Introduction
At Monad, we’re deeply passionate about the evolving craft of detection engineering (DE) and its critical role in detecting and preventing breaches. That’s why we’re thrilled to dive into the highlights from the 2025 State of Detection Engineering Report by our friends over at Anvilogic and SANS.
Based on a survey of over 200 detection engineers and security leaders, this ungated, free report reveals major trends, skill gaps, pain points, and the future of DE.
What makes it special is that the voice of DEs take center stage through direct quotes and insights which stands apart from traditional vendor-led reports. It’s a must-read for anyone in the SecOps space.
In this post, we’ll cover the key takeaways from the report.
5 Key Takeaways
Investment in Detection Engineering as a Strategic Priority
Approximately 80% of surveyed organizations are actively investing in DE, with this figure rising to 85% among large enterprises (over 5,000 employees). This highlights the growing recognition of detection engineering as a strategic priority for organizations of all types.
Data Engineering Has Become a Core Pillar of Detection Engineering
52% of detection engineers identify data engineering as a valuable skill they lack and need to develop—ranking it second only to threat modeling as a critical missing competency for upleveling threat detection programs. This gap underscores the challenges security teams face: effective detection engineering relies on high-quality, accessible data, but poor data quality often leads to false positives and gaps in threat visibility.
As security telemetry grows exponentially, scalable data engineering solutions are essential to handle ingestion, storage, and real-time streaming without compromising security, detection quality or performance. This need highlights a critical opportunity for security teams to learn more about data engineering and the various solutions to the challenge.
Integration of AI and Automation in Detection Engineering
A significant 88% of respondents anticipate that artificial intelligence will impact detection engineering within the next three years, and 45% have already incorporated AI into their detection workflows. Additionally, 93% are utilizing or planning to implement automation to enhance efficiency and effectiveness in their processes.
Given the massive flood of alerts and noise in the SOC, we predict that AI and automation will become table stakes for SecOps teams. SOAR was the most recent wave of this and now, we’re seeing a wave of AI-enabled tools helping with Tier 1 SOC analyst functions such as alert triaging.
Shift Toward Custom Behavioral Detections
Security teams are moving away from reliance on vendor-provided rules, with 67% favoring behavior-based detections and 42% developing custom detections. This trend highlights a more proactive approach to detection engineering, tailored to organization’s unique environments. DE teams are increasingly focused on crafting high-fidelity, context-aware detections that help detect sophisticated activity while tuning out false positives.
Leadership Support Coupled with Understanding Gaps
While 67% of detection engineers report strong leadership support, there remains a gap in comprehensive understanding of DE’s complexities among some executives. This suggests a need for ongoing education and communication to align leadership perspectives with operational realities and requirements. Reports like these can help shed a light on
Looking Ahead
The 2025 State of Detection Engineering Report provides an accurate snapshot on emerging trends and themes in the DE and SecOps space. Security programs are prioritizing DE now more than ever, teams are shifting more towards building custom detections, AI has become a bigger part of the story, and data engineering is becoming more important.
At Monad, we’re dedicated to empowering the SecOps community with our security data ETL solutions, helping security teams scale pipelines, enhance data quality, and drive stronger threat detection. Contact us today to discover how Monad can help make life easier for SecOps teams: community@monad.com
