Abstract
Threat detection is one of the main activities of an information security programme. Performing threat detection goes beyond deploying threat detection technologies. These technologies can be highly effective in their job of detecting threats, but their effectiveness is dependent on what detection specialists usually call detection content. Detection content is usually detached from the data analytics capabilities of the tool and needs to be constantly updated to ensure the most recent threats can be detected. These updates are generally developed by the detection technology provider as part of a subscription service, or by the organisation deploying and operating the technology, as part of activities commonly described as detection engineering. This paper describes the implementation and operation of a detection development life cycle (DDLC) process, which can be used to control the selection, creation and management of threat detection content.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
