Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Automating Security Detection Engineering
  • Table Of Contents Toc
Automating Security Detection Engineering

Automating Security Detection Engineering

By : Dennis Chow
4.6 (11)
close
close
Automating Security Detection Engineering

Automating Security Detection Engineering

4.6 (11)
By: Dennis Chow

Overview of this book

Today's global enterprise security programs grapple with constantly evolving threats. Even though the industry has released abundant security tools, most of which are equipped with APIs for integrations, they lack a rapid detection development work stream. This book arms you with the skills you need to automate the development, testing, and monitoring of detection-based use cases. You’ll start with the technical architecture, exploring where automation is conducive throughout the detection use case lifecycle. With the help of hands-on labs, you’ll learn how to utilize threat-informed defense artifacts and then progress to creating advanced AI-powered CI/CD pipelines to bolster your Detection as Code practices. Along the way, you'll develop custom code for EDRs, WAFs, SIEMs, CSPMs, RASPs, and NIDS. The book will also guide you in developing KPIs for program monitoring and cover collaboration mechanisms to operate the team with DevSecOps principles. Finally, you'll be able to customize a Detection as Code program that fits your organization's needs. By the end of the book, you'll have gained the expertise to automate nearly the entire use case development lifecycle for any enterprise.
Table of Contents (16 chapters)
close
close
Lock Free Chapter
1
Part 1: Automating Detection Inputs and Deployments
6
Part 2: Automating Validations within CI/CD Pipelines
10
Part 3: Monitoring Program Effectiveness

Implementing L2 – intermediate

Teams that are able to accomplish the intermediate level or mature themselves from a foundation-level operating model will now start adding more detail-oriented tracking to their workstreams and CI/CD pipeline requirements. Additional testing is inserted and official enforcement of “shift left” practices is implemented at the local git commit level as opposed to utilizing compute time within the pipeline.

Engineering teams that meet the following profile can typically achieve an L2 pattern:

  • 5-10 detection engineers
  • Average load of 10-20 new detections per week
  • Healthy budgeting for collaborative tooling and CI compute times
  • Typically operating in more than one time zone or region
  • Lacking instrumentation for full integration or end-to-end testing

The following is a set of practice components and their implementation levels for the L2 pattern:

...
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Automating Security Detection Engineering
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon