SOC teams invest billions in security monitoring, constantly buy new tools and fill entire Confluence libraries with playbooks. Yet attackers still manage to operate undetected in networks every single day. Why?

Because monitoring, tools, and playbooks often fail to deliver what they promise in practice. Instead of increasing security, they frequently create a placebo effect we convince ourselves of.

In this talk, Lisa Maria Brehme takes a provocative yet practical look at three of the most popular “silver bullets” in everyday SOC operations:

1. Security Monitoring
Traditional monitoring drowns in alert floods and still misses real attacks. Detection engineering, on the other hand, relies on hypotheses, use cases, and iterative improvement—detecting attackers by t ...