SERVICE DESCRIPTION

The SIEM Efficiency Validation and Hardening Service measures the efficiency of security event log structure and rules in detecting advanced threats by applying comprehensive attack simulations. When shortcomings are identified, customers of this service are provided with suggestions and detection rules developed for particular threats or threat groups.

WHY IS THIS SERVICE IMPORTANT?

Consecutive surveys on SIEM efficacy conducted by the SANS Institute reveal that SIEMs are the most preferred platforms for detecting security events. However, a significant proportion of SIEM users are dissatisfied due to either a large number of missed attacks or an unattainable number of alerts.

The SIEM Efficiency Validation and Hardening Service helps address these issues. It builds a proactive, threat-centric log validation capability to eliminate any log enablement and flow issues. Additionally, it identifies missed detections and provides detection content to fix gaps.

 

FEATURES
  • Compatibility with Diverse Systems.

  • utilising a Curated Library of real-world threats aligned with MITRE ATT&CK.

     

     

  • comprehensive analysis of attack timeline and response metrics

BENEFITS
  • assessing efficacy of current rules.

     

  • pinpointing deficiencies against adversarial TTPs.

  • discovering missing detection rules.

  • eliminating obsolete and unnecessary rules.

  • addressing incomplete and ambiguous use cases.

  • ensuring rules align with organisational needs.

  • measuring delays in event generation and alerting.

  • enhancing preparedness through simulations

  • activating the rule generation process.

TYPE OF ATTACKS
  • Understand how effectively your security controls block local and remote code exploitation.

  • Gauge if your defences are capable of blocking code injection, denial of service and brute force attacks.

  • controlled delivery of malicious files into the network, and determine detection efficacy

  • exfiltration of a wide range of sensitive "sample" data

DELIVERY AND MODE OF USE
  • regular reports on attack types and threat blocking status changes.

  • ongoing communication of security policy changes.

  • immediate communication for critical threat updates and blocking anomalies.

  • utilising email, SOAR, and service management for policy notifications.

Sign up here to join the free trial waiting list

Update cookies preferences