WELCOME

SIEM & Use-Case Assessment

SIEM or Security Incident and Event Management systems are intended to provide organisations a ‘one-window’ view of and enhanced visibility into all digital activity within an organisation. 

BOOK A DISCOVERY CALL

SIEM or Security Incident and Event Management systems Assessment.

SIEM or Security Incident and Event Management systems are intended to provide organisations a ‘one-window’ view of and enhanced visibility into all digital activity within an organisation.  

The basic building blocks of a healthy and effective SIEM is an effective log management strategy and the underlying cyber capability of an organisation. In the simplest terms, the better and wider the log coverage in an organisation, the better the performance and output of its SIEM.

In addition to the above, use-cases (we call them threat scenarios or cyber-attack scenarios) form an integral part of the current SIEM systems and organisations rely heavily on use-cases to trigger alerts that indicate malicious activity.

In this audit, we assess how your SIEM or Security Incident and Event Management system is configured, assess the operational aspects of the SoC team, and review the related monitoring technology stack.  Importantly, we also review a sample of your existing use-cases to highlight any critical gaps in the use-case logic and configurations.

SIEM Workflow - alternateive (1)
MORE INFO

Stakeholders

One of the primary objectives of this exercise is to collate and understand what the expected outcome of the service is and we seek to speak to stakeholders including, but not limited to:

  • Sponsors of the SIEM project. 
  • Service manager/service delivery managers.
  • The 'customer' or recipients of the SIEM service.
  • Security analysts operating the SIEM.
  • Head of Security Operations.
  • Information Security representative(s).
MORE INFO

What We Examine

During our SIEM assessment, we will:

  • Review your existing SIEM configuration.
  • Review the use-cases (alerts etc) that are configured.
  • Review the monitoring policy and standards.
  • Gain an understanding of your technology landscape ( infrastructure & application). 
  • Gain an understanding of the organisation’s critical assets and risk appetite.
  • Review incident triage, analysis, and investigations.
Assessment (1)

Benefits

  • Determine if your current SIEM implementation, configuration and its coverage are fit-for-purpose. 
  • Assess a sample of current 'use-cases' and alerts in the SIEM tool  and determine if they align with your organisation’s threats, threat actors and risk mitigation strategy. 
  • Identify improvements in your monitoring and SIEM systems.
  • Recommend improvements in your uses and propose new more relevant use-cases.
  • Pinpoint specific technical improvements to improve detection and response capabilities.
  • Identify potential cost savings on current and future spends.

Report and Recommendations

We will provide you with a formal report with a SOC maturity score  along with a breakdown of the additional observations made during the assessment.  The report also provides easy-to-understand recommendations on improving the score and closing the gaps. 

Approach

We adopt the same rigour, discipline and evidence-based approach to all our assessments. In Phase 1, we are in a ‘fact-finding’ mode and want to read and consume all the necessary information. Although we speak to staff in Phase 1, we tend to have more meaningful discussions in Phase 2, as we are more informed and hence more prepared with the right questions. 

For the SIEM and technology assessments, we prefer technology walkthroughs so we can get a feel of the setup, mode of use and configurations.  We also get a feel of what a ‘day’ looks like for the operator of the technology. 

We then finish the assignment with a management report.

 

Sample SIEM & Use-Case Assessment Schedule

 

Sample SIEM & Use-Case Assessment Schedule (1)

 

SIEM & Use-Case Assessment

3 Key Benefits of conducting a SIEM & Use-Case Assessment

360-View

Determine if your current SIEM implementation, configuration, and coverage are fit-for-purpose.

Align Alerts and "Use-cases"

Assess a sample of current 'use-cases' and alerts in the SIEM tool and determine if they align with your organisation’s threats, threat actors, and risk mitigation strategy.

Identify Monitoring & Technical Improvements

Identify improvements in your monitoring and SIEM systems. Pinpoint specific technical improvements to improve detection and response capabilities.

Client Testimonials

We have assisted numerous organisations including FIFA, NHS, Capita, BNP Paribas, Formula One Racing, British Medical Journal, and many more with assessments and audits. Here's some feedback from just a few of them.

Mudassar Ulhaq

Mudassar Ulhaq - Chief Information Officer -Waverton Investment Management

"I would recommend Cyber Management Alliance’s tabletop workshops to anyone genuinely interested in being on top of their cyber incident response strategies. The format and style of conducting the entire workshop is what I found a lot of value in. Most importantly, the scenarios on which the workshop was based were relevant to the business, making the exercise a great investment of time and resources."

Aaron-Twonsend

Aaron Townsend - Service Delivery Manager - British Medical Journal

"In order for BMJ to the right way forward we looked for a VCISO to advise us on the right way to do things and give us expertise. We went to Cyber Management Alliance and it's been about a year now and we ran workshops, looked at our response to incidents, created the incident response plan and we are in a position now where we understand our way forward. Our VCISO keeps us on our toes and overall it's been a very effective way of delivering expertise into the organisation that we wouldn't have normally had."

Neil Mallon

Neil Mallon - Strategic Technology Leader - Aster Housing

"The Cyber Crisis Tabletop Exercise and corresponding audit conducted by Cyber Management Alliance Ltd was expertly delivered and has given us insights to reinforce our cyber strategy by continuing to help build the picture of where we were, where we are now, and our next focussed steps. We will be engaging CM-Alliance on an annual basis."

We're here to help

Why not book a discovery call to discuss your requirements?

Why not find out more about our audits and assessments, book a no-obligation discovery call with one of our consultants. 

Let us show you why our clients trust us and love working with us.

We provide support on cybersecurity strategy, policies, incident response, gap assessments, SIEM assessments, GDPR, Cyber Crisis Tabletop Exercises, Breach Readiness Assessments, and more. Speak to us to find out how we can assist. 

quotation

James C - CEO, UK Hedge Fund

Amar and the team at Cyber Management Alliance have been a huge help in getting our firm positioned to deal with cyber security risk.  Having opened our eyes to the variety and scale of challenges we face, and the potential financial consequences, they worked closely with us to improve our infrastructure, processes and understanding to embed cyber awareness into the firm.  Their invaluable experience has guided us to the point where we should receive ISO27001 accreditation in the coming weeks – a key stamp of approval that lets clients know we take these risks very seriously.