Detection as Code, Automation, and Testing - ATT&CKcon 4.0 Day 2
Вставка
- Опубліковано 11 гру 2023
- ATT&CKcon 4.0 Day 2
Modern security teams have been engineering solid detections for a while now. All this great output also needs to be managed well.
* How can we make sure that the detections we have spent a lot of time developing are deployed and are running in production in the same way as they were designed?
* How can we assure our detection and prevention controls are still working and are detecting the attacks they have been designed to cover?
We will show how we have built a robust and flexible development and deployment process using cloud technologies. This process allows us to quickly and easily implement new detection controls, test them across multiple environments, and deploy them in a controlled and consistent manner.
We will discuss how security teams can reap the benefits of using detection-as-code, and how this can help achieving a single source of truth for their detection logic. Adopting this approach enables teams to use automation and unit testing to manage and validate their detection controls across multiple environments and ensure proper documentation. By adopting a detection-as-code approach, teams can gain the confidence that comes from knowing that their detections and mitigations work as intended.
