What do you think?
Rate this book
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Go on a journey through the threat detection engineering lifecycle while enriching your skill set and protecting your organization
Key FeaturesGain a comprehensive understanding of threat validationLeverage open-source tools to test security detectionsHarness open-source content to supplement detection and testingBook DescriptionThreat validation is an indispensable component of every security detection program, ensuring a healthy detection pipeline. This comprehensive detection engineering guide will serve as an introduction for those who are new to detection validation, providing valuable guidelines to swiftly bring you up to speed.
The book will show you how to apply the supplied frameworks to assess, test, and validate your detection program. It covers the entire life cycle of a detection, from creation to validation, with the help of real-world examples. Featuring hands-on tutorials and projects, this guide will enable you to confidently validate the detections in your security program. This book serves as your guide to building a career in detection engineering, highlighting the essential skills and knowledge vital for detection engineers in today's landscape.
By the end of this book, you’ll have developed the skills necessary to test your security detection program and strengthen your organization’s security measures.
What you will learnUnderstand the detection engineering processBuild a detection engineering test labLearn how to maintain detections as codeUnderstand how threat intelligence can be used to drive detection developmentProve the effectiveness of detection capabilities to business leadershipLearn how to limit attackers’ ability to inflict damage by detecting any malicious activity earlyWho this book is forThis book is for security analysts and engineers seeking to improve their organization’s security posture by mastering the detection engineering lifecycle.
To get started with this book, you’ll need a basic understanding of cybersecurity concepts, along with some experience with detection and alert capabilities.
Table of ContentsFundamentals of Detection EngineeringThe Detection Engineering Life CycleBuilding a Detection Engineering Test LabDetection Data SourcesInvestigating Detection RequirementsDeveloping Detections Using Indicators of CompromiseDeveloping Detections Using Behavioral IndicatorsDocumentation and Detection PipelinesDetection ValidationLeveraging Threat IntelligencePerformance ManagementCareer Guidance for Detection Engineers
Key FeaturesGain a comprehensive understanding of threat validationLeverage open-source tools to test security detectionsHarness open-source content to supplement detection and testingBook DescriptionThreat validation is an indispensable component of every security detection program, ensuring a healthy detection pipeline. This comprehensive detection engineering guide will serve as an introduction for those who are new to detection validation, providing valuable guidelines to swiftly bring you up to speed.
The book will show you how to apply the supplied frameworks to assess, test, and validate your detection program. It covers the entire life cycle of a detection, from creation to validation, with the help of real-world examples. Featuring hands-on tutorials and projects, this guide will enable you to confidently validate the detections in your security program. This book serves as your guide to building a career in detection engineering, highlighting the essential skills and knowledge vital for detection engineers in today's landscape.
By the end of this book, you’ll have developed the skills necessary to test your security detection program and strengthen your organization’s security measures.
What you will learnUnderstand the detection engineering processBuild a detection engineering test labLearn how to maintain detections as codeUnderstand how threat intelligence can be used to drive detection developmentProve the effectiveness of detection capabilities to business leadershipLearn how to limit attackers’ ability to inflict damage by detecting any malicious activity earlyWho this book is forThis book is for security analysts and engineers seeking to improve their organization’s security posture by mastering the detection engineering lifecycle.
To get started with this book, you’ll need a basic understanding of cybersecurity concepts, along with some experience with detection and alert capabilities.
Table of ContentsFundamentals of Detection EngineeringThe Detection Engineering Life CycleBuilding a Detection Engineering Test LabDetection Data SourcesInvestigating Detection RequirementsDeveloping Detections Using Indicators of CompromiseDeveloping Detections Using Behavioral IndicatorsDocumentation and Detection PipelinesDetection ValidationLeveraging Threat IntelligencePerformance ManagementCareer Guidance for Detection Engineers
328 pages, Kindle Edition
Published July 21, 2023
22 people are currently reading
36 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
August 3, 2023
Book Review: Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Title: Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Authors: Megan Roddie, Jason Deyalsingh, Gary J. Katz
Publisher: Packt Publishing Pvt Ltd
Publication Year: 2023
Genre: Computer Security
In the rapidly evolving landscape of cybersecurity, the importance of effective threat detection techniques cannot be overstated. With the publication of "Practical Threat Detection Engineering," Megan Roddie, Jason Deyalsingh, and Gary J. Katz provide a comprehensive guidebook designed to help professionals navigate the intricate world of planning, developing, and validating detection capabilities.
The authors' combined expertise in the industry shines through in this well-structured and practical guide. By offering a hands-on approach, this book is an invaluable resource for both seasoned professionals and those new to the field. The authors skillfully balance theoretical concepts with real-world scenarios, making it accessible to a wide range of readers.
One of the book's standout features is its systematic approach to threat detection engineering. The authors emphasize the importance of thorough planning and provide a detailed framework for identifying threats, building detection capabilities, and validating their effectiveness. They cover all stages of the detection lifecycle, from understanding the threat landscape to fine-tuning detection methods, ensuring that readers gain a holistic understanding of the entire process.
"Practical Threat Detection Engineering" benefits from its practicality, thanks to the inclusion of numerous hands-on exercises and examples. These exercises allow readers to apply the concepts discussed in each chapter, reinforcing their understanding and facilitating a more immersive learning experience. Additionally, the authors provide code snippets and step-by-step instructions, making it easier for readers to implement the techniques in their own environments.
The book's attention to detail is evident throughout, with comprehensive coverage of various detection techniques, including log analysis, anomaly detection, and behavioral monitoring. The authors don't shy away from discussing the limitations and challenges that professionals may face, and they provide practical recommendations for overcoming these hurdles.
Moreover, the authors acknowledge the dynamic nature of the field and emphasize the importance of continuous improvement. They present a robust framework for monitoring and adapting detection capabilities over time, ensuring that organizations can stay ahead of emerging threats.
While "Practical Threat Detection Engineering" is undoubtedly a valuable resource, readers with limited prior knowledge may find some sections more challenging than others. However, the authors' clear explanation of complex concepts and their emphasis on practical application should mitigate potential difficulties.
In conclusion, "Practical Threat Detection Engineering" is an essential guide for anyone involved in the planning, development, and validation of detection capabilities. Megan Roddie, Jason Deyalsingh, and Gary J. Katz have created a comprehensive and practical resource that helps professionals navigate the evolving landscape of cybersecurity. By blending theoretical concepts with real-world examples, this book equips readers with the tools they need to build effective threat detection capabilities. Whether you are a seasoned professional or a novice in the field, this hands-on guide is a must-read for anyone looking to enhance their security defenses.
Reviewer: Tawhidur Rahman, EnCE
Date: 3rd October 2023
Title: Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Authors: Megan Roddie, Jason Deyalsingh, Gary J. Katz
Publisher: Packt Publishing Pvt Ltd
Publication Year: 2023
Genre: Computer Security
In the rapidly evolving landscape of cybersecurity, the importance of effective threat detection techniques cannot be overstated. With the publication of "Practical Threat Detection Engineering," Megan Roddie, Jason Deyalsingh, and Gary J. Katz provide a comprehensive guidebook designed to help professionals navigate the intricate world of planning, developing, and validating detection capabilities.
The authors' combined expertise in the industry shines through in this well-structured and practical guide. By offering a hands-on approach, this book is an invaluable resource for both seasoned professionals and those new to the field. The authors skillfully balance theoretical concepts with real-world scenarios, making it accessible to a wide range of readers.
One of the book's standout features is its systematic approach to threat detection engineering. The authors emphasize the importance of thorough planning and provide a detailed framework for identifying threats, building detection capabilities, and validating their effectiveness. They cover all stages of the detection lifecycle, from understanding the threat landscape to fine-tuning detection methods, ensuring that readers gain a holistic understanding of the entire process.
"Practical Threat Detection Engineering" benefits from its practicality, thanks to the inclusion of numerous hands-on exercises and examples. These exercises allow readers to apply the concepts discussed in each chapter, reinforcing their understanding and facilitating a more immersive learning experience. Additionally, the authors provide code snippets and step-by-step instructions, making it easier for readers to implement the techniques in their own environments.
The book's attention to detail is evident throughout, with comprehensive coverage of various detection techniques, including log analysis, anomaly detection, and behavioral monitoring. The authors don't shy away from discussing the limitations and challenges that professionals may face, and they provide practical recommendations for overcoming these hurdles.
Moreover, the authors acknowledge the dynamic nature of the field and emphasize the importance of continuous improvement. They present a robust framework for monitoring and adapting detection capabilities over time, ensuring that organizations can stay ahead of emerging threats.
While "Practical Threat Detection Engineering" is undoubtedly a valuable resource, readers with limited prior knowledge may find some sections more challenging than others. However, the authors' clear explanation of complex concepts and their emphasis on practical application should mitigate potential difficulties.
In conclusion, "Practical Threat Detection Engineering" is an essential guide for anyone involved in the planning, development, and validation of detection capabilities. Megan Roddie, Jason Deyalsingh, and Gary J. Katz have created a comprehensive and practical resource that helps professionals navigate the evolving landscape of cybersecurity. By blending theoretical concepts with real-world examples, this book equips readers with the tools they need to build effective threat detection capabilities. Whether you are a seasoned professional or a novice in the field, this hands-on guide is a must-read for anyone looking to enhance their security defenses.
Reviewer: Tawhidur Rahman, EnCE
Date: 3rd October 2023
October 14, 2024
Disclosure: I received copy of the book for reviewing from the publisher, Packt. I was not given any direction for this review. I am the leader of a small security operations team at a research institution, so I read this book with great interest.
Practical Threat Detection Engineering is an excellent introduction to using local log sources and threat intelligence to build out detection methods for threats into your computer infrastructure. It is not for people new to cybersecurity, but if you've seen the terms MITRE ATT&CK or the Pyramid of Pain and have been curious about what they mean and how they might apply to your job, this book is for you. The authors have strong backgrounds in cybersecurity, and it shows.
The book is well-organized, with each chapter building on the previous and with callbacks when appropriate. You can read the table of contents yourself on the publisher's site, so I won't step through it. Several chapters have lab exercises or thought experiments which mesh well with the source material. I particularly appreciated how close attention is paid to correctly documenting and maintaining the detections one has written.
The authors presuppose a certain amount of existing systems and application administration experience. For example, the reader is walked through setting up a home-type lab based on the Elastic Stack and Docker, but there are no troubleshooting tips. I did not follow the step by step for a lab myself, but having some familiarity with Elastic, everything should work well with Elastic 7 or 8. Readers wanting to set up a lab in production environments will want to be quite familiar with Elastic, or to have as a resource a person or team who can assist with maintenance. Of course, most of the techniques described in the book should translate well to other log storage and alerting capabilities the reader's organization might have available. While a certain amount of "lock-in" is unavoidable when describing how to do something technically, the authors do well in avoiding application or version traps as much as possible.
There are a few small issues I'd have liked to have seen the authors pay more attention to. For example, with the heavy focus on free and open-source technologies, it was curious that Zeek and Suricata are mentioned, but not described in any detail. I believe the book would have been improved by having a page or two on these technologies and their application to threat detection. Similarly, the text does not cover in any detail the practicalities of working with other teams in the environment the authors seem to envision. I also found the description of measuring the return on investment for a detection engineering program to be circular. As I understood it, the reader is meant to show an RoI by demonstrating that their detections are well-engineered. As a manager, I would want to understand why these detections are important in the first place. These are relatively minor details, however, and do not distract greatly from the book's message.
I appreciate the belt-and-suspenders type approach of modern cybersecurity practise. It should not be assumed that firewalls and endpoint detection will catch everything, and it's great to see some exploration of supplemental techniques and technologies. I will be recommending this book to my team, and strongly recommend it to anybody with some existing experience who is interested in the theory and practise of detecting cybersecurity threats.
Practical Threat Detection Engineering is an excellent introduction to using local log sources and threat intelligence to build out detection methods for threats into your computer infrastructure. It is not for people new to cybersecurity, but if you've seen the terms MITRE ATT&CK or the Pyramid of Pain and have been curious about what they mean and how they might apply to your job, this book is for you. The authors have strong backgrounds in cybersecurity, and it shows.
The book is well-organized, with each chapter building on the previous and with callbacks when appropriate. You can read the table of contents yourself on the publisher's site, so I won't step through it. Several chapters have lab exercises or thought experiments which mesh well with the source material. I particularly appreciated how close attention is paid to correctly documenting and maintaining the detections one has written.
The authors presuppose a certain amount of existing systems and application administration experience. For example, the reader is walked through setting up a home-type lab based on the Elastic Stack and Docker, but there are no troubleshooting tips. I did not follow the step by step for a lab myself, but having some familiarity with Elastic, everything should work well with Elastic 7 or 8. Readers wanting to set up a lab in production environments will want to be quite familiar with Elastic, or to have as a resource a person or team who can assist with maintenance. Of course, most of the techniques described in the book should translate well to other log storage and alerting capabilities the reader's organization might have available. While a certain amount of "lock-in" is unavoidable when describing how to do something technically, the authors do well in avoiding application or version traps as much as possible.
There are a few small issues I'd have liked to have seen the authors pay more attention to. For example, with the heavy focus on free and open-source technologies, it was curious that Zeek and Suricata are mentioned, but not described in any detail. I believe the book would have been improved by having a page or two on these technologies and their application to threat detection. Similarly, the text does not cover in any detail the practicalities of working with other teams in the environment the authors seem to envision. I also found the description of measuring the return on investment for a detection engineering program to be circular. As I understood it, the reader is meant to show an RoI by demonstrating that their detections are well-engineered. As a manager, I would want to understand why these detections are important in the first place. These are relatively minor details, however, and do not distract greatly from the book's message.
I appreciate the belt-and-suspenders type approach of modern cybersecurity practise. It should not be assumed that firewalls and endpoint detection will catch everything, and it's great to see some exploration of supplemental techniques and technologies. I will be recommending this book to my team, and strongly recommend it to anybody with some existing experience who is interested in the theory and practise of detecting cybersecurity threats.
October 19, 2023
Is more than a hands-on book 👏
I really enjoyed this book, it contains technical, methodological, and strategic aspects of a detection engineering program. Loads of exercises, references and best practices. A must read for security analysts and detection engineers.
I really enjoyed this book, it contains technical, methodological, and strategic aspects of a detection engineering program. Loads of exercises, references and best practices. A must read for security analysts and detection engineers.
December 29, 2023
Good read for anyone who is getting into threat detection. Some awesome ideas that aren't as well known even for experienced people.
Displaying 1 - 4 of 4 reviews