Detection engineering has the goal of optimizing the event funnel, ultimately ensuring that the cybersecurity workforce do not waste their time clutter and can focus their time on ”actual” security event and incidents
Detection engineering is cyclic in nature The output of implementation will lead to a new objective setting and gap analysis. Good cyclic detection engineering will ultimately increase the security of your organization and hence also the business continuity.
We use the following three questions to guide the dialogue for Detection Engineering objective settting
Based on the objectives, we analyze and document the requirements for Detection Engineering. For example, identifying the available log sources, determining what logs or data sources you are missing, what logging level they have and ensuring the alert rules are created and attached to these sources.
This leads to the actual implementation which you could do or have us do. We are experts in Microsoft Sentinel but have experience with five other, large SIEM systems.
Our software product for Microsoft Sentinel has built-in detection engineering: Best practice setup and easy-to-change the alert rules based on a value matrix
At Seculyze, we will investigate your SIEM setup. For us, detection engineering starts with threat modelling. Here we use the MITRE ATT&CK framework to identify the threat that are relevant for your organization.
Want to know more about Detection Engineering?
