Accelerate security detection development with AI-enabled technical solutions using threat-informed defense
Key Features
- Create automated CI/CD pipelines for testing and implementing threat detection use cases
- Apply implementation strategies to optimize the adoption of automated work streams
- Utilize a variety of enterprise grade tools and APIs to bolster your detection program
- Purchase of the print or Kindle book includes a free PDF eBook
Book Description
Today's global enterprise security programs grapple with constantly evolving threats. Even though the industry has released several security tools, most of which are equipped with APIs for integrations, they lack a rapid detection development work stream. This book arms you with the skills you need to automate the development, testing, and monitoring of detection-based use cases. Starting with the technical architecture of where automation can occur throughout a detection use case lifecycle, you'll then explore hands-on labs to learn how to utilize threat-informed defense artifacts. Next, you'll create advanced AI-powered CI/CD pipelines to bolster your Detection as Code practices. Along the way, you'll learn how to develop custom code to test and deploy for EDRs, WAFs, SIEMs, CSPMs, RASPs, and NIDS. The book will also guide you on how to develop KPIs for program monitoring and discover collaboration mechanisms to operate the team with DevSecOps principals. Finally, you'll be able to customize a Detection as Code program that fits your organization's needs. As you reach the end of the book, you'll be able to automate nearly the entire use case development lifecycle for any enterprise.
What you will learn
- Understand the architecture of Detection as Code implementations
- Develop custom test functions using Python and Terraform
- Leverage common tools like GitHub and Python 3.x to create detection focused CI/CD pipelines
- Integrate cutting-edge technology and operational patterns to further refine program efficacy
- Apply monitoring techniques to continuously assess use case health
- Create, structure, and commit detections to a code repository
Who this book is for
This book is designed for security engineers and analysts tasked with the day-to-day responsibilities of developing and implementing new detections at scale. Also, if you are working with existing programs that are focused on threat detection, you will find this book helpful. Prior knowledge of DevSecOps, hands on experience with any programming or scripting languages, and knowledge of common security practices and tools, is recommended for an optimal learning experience.
