or catching everything. As environments become more dynamic and attackers more targeted, the value of a detection is defined by whether it drives the right action at the right time.

In this session, experienced practitioners break down the new rules of modern detection engineering - grounded in real-world SOC and MDR environments. We’ll explore how detection-as-code changes the way teams build, test, and maintain detections; why risk-driven detection strategies outperform volume-based approaches; and what “high-fidelity” actually means as we head into 2026.

This session is designed for security ICs who live in the gap between theory and reality. Attendees will leave with practical guidance on what to prioritize, what to stop doing, and how to design detections that reduce noise, support SLAs, and improve security outcomes under real operational pressure.