It is a fact, many SIEM solutions have a common destiny with home trainers. They are purchased with excitement, with the highest expectations but, though the investment can be rather important, they frequently end up underused, not to say unused.
The main cause is a lack of preparation. SIEM solutions can appear complex and “user-unfriendly” whereas it is actually easy and very effective if you process with the right method.
In this article, I am happy to share with you the best practices for a hassle-free SIEM deployment.
The success of a SIEM deployment relies on a phased approach that IT Security Managers and CISO must adopt and apply. In this article, we will cover the different critical steps to deploy SIEM technology to make it a profitable investment for the organization.
It consists in 3 main tasks that must be carefully run in the organization by the IT security team.
Note that this is a “high level” planification process. It does not consist in documenting the exact event IDs of the Active Directory. The objective is to document the various types events corresponding to a scenario. For example, if you would like to protect from a brute-force attack, you need to test the scenario with the authentication events failed and the authentication events approved.
Furthermore, the response delay must be defined too.
The deployment of the SIEM is then rather simple. It goes through the following steps:
It is important to point out that this is an iterative process. It is run first at the installation and it must be reviewed on a regular basis. The operational feedback allows the configuration fine-tuning which make the whole difference as the infrastructure and the threats are constantly evolving.
Do you have any question regarding SIEM technology?
Nellsoft can help you at every stage, from the auditing to the deployment and the operation of the solution. Please contact us, we will arrange an appointment to discuss your needs.
« Fortinet users, how to send logs to non Fortinet log servers ?