Panther

What if you could write your own detection logic as code? 🤔 No more black-box rules or clunky UI forms, we’re talking real code, like Python, with version control and tests. That’s 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧-𝐚𝐬-𝐂𝐨𝐝𝐞,, and it’s changing how security teams work. Here’s why Detection-as-Code is a game changer for SOC teams: 🔄 𝐕𝐞𝐫𝐬𝐢𝐨𝐧 𝐜𝐨𝐧𝐭𝐫𝐨𝐥 & 𝐜𝐨𝐥𝐥𝐚𝐛𝐨𝐫𝐚𝐭𝐢𝐨𝐧: Rules are code, living in Git. Analysts can collaborate on detections, peer-review them, and track changes over time. No more “who tweaked this rule and when?”, the history is all there. ⚙️ 𝐀𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐨𝐧 & 𝐂𝐈/𝐂𝐃: Imagine every new detection or update goes through automated testing (no more typos breaking your SIEM queries), and you can deploy detections like you deploy software. This means fewer false positives and no downtime for rule updates. 🎯 𝐂𝐮𝐬𝐭𝐨𝐦𝐢𝐳𝐚𝐭𝐢𝐨𝐧 & 𝐫𝐞𝐮𝐬𝐞: Your environment is unique, Detection-as-Code lets you easily customize detection logic for your needs. Write once, reuse everywhere. If you need to monitor a new log source or threat, you have the flexibility to craft exactly the right detection. No vendor language limitations holding you back. 🚀 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐞𝐦𝐩𝐨𝐰𝐞𝐫𝐦𝐞𝐧𝐭: Perhaps the best part, it elevates the analyst’s role. You’re not just a consumer of tools, you’re a builder. Teams treat detections like software features, which fosters a culture of engineering and innovation in the SOC. By treating detection rules as code, we bring the agility and rigor of software development into security operations. Analysts become authors of their own detections, leading to faster iteration and smarter defenses.

⏳ Last chance to register 𝐒𝐢𝐦𝐩𝐥𝐢𝐟𝐲𝐢𝐧𝐠 𝐒𝐎𝐂 𝟐 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐰𝐢𝐭𝐡 Panther, Vanta, & Amazon Web Services (AWS). 📅 Tomorrow | Oct 30 | 10 am PT / 1 pm ET SOC 2 prep shouldn’t eat up weeks of your team’s time. If you’re still wrangling spreadsheets, chasing screenshots, and manually checking controls, there’s a better way. Join security experts from Panther, Vanta, and AWS to learn how to: ✅ Automate evidence collection with AWS-native integrations ✅ Reduce audit prep time with Vanta + Panther’s continuous compliance model ✅ Maintain SOC 2 alignment with real-time monitoring and structured log data ✅ Learn best practices from real security teams 👉 Don’t miss it! 𝐑𝐞𝐠𝐢𝐬𝐭𝐞𝐫 𝐧𝐨𝐰 𝐭𝐨 𝐬𝐚𝐯𝐞 𝐲𝐨𝐮𝐫 𝐬𝐩𝐨𝐭. 🔗 https://bit.ly/47rqVfU

Security teams 𝑐𝑎𝑛 win, and we love hearing stories of when they do. Here are a few inspiring examples from companies that leveled up their SecOps by thinking differently: • A fast-growing tech company was drowning in noise. By overhauling their detection approach and tuning out irrelevant alerts, 𝐒𝐧𝐲𝐤 𝐜𝐮𝐭 𝐭𝐡𝐞𝐢𝐫 𝐚𝐥𝐞𝐫𝐭 𝐯𝐨𝐥𝐮𝐦𝐞 𝐛𝐲 𝟕𝟎% 𝐰𝐢𝐭𝐡 𝐏𝐚𝐧𝐭𝐡𝐞𝐫. Less noise = analysts focusing on what truly matters. • Another team faced spiraling log ingestion costs that limited what they could monitor. They switched to Panther, a more scalable, cloud-based SIEM architecture and 𝐬𝐚𝐯𝐞𝐝 $𝟐𝟎𝟎𝐤/𝐲𝐞𝐚𝐫 𝐰𝐡𝐢𝐥𝐞 𝟓×-𝐢𝐧𝐠 𝐭𝐡𝐞𝐢𝐫 𝐯𝐢𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲. (Yes, you can have more data and lower cost – it’s possible!) • Docker’s security team wanted to ingest everything without crushing their analysts with false positives. They adopted Panther, a modern platform with detection-as-code and AI-assisted tuning; the result: 𝟑× 𝐦𝐨𝐫𝐞 𝐝𝐚𝐭𝐚 𝐢𝐧𝐠𝐞𝐬𝐭𝐞𝐝 𝐚𝐧𝐝 𝟖𝟓% 𝐟𝐞𝐰𝐞𝐫 𝐟𝐚𝐥𝐬𝐞 𝐩𝐨𝐬𝐢𝐭𝐢𝐯𝐞𝐬 triggering. Huge win for productivity. What do these teams have in common? They refused to accept the old “that’s just how SIEM is” narrative. They pursued 𝐝𝐚𝐭𝐚-𝐝𝐫𝐢𝐯𝐞𝐧, 𝐚𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐨𝐧-𝐚𝐬𝐬𝐢𝐬𝐭𝐞𝐝 strategies and put analysts first, choosing tools that make the job easier.

AI will solve all our security problems! … Yeah, not so fast. We’ve all heard the hype. Truth is, many teams tried those “AI-powered” SecOps tools and came away disappointed, the results didn’t live up to the marketing promises. The lesson? 𝐀𝐈 𝐢𝐬𝐧’𝐭 𝐦𝐚𝐠𝐢𝐜, especially not on top of a broken foundation. If your underlying SIEM is slow or your data is messy, sprinkling AI on it won’t help much. As one industry expert noted, bolting AI into legacy systems just 𝐞𝐱𝐩𝐨𝐬𝐞𝐬 𝐭𝐡𝐞 𝐜𝐫𝐚𝐜𝐤𝐬 in those systems. So how do we get AI right in security? By first fixing the fundamentals. Security teams need: clean, structured data, context-rich integrations, scalable infrastructure, and transparent detection logic. With that solid base, AI can genuinely assist, handling the grunt work of triaging thousands of alerts, highlighting anomalies, even suggesting query ideas, all in a reliable way. Here’s a quick checklist for being AI-ready in SecOps: ✅ 𝐃𝐚𝐭𝐚 𝐡𝐲𝐠𝐢𝐞𝐧𝐞: Are you collecting and organizing logs/events in a consistent, structured way? ✅ 𝐈𝐧𝐭𝐞𝐠𝐫𝐚𝐭𝐢𝐨𝐧 & 𝐜𝐨𝐧𝐭𝐞𝐱𝐭: Do your tools talk to each other? AI works better when it pulls in context (asset info, user roles, etc.) via robust APIs. ✅ 𝐒𝐜𝐚𝐥𝐚𝐛𝐥𝐞 𝐜𝐨𝐦𝐩𝐮𝐭𝐞: Can your platform handle analyzing a tsunami of data quickly?  ✅ 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐥𝐨𝐠𝐢𝐜 𝐠𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞: Are your detection rules well-managed and transparent? AI suggestions or automation should be auditable and based on rules we trust. When those pieces are in place, then bring on the AI! 🤖✨ That’s when you get value, fewer mundane tasks on an analyst’s plate and faster pouncing on real threats.  

𝐎𝐧𝐞 𝐰𝐞𝐞𝐤 𝐥𝐞𝐟𝐭 𝐭𝐨 𝐫𝐞𝐠𝐢𝐬𝐭𝐞𝐫: Simplifying SOC 2 Compliance with Panther, Vanta, and Amazon Web Services (AWS). Security teams shouldn’t be burning hours pulling logs and screenshots for audits. Manual control checks, log pulls, and last-minute prep eat into time better spent on actual security work. In this session, you’ll learn how teams are: ✅ Automating log retention, control mapping, and evidence collection ✅ Generating real-time alerts tied to SOC 2 monitoring controls ✅ Using Vanta + Panther together to cut audit prep from weeks to hours ✅ Staying audit-ready year-round with AWS-native integrations 🎙️ Speakers: Mike Olsen (Director Partner Solution Engineer, Panther), Gavin Matthews (Group Product Manager, Vanta), John B. (Partner Solutions Architect, AWS) 🔗 https://lnkd.in/gSbcS32x

11:47 PM - You’re on a call, and an alarm blows up your dashboard. Critical alert. 🌐 Your heart jumps. 11:52 PM - You remote-in, check logs. It’s another failed login brute-force alert… on the same server as yesterday. 𝐅𝐚𝐥𝐬𝐞 𝐩𝐨𝐬𝐢𝐭𝐢𝐯𝐞. Again. 2:30 AM - Ping! Another one. This time an “exfiltration” alert. It’s just a backup job misbehaving. You clear it, try to catch some sleep before morning. Sound familiar? This cycle is 𝐚𝐥𝐞𝐫𝐭 𝐟𝐚𝐭𝐢𝐠𝐮𝐞 in action. And it’s the bane of every security analyst’s life. We’re fighting automated attackers with manual, human effort… and burning out in the process. No wonder the average SOC analyst lasts barely 2 years in the role. The truth is, adding more analysts won’t fix this. When every alert requires 10 steps to triage, more bodies just means more burnout. We need smarter filtering, better tooling, and workflows that don’t treat humans like CPUs. Let the repetitive stuff be handled by automation or smarter detection logic, so we’re not waking up the whole team for a glitch in the script. Something has to change in how we handle alerts and support our analysts. Let us show you how Panther AI steps up to the challenge. 𝐓𝐨 𝐭𝐡𝐞 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐟𝐨𝐥𝐤𝐬 𝐫𝐞𝐚𝐝𝐢𝐧𝐠 𝐭𝐡𝐢𝐬: How are you coping with alert fatigue? Have you found strategies or tools that actually help? Let’s share what works (and what doesn’t), we all need the help! 💬

“𝐈 𝐍𝐄𝐕𝐄𝐑 𝐖𝐀𝐍𝐓 𝐓𝐎 𝐁𝐔𝐘 𝐀 𝐒𝐈𝐄𝐌 𝐀𝐆𝐀𝐈𝐍.” That’s what a veteran CISO told us, and we can’t blame them. Traditional SIEMs have become a bad word in security circles. They’re expensive, they’re noisy, and they’re 𝐬𝐥𝐨𝐰 to adapt. Think about it: if an alert takes ~45 minutes to investigate and your SIEM triggers thousands per day, the math simply doesn’t work. Teams are 𝑑𝑟𝑜𝑤𝑛𝑖𝑛𝑔 in alerts, cutting log coverage to control costs, and still missing attacks. We’ve hit a human ceiling in SecOps, and it’s not our people’s fault, it’s the legacy tools and workflows holding them back. The #SIEMRevolution is about 𝑏𝑟𝑒𝑎𝑘𝑖𝑛𝑔 𝑓𝑟𝑒𝑒. It means adopting an architecture that is cloud-native and 𝐀𝐈-𝐫𝐞𝐚𝐝𝐲, not a clunky box of yesterday’s tech. It means a platform that scales with your data (so you never have to drop logs to save money) and automates grunt work (so analysts can focus on real threats). No more vendor lock-in trade-offs, no more choosing between 𝐜𝐨𝐯𝐞𝐫𝐚𝐠𝐞 𝐯𝐬 𝐜𝐨𝐬𝐭. Security teams deserve tools that empower, not exhaust. It’s time we stop accepting the old way and demand a SIEM that lets us work 𝑠𝑚𝑎𝑟𝑡𝑒𝑟 𝑎𝑛𝑑 𝑓𝑎𝑠𝑡𝑒𝑟. 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧: Have you felt the pain of legacy SIEMs in your security team? What would 𝑦𝑜𝑢 change first to spark a revolution in SecOps?

“𝐈 𝐍𝐄𝐕𝐄𝐑 𝐖𝐀𝐍𝐓 𝐓𝐎 𝐁𝐔𝐘 𝐀 𝐒𝐈𝐄𝐌 𝐀𝐆𝐀𝐈𝐍.” That’s what a veteran CISO told us, and we can’t blame them. Traditional SIEMs have become a bad word in security circles. They’re expensive, they’re noisy, and they’re 𝐬𝐥𝐨𝐰 to adapt. Think about it: if an alert takes ~45 minutes to investigate and your SIEM triggers thousands per day, the math simply doesn’t work. Teams are 𝑑𝑟𝑜𝑤𝑛𝑖𝑛𝑔 in alerts, cutting log coverage to control costs, and still missing attacks. We’ve hit a human ceiling in SecOps, and it’s not our people’s fault, it’s the legacy tools and workflows holding them back. The #SIEMRevolution is about 𝑏𝑟𝑒𝑎𝑘𝑖𝑛𝑔 𝑓𝑟𝑒𝑒. It means adopting an architecture that is cloud-native and 𝐀𝐈-𝐫𝐞𝐚𝐝𝐲, not a clunky box of yesterday’s tech. It means a platform that scales with your data (so you never have to drop logs to save money) and automates grunt work (so analysts can focus on real threats). No more vendor lock-in trade-offs, no more choosing between 𝐜𝐨𝐯𝐞𝐫𝐚𝐠𝐞 𝐯𝐬 𝐜𝐨𝐬𝐭. Security teams deserve tools that empower, not exhaust. It’s time we stop accepting the old way and demand a SIEM that lets us work 𝑠𝑚𝑎𝑟𝑡𝑒𝑟 𝑎𝑛𝑑 𝑓𝑎𝑠𝑡𝑒𝑟. 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧: Have you felt the pain of legacy SIEMs in your security team? What would 𝑦𝑜𝑢 change first to spark a revolution in SecOps?

This weekend, we went coast to coast 🛫 ☀️ First stop: CIO Scholarship Fund Golf Tournament in San Francisco, an event that brings tech leaders together to invest in future talent and build community. 🗽 Next stop: BSides New York, the grassroots, volunteer-run security conference that’s all about hands-on learning, new ideas, and real practitioner energy. We loved meeting so many of you – old faces, new connections – and being part of two very different but equally inspiring communities. Thanks to everyone who made time to chat, share, learn, and challenge the status quo. Until next time 👋 #BSidesNYC #CIOFund #Cybersecurity #Panther

“Attackers move in 30 seconds. Most SOCs still need 20 minutes to react.” In the latest episode of the 𝐷𝑒𝑡𝑒𝑐𝑡𝑖𝑜𝑛 𝑎𝑡 𝑆𝑐𝑎𝑙𝑒 podcast, Panther founder Jack Naglieri sits down with Andrew Casazza (AVP Cyber Security Operations, Ochsner Health) to talk about how his team is closing that gap with 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐰𝐨𝐫𝐤𝐟𝐥𝐨𝐰𝐬: • AI surfaces critical context before an analyst even sees the ticket • Guardrails keep high-impact actions in human hands • Analysts stay focused on decisions, not busywork 🎧 Listen: https://lnkd.in/gbXQcXj8 𝐖𝐡𝐚𝐭’𝐬 𝐭𝐡𝐞 𝐛𝐢𝐠𝐠𝐞𝐬𝐭 𝐬𝐥𝐨𝐰𝐝𝐨𝐰𝐧 𝐛𝐞𝐭𝐰𝐞𝐞𝐧 𝐚𝐥𝐞𝐫𝐭 𝐚𝐧𝐝 𝐚𝐜𝐭𝐢𝐨𝐧 𝐨𝐧 𝐲𝐨𝐮𝐫 𝐭𝐞𝐚𝐦?