The traditional approach to managing detection rules often involves a continuous process of manual edits, which can lead to errors, unactionable alerts, and missed events. This poses a significant challenge to effective security operations.

With detection-as-code, organizations can cultivate operational confidence by ensuring that existing rules run as expected while establishing a version-controlled source of truth for threat detection logic.
Discover how Stavvy leverages detection-as-code and implements it using Terraform and Datadog to enhance security operations. Learn from our experiences, understand the benefits, and explore why we've adopted this approach as a standard across our organization.

From understanding the concept to exploring real-world examples, this session will equip you with insights to streamline security operations and enhance your organization's security posture. Whether you're new to the concept or looking to optimize your existing processes, this talk is useful for all levels of technical expertise. Don't miss this opportunity to learn from our experiences and unlock the potential of detection-as-code in your environment!

Any chance for logs to contain personally identifiable information (PII) poses a security risk. Because of this, certain industries and locations have laws and regulations that restrict PII from being logged. But detailed logs are also critical for finding, investigating, and resolving issues in your applications. With huge volumes of logs moving between many different sources and destinations, how can you ensure that you don't inadvertently log and potentially leak PII, all while also enabling developers to capture insightful observability data without placing extra burdens on them?

In this session, Block's Leigh Maddock and Kaiqi Yang will share how they designed and implemented a systematic, three-tiered method of filtering PII from logs. You’ll hear about the tools they used, the challenges they faced, and how they overcame them. You’ll come away with a clear understanding of how to filter private data from your own telemetry.

The engineering team at SiriusXM, North America’s leading audio entertainment company, was tasked with launching a next-gen streaming platform. These new digital capabilities were slated to replace their long-term heritage systems and deliver an upgraded, reliable audio experience to 34 million subscribers. And they were given an ambitious deadline: just one year!

Join Rachel Uhrig, VP of Engineering Excellence at SiriusXM, as she shares how her team developed a reliability-engineering program that ensured a successful product launch, and that still persists post-launch. The program included monthly readiness days where hundreds of engineers and seven organizational units across nine time zones performed live chaos testing. You’ll learn how building a culture of reliability can reduce risks when launching new products, and improve reliability for the ones that are already in production.

In today's world, security is not only a necessity but also the foundation upon which entire ecosystems rest. At large organizations like FanDuel, we grapple with common yet complex questions: What are the patterns among our numerous source code repositories? What constitutes the ideal state and how does that differ from what exists in production"?

The ability to build and automatically maintain a centralized inventory of our production services forms a vital cog in this machinery, central to our application security strategy. Who owns this service? When was it last deployed? Where is the code? These are all questions that sound simple but turn out to be challenging to reliably and consistently answer at scale.

In our presentation, we will demonstrate how inventory ties into vulnerability management by performing a vulnerability scan and aggregating the results in a Datadog dashboard.

Join us to learn more about FanDuel's approach to application security, along with valuable lessons at the intersection of application security, service catalog design, and vulnerability management.