SIEM Validation & Hardening
SERVICE DESCRIPTION
The SIEM Efficiency Validation and Hardening Service measures the efficiency of security event log structure and rules in detecting advanced threats by applying comprehensive attack simulations. When shortcomings are identified, customers of this service are provided with suggestions and detection rules developed for particular threats or threat groups.
WHY IS THIS SERVICE IMPORTANT?
Consecutive surveys on SIEM efficacy conducted by the SANS Institute reveal that SIEMs are the most preferred platforms for detecting security events. However, a significant proportion of SIEM users are dissatisfied due to either a large number of missed attacks or an unmanageable number of alerts.
The SIEM Efficiency Validation and Hardening Service helps address these issues. It builds a proactive, threat-centric log validation capability to eliminate any log enablement and flow issues. Additionally, it identifies missed detections and provides detection content to fix gaps.
FEATURES
-
Compatibility with Diverse Systems.
-
utilising a Curated Library of real-world threats aligned with MITRE ATT&CK.
-
comprehensive analysis of attack timeline and response metrics
BENEFITS
-
assessing efficacy of current rules.
-
pinpointing deficiencies against adversarial TTPs.
-
discovering missing detection rules.
-
eliminating obsolete and unnecessary rules.
-
addressing incomplete and ambiguous use cases.
-
ensuring rules align with organisational needs.
-
measuring delays in event generation and alerting.
-
enhancing preparedness through simulations
-
activating the rule generation process.
TYPE OF ATTACKS
-
Understand how effectively your security controls block local and remote code exploitation.
-
Gauge if your defences are capable of blocking code injection, denial of service and brute force attacks.
-
controlled delivery of malicious files into the network, and determine detection efficacy
-
exfiltration of a wide range of sensitive "sample" data
WHO SHOULD USE IT
SUPPORTED SOLUTIONS
DELIVERY AND MODE OF USE
-
regular reports on attack types and threat blocking status changes.
-
ongoing communication of security policy changes.
-
immediate communication for critical threat updates and blocking anomalies.
-
utilising email, SOAR, and service management for policy notifications.
-
Attack Surface Management
The Attack Surface Management service delivers a comprehensive approach to managing and securing an organisation's digital presence. It encompasses the systematic identification, evaluation, and fortification of the various points where an organisation is vulnerable to cyber threats, thereby reducing its overall risk profile.
-
Threat-Centric NIPS & WAF Validation & Hardening
The "Threat Centric Perimeter Defence Validation & Hardening" service measures the readiness of network intrusion prevention (NIPS) and web application firewall (WAF) solutions against a large set of recent advanced threats. If any gaps are identified, customers of this service will be notified of required policy update actions tailored to their specific environment.