Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Improving threat detection with a detection development life cycle
Cyber Security: A Peer-Reviewed Journal,
5
(2),
113-125
(2021)
Abstract
Threat detection is one of the main activities of an information security programme. Performing threat detection goes beyond deploying threat detection technologies. These technologies can be highly effective in their job of detecting threats, but their effectiveness is dependent on what detection specialists usually call detection content. Detection content is usually detached from the data analytics capabilities of the tool and needs to be constantly updated to ensure the most recent threats can be detected. These updates are generally developed by the detection technology provider as part of a subscription service, or by the organisation deploying and operating the technology, as part of activities commonly described as detection engineering. This paper describes the implementation and operation of a detection development life cycle (DDLC) process, which can be used to control the selection, creation and management of threat detection content.
Keywords: security information and event management (SIEM); detection engineering; detection use cases; detection content; detection development life cycle (DDLC)
The full article is available to subscribers to the journal.
Author's Biography
Augusto Barros is VP Cyber Security Evangelist at Securonix. Augusto is a former Gartner analyst with 20 years’ experience in cyber security-related roles and consulting for enterprises in finance, retail, manufacturing and healthcare. Augusto has worked on a variety of information security projects and initiatives, from security awareness campaigns to penetration testing, to security infrastructure design. The challenges of threat detection and response are his main interests and the focus of his research. He has also ventured into the application of behaviour economics concepts to the security space. Augusto has taught courses and presented at numerous security conferences, including Black Hat Europe, RSA Conference, and Gartner security summits.
