Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Automating Security Detection Engineering
  • Table Of Contents Toc
Automating Security Detection Engineering

Automating Security Detection Engineering

By : Dennis Chow
4.6 (11)
close
close
Automating Security Detection Engineering

Automating Security Detection Engineering

4.6 (11)
By: Dennis Chow

Overview of this book

Today's global enterprise security programs grapple with constantly evolving threats. Even though the industry has released abundant security tools, most of which are equipped with APIs for integrations, they lack a rapid detection development work stream. This book arms you with the skills you need to automate the development, testing, and monitoring of detection-based use cases. You’ll start with the technical architecture, exploring where automation is conducive throughout the detection use case lifecycle. With the help of hands-on labs, you’ll learn how to utilize threat-informed defense artifacts and then progress to creating advanced AI-powered CI/CD pipelines to bolster your Detection as Code practices. Along the way, you'll develop custom code for EDRs, WAFs, SIEMs, CSPMs, RASPs, and NIDS. The book will also guide you in developing KPIs for program monitoring and cover collaboration mechanisms to operate the team with DevSecOps principles. Finally, you'll be able to customize a Detection as Code program that fits your organization's needs. By the end of the book, you'll have gained the expertise to automate nearly the entire use case development lifecycle for any enterprise.
Table of Contents (16 chapters)
close
close
Lock Free Chapter
1
Part 1: Automating Detection Inputs and Deployments
6
Part 2: Automating Validations within CI/CD Pipelines
10
Part 3: Monitoring Program Effectiveness

Summary

In this chapter, we’ve learned how to create custom validation logic for syntaxes, technical input compliance, security use cases, and how to simulate traffic for local NDR detection. We learned about unit tests that can be placed either in pre-commit hooks or directly in the CI/CD pipeline prior to a deployment in the system. Using the context of the business, we also rationalized why we spend the extra time and compute cycles to create tests for different reasons, including security, system performance, and economic reasons. Finally, we were able to modulate our test scripts with more robustness to iterate over different files in a folder structure in a repository automatically, and with buildspec files.

In the upcoming chapter, we will extend our types of testing to include additional systems outside of the CI/CD pipeline, which will further validate our detection logic using asynchronous-based automation. We will also implement best practices by polling external...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Automating Security Detection Engineering
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon