Detection Engineering: NCF

In order to describe why Detection Engineering is such a critical part of any Cybersecurity program I think it is best to first go back to the NIST Cybersecurity Framework.

Response and Recovery are only possible after a Detection occurs. Whether the anomaly is discovered via a NIDS alert or ransomware coming across your screen it is impossible to respond to things you do not detect. That being said Threat Hunting can be conducted to detect anomalies which may have not been caught through the current monitoring solutions. I think that is an even bigger argument to ensure that all detections found through Threat Hunting are then converted into rules or signatures to automate the detection. - Brian