What is detection engineering and what are the benefits?
Detection engineering is a new approach to threat detection. More than just writing detection rules, detection engineering is a process—applying systems thinking and engineering to more accurately detect threats. The goal is to create an automated system of threat detection which is customizable, flexible, repeatable, and produces high quality alerts for security teams to act upon. Detection engineering is not yet a mature discipline with consistent methods and predictable results, but pioneers in the field are working towards this goal. There is not a lot written about the concept right now, no go-to standards or frameworks. It appears companies are developing their own approaches to incorporate the concept to improve their detection and response capabilities. 

A concept called detection-as-code (DaC), first coined by Anton Chuvakin in 2020, is at the heart of detection engineering, and points to the idea that detections should be treated as code. Essentially, it is about applying software engineering best practices to detections using modern agile CI/CD processes. 

The benefits Of Detection Engineering include 1) reduced mean-time-to-response through automation of detections, 2) detections are more relevant to the environment, 3) the process is structured, repeatable, and informs workflows, 4) detection rules and analytics are version controlled, reused, and modified as needed, 5) Peer review and automated testing are part of the process, to catch mistakes and gaps.