<!-- .slide: class="title" --> ## Conclusions ### What have we learned? * Detection engineering is an exciting field of Cyber Security * More than just typing queries into the SIEM! * Thinking about improving odds of detection strategically * Has an engineering and design component. --- <!-- .slide: class="content" --> ## Conclusions * Attackers can change their attack to subvert detection! * Perfect is the enemy of the good! * Detections do not have to be perfect! * Different detections can cover off on each other * By adding a lot of different detections it makes it very difficult to bypass. > We only need one rule to hit for the adversaries to have a bad day!