Automating Security Detection Engineering: A hands-on guide to implementing Detection as Code

Chow, Dennis

  • 出版商: Packt Publishing
  • 出版日期: 2024-06-28
  • 售價: $2,180
  • 貴賓價: 9.5$2,071
  • 語言: 英文
  • 頁數: 252
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1837636419
  • ISBN-13: 9781837636419
  • 相關分類: 資訊安全
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Accelerate security detection development with AI-enabled technical solutions using threat-informed defense

Key Features

- Create automated CI/CD pipelines for testing and implementing threat detection use cases

- Apply implementation strategies to optimize the adoption of automated work streams

- Use a variety of enterprise-grade tools and APIs to bolster your detection program

- Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Today's global enterprise security programs grapple with constantly evolving threats. Even though the industry has released abundant security tools, most of which are equipped with APIs for integrations, they lack a rapid detection development work stream. This book arms you with the skills you need to automate the development, testing, and monitoring of detection-based use cases.

You'll start with the technical architecture, exploring where automation is conducive throughout the detection use case lifecycle. With the help of hands-on labs, you'll learn how to utilize threat-informed defense artifacts and then progress to creating advanced AI-powered CI/CD pipelines to bolster your Detection as Code practices. Along the way, you'll develop custom code for EDRs, WAFs, SIEMs, CSPMs, RASPs, and NIDS. The book will also guide you in developing KPIs for program monitoring and cover collaboration mechanisms to operate the team with DevSecOps principles. Finally, you'll be able to customize a Detection as Code program that fits your organization's needs.

By the end of the book, you'll have gained the expertise to automate nearly the entire use case development lifecycle for any enterprise.

What you will learn

- Understand the architecture of Detection as Code implementations

- Develop custom test functions using Python and Terraform

- Leverage common tools like GitHub and Python 3.x to create detection-focused CI/CD pipelines

- Integrate cutting-edge technology and operational patterns to further refine program efficacy

- Apply monitoring techniques to continuously assess use case health

- Create, structure, and commit detections to a code repository

Who this book is for

This book is for security engineers and analysts responsible for the day-to-day tasks of developing and implementing new detections at scale. If you're working with existing programs focused on threat detection, you'll also find this book helpful. Prior knowledge of DevSecOps, hands-on experience with any programming or scripting languages, and familiarity with common security practices and tools are recommended for an optimal learning experience.

Table of Contents

- Detection as Code Architecture and Lifecycle

- Scoping and Automating Threat-Informed Defense Inputs

- Developing Core CI/CD Pipeline Functions

- Leveraging AI for Use Case Development

- Implementing Logical Unit Tests

- Creating Integration Tests

- Leveraging AI for Testing

- Monitoring Detection Health

- Measuring Program Efficiency

- Operating Patterns by Maturity

商品描述(中文翻譯)

加速安全檢測開發,利用威脅知情防禦的 AI 驅動技術解決方案

主要特點
- 創建自動化的 CI/CD 管道以測試和實施威脅檢測用例
- 應用實施策略以優化自動化工作流程的採用
- 使用各種企業級工具和 API 來增強您的檢測計劃
- 購買印刷版或 Kindle 版書籍可獲得免費 PDF 電子書

書籍描述
當今全球企業的安全計劃面臨不斷演變的威脅。儘管行業已推出大量安全工具,其中大多數配備了集成用的 API,但它們缺乏快速檢測開發的工作流程。本書將為您提供自動化開發、測試和監控基於檢測的用例所需的技能。

您將從技術架構開始,探索自動化在檢測用例生命周期中的適用性。在實作實驗室的幫助下,您將學習如何利用威脅知情防禦的文檔,然後進一步創建先進的 AI 驅動 CI/CD 管道,以增強您的檢測即代碼實踐。在此過程中,您將為 EDR、WAF、SIEM、CSPM、RASP 和 NIDS 開發自定義代碼。本書還將指導您開發 KPI 以進行計劃監控,並涵蓋運用 DevSecOps 原則來運作團隊的協作機制。最終,您將能夠自定義符合您組織需求的檢測即代碼計劃。

在本書結束時,您將獲得自動化幾乎整個用例開發生命周期的專業知識,適用於任何企業。

您將學到的內容
- 理解檢測即代碼實施的架構
- 使用 Python 和 Terraform 開發自定義測試函數
- 利用 GitHub 和 Python 3.x 等常用工具創建以檢測為重點的 CI/CD 管道
- 整合尖端技術和操作模式以進一步提升計劃的有效性
- 應用監控技術持續評估用例健康狀況
- 創建、結構化並提交檢測到代碼庫

本書適合對象
本書適合負責日常開發和實施新檢測的安全工程師和分析師。如果您正在處理專注於威脅檢測的現有計劃,本書也將對您有所幫助。建議具備 DevSecOps 的先前知識、任何程式或腳本語言的實作經驗,以及對常見安全實踐和工具的熟悉,以獲得最佳學習體驗。

目錄
- 檢測即代碼架構與生命周期
- 界定和自動化威脅知情防禦輸入
- 開發核心 CI/CD 管道功能
- 利用 AI 進行用例開發
- 實施邏輯單元測試
- 創建集成測試
- 利用 AI 進行測試
- 監控檢測健康
- 測量計劃效率
- 按成熟度運作模式