IT security is a complex topic that involves procedures that require explanation. In order to explain our services to you in a comprehensible way, we have put them into an everyday context. The protagonists are our basement keepers Maximilian and Amir.
"Like every day, Maximilian and Amir go to their favorite snack bar on the main shopping street during their lunch break. Even from a distance, the two of them see a long queue in front of the restaurant and, sighing, get in line. Impatiently, Amir begins to ponder. Currywurst with fries again?"
A well-thought-out plan is needed to convince the routine-based Maximilian. SIEM implementation also requires thorough consideration of where your company stands, what goals you want to achieve, and what the framework conditions are.
Amir remembers that Maximilian is a pasta fan. He cleverly steers the conversation to last night's spaghetti bolognese. Is his hypothesis correct? The same thing happens with your SIEM process. All assumptions are thoroughly tested and verified.
Step by step
Done, Maximilian is on board! Now olives, pizza and pasta fall in every subordinate clause. Like the step-by-step approach to Italian food, your SIEM process will be implemented. You decide which specifications you want to implement first.
After the Italian, is before the Italian. You will regularly receive data that you can use in your SIEM system. Continuously monitor your system and develop it together with our experts.
The choice of some suitable SIEM solution is already a large and important part of the implementation. To ensure that a realistic estimate of the project scope and schedule can be made, a kick-off workshop is arranged with our SIEM specialists. A critical aspect of the planning phase is the definition of the use cases. Many use cases are already implicitly known or desired and can be discussed by the various business departments and our SIEM specialists.
What are the applications that the customer sees as key? Firewall? IDS/IPS? Antivirus?
Where are the critical threats to the customer's environment? These could be found, for example, through a Bussiness Impact Analysis.
Why are the threats found critical, and how does an incident impact the customer's business continuity and vitality?
How does the customer respond in the event of an incident? The customer can be supported in the same process to define the IT incident management with the help of a SIEM solution.
For a SIEM solution to be successful, not only from a technical point of view, but also from a business point of view, it is very important to determine the business-critical data sources. Through such a determination, a SIEM specialist is able to prioritize the ingested data sources, e.g. firewall, IDS, IPS, web proxies and Windows events.
A SIEM solution should not only collect data, but also help evaluate it. The most important functionality of a SIEM solution is alerting. Prioritized alerting is necessary so that incidents can be responded to in a timely and expeditious manner. In the course of planning, events and alerts from high-priority systems must be identified and documented.
As a return on investment for a SIEM solution, metrics are a good starting point. A SIEM specialist can help implement the SIEM solution in line with business goals. Such metrics should be discussed and defined prior to implementation.