Detection Engineering: Defending Networks with Purpose

Detection engineering is becoming a common term in the information security industry, but it is still a maturing concept. From the perspective of a military philosopher, this paper will explore the tactics, techniques, and procedures behind detection engineering. The goal is to give analysts, researchers, and decision-makers tools to apply in their organizations today. This research explores a method to template threats to an organization, analyze a capability against the threat template for detection gaps, and engineer detections to close observed gaps. With a handful of open-source tools, it will be possible to achieve a military-grade defensive posture. Network defenders will be able to use detection engineering to defend networks with knowledge and purpose.