Blog post -
The road to a successful implementation of SIEM and SOC
Implementing a SIEM and managed SOC is something that requires thorough research and preparation.
Having a SIEM solution or a managed SOC in place can be hugely rewarding, providing you with “eyes and ears” on what happens on your systems and network, while supporting your ongoing compliance efforts. But it can also be an extra expense that does not live up to your expectations, providing little true value, or even worse: a false sense of security.
I have highlighted some of the things that you need to consider before investing in a managed SOC or a SIEM solution, along with advice on how to successfully implement them and get the most possible value for your investment..
I will host a webinar about this to elaborate on my thoughts in greater detail on 2 July at 12.30 BST, which you can register for here.
But for now, here’s nine steps to consider before you invest in a SIEM solution and a managed SOC:
- Start by addressing the true value that you expect to get out of the solution – build the business case for your management team, based on how the solution will contribute to both operational security and to reducing business risk.
- Formulate measurable goals for what you want to achieve. For instance, are you interested in reducing TTD and TTR (time to detect and time to respond), or do you simply need to meet certain compliance requirements? Using the CARTA model from Gartner can be a good way to determine what you want to accomplish, aligning your strategy to the four pillars of adaptive risk management (Predict, Prevent, Detect and Respond)
- Evaluate whether you have the needed maturity of people, processes and technology that is required to make your SIEM an succes, and if you are able to use the enriched data and intelligence a managed SOC provides
- If you are building your own SIEM tool and establishing SOC capabilities, you will need to decide whether you will use off-the shelf proprietary solutions or open-source software
- Ask yourself, how does an in-house SIEM solution and managed SOC compare to a fully managed detection & response (MDR) service, in accordance with your actual needs (see point 1 & 2 above).
- Determine the level of coverage that is right for your organization; i.e. which assets you need to log and monitor. Are you satisfied with monitoring core infrastructure only, or should you include certain (or all) business applications, cloud, devOps, serverless, etc.
- Decide on the specific capabilities that are useful to your organization. For example, do you require capabilities such as active threat hunting, digital footprint assessments, threat intelligence capabilities, incident response, user and entity behavior analytics, SOAR, etc.?
- Ensure that you have the necessary internal resources to drive and ensure quality of the onboarding process and the implementation and fine tuning of your SIEM and managed SOC
- Define a staged approach for implementation with realistic and measurable milestones. A multi-phased approach with several project iterations within each phase is always preferable
I’ll talk about this in more detail on 2 July at 12.30 BST. You can sign up here, free of charge.
Gaffri Johnson, Senior Security Consultant, NCC Group
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.