Detection Engineering is optimizing the event funnel
Detection engineering has the goal of optimizing the event funnel, ultimately ensuring that the cybersecurity workforce do not waste their time clutter and can focus their time on ”actual” security event and incidents
Detection Engineering is cyclic
Detection engineering is cyclic in nature The output of implementation will lead to a new objective setting and gap analysis. Good cyclic detection engineering will ultimately increase the security of your organization and hence also the business continuity.
1. Uncover the Detection objectives
We use the following three questions to guide the dialogue for Detection Engineering objective settting
Questions
- What do you need to detect based on your environment and industry?
- What actors and TTPs (Tactics, techniques and procedures) are relevant to you?
- How can you demonstrate the relevance to the business?
2. Document the Detection Requirements
Based on the objectives, we analyze and document the requirements for Detection Engineering. For example, identifying the available log sources, determining what logs or data sources you are missing, what logging level they have and ensuring the alert rules are created and attached to these sources.
3. Implement the Detection Engineering
This leads to the actual implementation which you could do or have us do. We are experts in Microsoft Sentinel but have experience with five other, large SIEM systems.
Did you know?
Our software product for Microsoft Sentinel has built-in detection engineering: Best practice setup and easy-to-change the alert rules based on a value matrix
perform a gap analysis
At Seculyze, we will investigate your SIEM setup. For us, detection engineering starts with threat modelling. Here we use the MITRE ATT&CK framework to identify the threat that are relevant for your organization.
Want to know more about Detection Engineering?
