Detection engineering is no longer just a SIEM problem, it’s a company-wide challenge. As modern threats evolve, organizations must build detection rules that span SIEM, EDR, NDR, and beyond. The rise of attacks like Living Of the Land Binaries, Scripts and Libraries (LOLBAS) has dramatically increased the number of required detections rules, forcing security teams to rethink their coverage models.

This talk will explore how Logpoint is working on redefining threat detection coverage by centralizing detections lifecycle management from different detection tools like SIEM, EDR, NDR, identifying gaps, and ensuring organizations stay ahead of attackers.

We’ll also tackle a critical challenge: false positive tuning at scale is broken – whitelists are dead. Instead, security teams must leverage advanced statistics, tracking false positive (FP) rates per detection and per observable, to refine their defense strategies.

Attendees will walk away with insights into:

• Why detection engineering must extend beyond SIEM

• How LOLBAS and modern attack techniques are changing detection strategies

• How organizations can quantify and improve their detection coverage

• Why traditional FP tuning fails and how advanced analytics can replace it