How would you categorize your security information and event management (SIEM) capabilities?

I don’t have a SIEM in place.

My SIEM is primarily used to demonstrate audit compliance.

My SIEM is used to monitor for and respond to compliance and security threats.

My SIEM is used to understand cybersecurity risk across the entire production environment.

My SIEM is used to understand cybersecurity risk across the entire logical, physical and social environment.

Describe the use cases being monitored by the SOC team

We do not have any use cases under monitoring

We use Standard/Default use cases

Our team has developed correlated use cases

We use anomaly and behaviour-based use cases

How would you rate your organization’s people and processes?

My organization doesn’t have any trained or skilled security analysts.

My organization does ad-hoc monitoring and response on a best effort basis.

There are some formal processes.

My organization has basic processes for monitoring alarms and responding to security incidents and tiered responsibilities. My organization may have an outsourced incident response capability.

My organization has formal playbooks document processes and gathers basic metrics. My organization has an 8*5 virtual or physical SOC that provides “eyes-on-the-glass” and delivers centralized orchestration of threat analysis and incident response.

My organization has advanced operational metrics and reporting and continually reviews processes. My organization has a 24*7 virtual physical SOC that provides “eyes-on-the -glass” and delivers centralized orchestration of threat analysis and incident response.

Which capabilities should be in your SIEM (Tick Box)

Open, Big Data-Based Architecture to Efficiently Store and Use Data

Real-Time Contextual Enrichment for Accurate Prioritization of Threats

Packaged Content for Quick Deployment of Cybersecurity Use Cases

Respond Faster to Threats with Automated Incident Response

Cloud-Based Deployment Options to Protect Cloud Investments

Comprehensive, Integrated UEBA, NTA, and SOAR Capabilities

Submit