Detection Engineering Resources
A collection of resources to help on the journey to Detection Engineering
Cybersecurity has a wide range of disciplines and specializations. I’ve been lucky enough in my career to gain experience and get a taste of many of these different areas. The cybersecurity discipline that has been at the top of my mind and peaked my interest the most over the past couple years has been Detection Engineering.
So what is it? Here’s a quick definition from Splunk:
A specialized discipline within cybersecurity, Detection Engineering (DE) is focused on designing, building, and fine-tuning systems and processes to detect malicious activities or unauthorized behaviors.
This is important because it takes a proactive defense approach with a focus on continuous improvement. As defenders, we know that prevention tools and techniques will fail, but as long we can detect an intrusion it gives us an upper hand to provide a timely (or even automated) response.
Blog Post Primers
These blog posts by Florian Roth and Anton Chuvakin provide excellent insight and overviews on Detection Engineering:
Detection Engineering is Painful — and It Shouldn’t Be (Part 1)
The Detection Engineering Collective site is also a good resource with contributions across the industry:
Detection Engineering Collective
Pyramid of Pain
This model by David J Bianco highlights the range of effectiveness per IOC (Indicator of Compromise) category in detecting compromises. The key takeaway is that building detections at the TTP (Tactics, Techniques, and Procedures) level brings the most value:
Also, when discussing TTP’s it’s important to mention MITRE ATT&CK. Instead of trying to get 100% coverage, focus on specific threats to your organization/industry/vector:
Video Presentations
If you’d rather watch a YouTube video about the topic, here are a few that I’d recommend:
Staying up-to-date
If this topic interests you and you’d like to stay up-to-date, I highly recommend following these 2 resources:
Detection Engineering Weekly Newsletter
Conclusion
Hopefully you find these resources helpful/useful. Feel free to add additional resources in the comments. Thanks!