Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Automating Security Detection Engineering

You're reading from   Automating Security Detection Engineering A hands-on guide to implementing Detection as Code

Arrow left icon
Product type Paperback
Published in Jun 2024
Publisher Packt
ISBN-13 9781837636419
Length 252 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Dennis Chow Dennis Chow
Author Profile Icon Dennis Chow
Dennis Chow
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Part 1: Automating Detection Inputs and Deployments
2. Chapter 1: Detection as Code Architecture and Lifecycle FREE CHAPTER 3. Chapter 2: Scoping and Automating Threat-Informed Defense Inputs 4. Chapter 3: Developing Core CI/CD Pipeline Functions 5. Chapter 4: Leveraging AI for Use Case Development 6. Part 2: Automating Validations within CI/CD Pipelines
7. Chapter 5: Implementing Logical Unit Tests 8. Chapter 6: Creating Integration Tests 9. Chapter 7: Leveraging AI for Testing 10. Part 3: Monitoring Program Effectiveness
11. Chapter 8: Monitoring Detection Health 12. Chapter 9: Measuring Program Efficiency 13. Chapter 10: Operating Patterns by Maturity 14. Index 15. Other Books You May Enjoy

Preface

Greetings! Detection engineering as a practice intersects the best of security operational analytics, engineering, and research. What’s often left out is the automation life cycle of how the practice works with a globally distributed team at scale. There are many times when engineers who perform manual tasks, or administrative-burdensome items, can be greatly expedited by automation using DevSecOps principles. Automation is paramount to scaling the team and letting engineers focus on what they do best. The most effective automation comes in the form of a Detection as Code (DAC) program that incorporates three key principles:

  • Research and engineering expertise
  • Technology stacks that support integrations
  • A “shift-left” mindset for work streams

There have been some publications and books that cover mainly the first principle. This book aims to extend the core skill and focus from only creating use cases to mastering the life cycle of the use cases through automation. This book will cover the best practices and advance your skills to implement an effective DAC program.

I’ll guide you through strategic planning, hands-on technical build-outs, and optimizations with AI augmentation, and monitor the program, drawing upon my direct experience as a detection engineer contributor and a director-level leader of people for multiple Fortune 500 enterprises. I also sought the input of respected industry leaders on their thoughts on an effective DAC program.

An industry-wide survey by the SANS Institute (https://www.sans.org/webcasts/sans-detection-engineering-survey/) in November 2023 suggested the best practices of a detection engineering team, which include automating development, deployment, and testing use cases. All these best practices lead back and align to a well-implemented DAC program. As an industry trend, we can expect the demands of security programs to increase and, by extension, our efficiency in detection engineering. Enterprises that carve resources for a detection engineering team will need to deploy DAC as part of their program strategy to keep the team efficient and effective.

lock icon The rest of the chapter is locked
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at £16.99/month. Cancel anytime