Very often we encounter a situation where a customer would like to implement an additional level of security in the form of a SIEM solution, but cannot yet specify their requirements. In this case, they then choose a "box" solution, where the supplier delivers a box, some logs are directed to the system and 200 security rules are enabled, and the system does something. And here is the primary stumbling block. Just because the system is green doesn't mean it is doing what it is supposed to do, or even doing anything at all.
Further, security must not end with the implementation of the SIEM tool, but must continue with other processes such as defining playbooks for the SOC team's needs, defining test scenarios by which the system must be tested regularly, and other activities for the proper functioning of the SOC team.
The delivered solution is not a turnkey solution, but just the opposite. It is a completely preconfigured system for a predefined list of source systems and a predefined list of security Use-Cases based on the MITRE ATT&CK methodology. The entire configuration is fully tested, and its correct operation is fully guaranteed.
The customer does not have to create a new team to take care of the product or train people to run the system. All activities related to the operation are done remotely in the price of the product. These are mainly system updates, prophylaxis and possible troubleshooting.
Furthermore, regular updates of the security Use-Case are ensured.
Completely pre-configured SIEM.
Fine-tuned data collection for selected sources.
Delivery of documentation to enable the necessary data logs.
Tuned security Use-Case over defined data sources.
For selected Use-Case ready templates for Playbooks.
The system remains open for further development.
Speed of deployment - within 5 days including training.
Saving human resources.
Elimination of false-positives.
Supplying the documents to the SOC so that they can use the system immediately.
After installation, immediately fully functional system.
Saving money.
