Why This mission matters
Sebastien and Fred have spent almost a decade together. We focused on building methods of collection and models of detection, fraud, and malicious behavior in various SIEMs. Through founding the Global Security Practice at Splunk, our customer-focused work drove an IT troubleshooting tool into Gartner’s top SIEM, and founded a research team to continue to get deeper in customer problems. At Devo, we built the first security product (SIEM) at Devo, focusing on the operators, detection content and intuitive operation. Over time, we have done massive amounts of research on Threat Intelligence, open source product contribution, Detection content creation, Adversary techniques application, machine-learning model crafting and building innovative methods to defend against industry-level threats.
We started this project to revolutionize a problem SIEM vendors had validating their detections worked for their customers. In essence, we realized we had contributed to a problem now plaguing the industry. Customers always asked a very simple question we could not answer well enough, “How do you know this detection will catch bad guys?”. The SIEMs we were building and the service providers we supported, could not measure their detections or responses to threats.
In response to this, we created an engine to generate any type of attack, simple or nation-state-level campaign, model poisoning attacks, you name it. Using a descriptive language to describe attack behaviors, we generated events in defensive technologies agnostic of the technology itself to see how the detection ecosystem performed. Through our efforts collaborating with DoD, we battle-tested our concept in one of the most sophisticated environments in the world. The concepts behind Detecteam were born in the fire of some of the most demanding ecosystems in the world. Now, we have made the support of that mission, Detecteam.