You're reading from Automating Security Detection Engineering A hands-on guide to implementing Detection as Code

Product type Paperback

Published in Jun 2024

Publisher Packt

ISBN-13 9781837636419

Length 252 pages

Edition 1st Edition

Languages

Python

Tools

GitHub

Concepts

Cybersecurity

Author (1):

Dennis Chow

View More author details

Table of Contents (16) Chapters

Preface

1. Part 1: Automating Detection Inputs and Deployments

2. Chapter 1: Detection as Code Architecture and Lifecycle FREE CHAPTER

3. Chapter 2: Scoping and Automating Threat-Informed Defense Inputs

4. Chapter 3: Developing Core CI/CD Pipeline Functions

5. Chapter 4: Leveraging AI for Use Case Development

6. Part 2: Automating Validations within CI/CD Pipelines

7. Chapter 5: Implementing Logical Unit Tests

8. Chapter 6: Creating Integration Tests

9. Chapter 7: Leveraging AI for Testing

10. Part 3: Monitoring Program Effectiveness

11. Chapter 8: Monitoring Detection Health

12. Chapter 9: Measuring Program Efficiency

13. Chapter 10: Operating Patterns by Maturity

14. Index

Why subscribe?

15. Other Books You May Enjoy

Preface

Greetings! Detection engineering as a practice intersects the best of security operational analytics, engineering, and research. What’s often left out is the automation life cycle of how the practice works with a globally distributed team at scale. There are many times when engineers who perform manual tasks, or administrative-burdensome items, can be greatly expedited by automation using DevSecOps principles. Automation is paramount to scaling the team and letting engineers focus on what they do best. The most effective automation comes in the form of a Detection as Code (DAC) program that incorporates three key principles:

Research and engineering expertise
Technology stacks that support integrations
A “shift-left” mindset for work streams

There have been some publications and books that cover mainly the first principle. This book aims to extend the core skill and focus from only creating use cases to mastering the life cycle of the use cases through automation. This book will cover the best practices and advance your skills to implement an effective DAC program.

I’ll guide you through strategic planning, hands-on technical build-outs, and optimizations with AI augmentation, and monitor the program, drawing upon my direct experience as a detection engineer contributor and a director-level leader of people for multiple Fortune 500 enterprises. I also sought the input of respected industry leaders on their thoughts on an effective DAC program.

An industry-wide survey by the SANS Institute (https://www.sans.org/webcasts/sans-detection-engineering-survey/) in November 2023 suggested the best practices of a detection engineering team, which include automating development, deployment, and testing use cases. All these best practices lead back and align to a well-implemented DAC program. As an industry trend, we can expect the demands of security programs to increase and, by extension, our efficiency in detection engineering. Enterprises that carve resources for a detection engineering team will need to deploy DAC as part of their program strategy to keep the team efficient and effective.

The rest of the chapter is locked

You're reading from Automating Security Detection Engineering A hands-on guide to implementing Detection as Code

Table of Contents (16) Chapters

Preface

Authors (1)

Personalised recommendations for you

You're reading from Automating Security Detection Engineering A hands-on guide to implementing Detection as Code

Table of Contents (16) Chapters

Preface

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you