SIEM & Use-Case Assessment

SIEM or Security Incident and Event Management systems are intended to provide organisations a ‘one-window’ view of and enhanced visibility into
all security-related activity. 

BOOK A DISCOVERY CALL

SIEM or Security Incident and Event Management systems Assessment

SIEM or Security Incident and Event Management systems are intended to provide organisations a ‘one-window’ view of and enhanced visibility into all security-related activity.  

The basic building blocks of a healthy and effective SIEM is an effective log management strategy and the underlying cyber capability of an organisation. Put simply, the better and wider the log coverage (monitoring) in an organisation, the better the performance and output of its SIEM and the better the visibility into early malicious activity.

In addition to the above, use-cases form an integral part of SIEM systems and organisations rely heavily on use-cases to trigger malicious activity alerts (We call them threat scenarios or cyber-attack scenarios).

In this audit, we assess how your SIEM system is configured, assess the operational aspects of the SOC team and review the related monitoring technology stack.  Importantly, we also review a sample of your existing use-cases to highlight any critical gaps in the use-case logic and configurations. 

We DO not audit the SOC as an operational entity in this assessment. 

photodune-11286494-business-presentation-on-corporate-meeting-l
MORE INFO

Stakeholders

One of the primary objectives of this exercise is to collate and understand what the expected outcome of the service is. We, therefore, seek to speak to stakeholders including, but not limited to:

  • Sponsors of the SIEM project. 
  • Service manager/service delivery managers.
  • The 'customer' or recipients of the SIEM service.
  • Security analysts operating the SIEM.
  • Head of Security Operations.
  • Information Security representative(s).
  • Threat Intelligence Operations. 
MORE INFO

What We Examine

During our SIEM assessment, we will:

  • Review your existing SIEM configuration.
  • Review the use-cases (alerts etc) that are configured.
  • Review the monitoring policy and standards.
  • Gain an understanding of your technology landscape ( infrastructure & application). 
  • Gain an understanding of the organisation’s critical assets and risk appetite.
  • Review incident triage, analysis, and investigations.
Assessment (1)

Benefits

  • Understand how your approach to log management aligns with NIST's Computer Security Incident Handling Guide: NIST SP 800-61
    Revision 2.
  • Determine if your current SIEM implementation, configuration and its coverage are fit-for-purpose.
  • Assess a sample of current 'use-cases' and alerts in the SIEM tool and determine if they align with your organisation’s threats, threat actors and risk mitigation strategy.
  • Identify improvements in your monitoring and SIEM systems.
  • Recommend improvements in your uses and propose new, more relevant use-cases.
  • Pinpoint specific technical improvements to boost detection and response capabilities.
  • Identify potential cost savings on current and future spends.

Output (Report and Recommendations)

We will provide you with a formal report with a SOC maturity score  along with a breakdown of the additional observations made during the assessment.  The report also provides easy-to-understand recommendations on improving the score and closing the gaps. 

Approach

We adopt the same rigour, discipline and evidence-based approach to all our assessments. In Phase 1 &2, we are in a ‘fact-finding’ mode and want to read and consume all the necessary information.

Although we speak to staff in Phase 1, we tend to have more meaningful discussions in Phase 3 as we are more informed and hence more prepared with the right questions.

For the SIEM and technology assessments, we prefer technology walkthroughs so we can get a feel of the setup, mode of use and configurations. We also want to see the use-cases ‘in action’ and have an analyst walk us through several random use-cases and related incident tickets. We want to get a feel of what a ‘day’ looks like for the operator of the technology.

We then finish the assignment with a management report.

SIEM Workflow - alternateive (1)

Sample SIEM & Use-Case Assessment Schedule

Please note this is an approximation and the actual effort may vary depending on the client, the size of the SOC, the number of analysts and other factors.

Sample SIEM & Use-Case Assessment Schedule (1)

 

SIEM & Use-Case Assessment

3 Key Benefits of Conducting a SIEM & Use-Case Assessment

360-View

Determine if your current SIEM implementation, configuration, and coverage are fit-for-purpose.

Align Alerts and "Use-cases"

Assess a sample of current 'use-cases' and alerts in the SIEM tool and determine if they align with your organisation’s threats, threat actors, and risk mitigation strategy.

Identify Monitoring & Technical Improvements

Identify improvements in your monitoring and SIEM systems. Pinpoint specific technical improvements to improve detection and response capabilities.

Client Testimonials

We have assisted numerous organisations including FIFA, NHS, Capita, BNP Paribas, Formula One Racing, British Medical Journal, and many more with assessments and audits. Here's some feedback from just a few of them.

Mudassar Ulhaq

Mudassar Ulhaq - Chief Information Officer -Waverton Investment Management

"I would recommend Cyber Management Alliance’s tabletop workshops to anyone genuinely interested in being on top of their cyber incident response strategies. The format and style of conducting the entire workshop is what I found a lot of value in. Most importantly, the scenarios on which the workshop was based were relevant to the business, making the exercise a great investment of time and resources."

Aaron-Twonsend

Aaron Townsend - Service Delivery Manager - British Medical Journal

"In order for BMJ to the right way forward we looked for a VCISO to advise us on the right way to do things and give us expertise. We went to Cyber Management Alliance and it's been about a year now and we ran workshops, looked at our response to incidents, created the incident response plan and we are in a position now where we understand our way forward. Our VCISO keeps us on our toes and overall it's been a very effective way of delivering expertise into the organisation that we wouldn't have normally had."

Neil Mallon

Neil Mallon - Strategic Technology Leader - Aster Housing

"The Cyber Crisis Tabletop Exercise and corresponding audit conducted by Cyber Management Alliance Ltd was expertly delivered and has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now, and our next focussed steps. We will be engaging CM-Alliance on an annual basis."

We're here to help

Why not book a discovery call to discuss your requirements?

Why not find out more about our audits and assessments? Book a no-obligation discovery call with one of our consultants. 

Let us show you why our clients trust us and love working with us.

We provide support on cybersecurity strategy, policies, incident response, gap assessments, SIEM assessments, GDPR, Cyber Crisis Tabletop Exercises, Breach Readiness Assessments, and more. Speak to us to find out how we can assist. 

quotation

James C - CEO, UK Hedge Fund

Amar and the team at Cyber Management Alliance have been a huge help in getting our firm positioned to deal with cyber security risk.  Having opened our eyes to the variety and scale of challenges we face, and the potential financial consequences, they worked closely with us to improve our infrastructure, processes and understanding to embed cyber awareness into the firm.  Their invaluable experience has guided us to the point where we should receive ISO27001 accreditation in the coming weeks – a key stamp of approval that lets clients know we take these risks very seriously.