Improving SIEM and MSSP Performance

Date: December 09, 2020

Recorded on Wednesday, December 9, 2020.

The goal of the Security Information and Event Management (SIEM), and theSecurity Operations Center (SOC) or Managed Security Service Provider (MSSP) that manage it, is to relay actionable intelligence that enables security teams to address potential incidents and deficiencies.

Your Detections Aren’t Working

At least that should be the starting point on your assumptions. Estimates vary, but on average, it takes between 50 and 280 days to detect and resolve malicious attacks. Logging, monitoring, and alerting are some of the most critical elements of any security program, but traditional approaches are often expensive, laborious, and can create blind spots for detecting early indicators of compromise (IoCs).

And You’re Paying Too Much

While SIEM vendors may tout the ability to monitor petabytes of data, this can increase costs exponentially.   By examining the business processes, aligning alerts to the most common event IDs, and adding a layer of aggregation and correlation, organizations can reduce duplicate or unhelpful alerts by up to 50%!

 Other Than That, What’s the Problem?

Join Ben Mauch, Team Lead, Defense & Countermeasures, and Rick Yocum, Principal Advisory Consultant, who will discuss the various elements of gaining greater value from your SIEM and MSSP, including:

  • Common challenges and core causes
  • Goals and use cases
  • Proper ingestion
  • Approaches for addressing ingestion issues
  • Good alerting and reporting examples
  • Remediation approaches
  • Gaining more value from penetration testing
  • Aligning to Mitre ATT&CK (Adversarial Tactics, Techniques & Common Knowledge)