dashboards - All Articles - CISO Platform2024-03-29T11:10:05Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/dashboardsHow effective is your SIEM Implementation? - CISO Platform<https://www.cisoplatform.com/profiles/blogs/how-effective-is-your-siem-implementation2014-05-01T19:00:00.000Z2014-05-01T19:00:00.000Z23j0c848tmyvuhttps://www.cisoplatform.com/members/23j0c848tmyvu<div><p><span style="font-size:12pt;color:#333333;font-family:arial, helvetica, sans-serif;"><br /> During the last few penetration testing conducted for certain organizations, we have discovered a surprising fact that almost all the SIEM implementation had gaps on the implementation levels. For example, in certain cases, SIEM did not even detect at all when the internal network was conducted with rigorous penetration testing.</span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3">I am not saying that all the SIEM implements are as bad as stated; however, it is mandatory to find out if your SIEM implementation is actually as effective as you perceive it.</span></p><p><span style="font-family:arial, helvetica, sans-serif;color:#333333;" class="font-size-3">( <span id="docs-internal-guid-04bab18d-0000-d82c-9d1d-870537e16157"><span>Read More:</span> <strong><a href="http://www.cisoplatform.com/profiles/blogs/top-10-incident-response-siem-talks-from-rsa-conference-2016">Top 10 'Incident Response & SIEM' talks from RSA Conference 2016 (USA)</a></strong></span></span><b> </b><span style="font-family:arial, helvetica, sans-serif;color:#333333;" class="font-size-3">)</span></p><p></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><strong><span style="font-size:1.17em;">How to find out if your SIEM implementation is effective?</span></strong></span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3">Following are few steps you can find out if your SIEM implementation is effective.</span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><b>Ask Right Questions: </b>One of the great ways to figure out effective implementation of SIEM is to ask certain questions to your Security Team. Some of my favorite questions are as follows:</span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><b>1. Does your SIEM Dashboard have too many non-actionable alerts?</b> If yes, SIEM is either not monitoring right metrics or alerts are not prioritized, or alerts are not linked to actionable tasks.</span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><b>2. Does your SIEM display and reports critical metrics on Dashboards?</b></span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><b>3. Does your SIEM Dashboard support Drill down Functionality?</b> If no, probably your security team is spending too much time on finding out details of critical alerts which are probably false positives.</span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><b>4. Does your SIEM detect early sign of Attacks on Internal and External Networks?</b> Some of the early signs of attacks are Ping Sweeping, Port Scanning, Service Fingerprinting and Crawling of Web Apps etc.</span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><b>5. Does your SIEM detect classical internal network attacks like ARP Poisoning, MITM Attacks, Exploitation, and New Devices connecting to network?</b> If no, probably, your internal networks are at high risk of being misused by internal attackers, malwares viruses etc.</span></p><p><span style="font-family:arial, helvetica, sans-serif;color:#333333;" class="font-size-3">( Watch more :</span> <strong><span style="font-family:arial, helvetica, sans-serif;" class="font-size-3"><a href="http://www.cisoplatform.com/video/attacks-on-smart-tv-and-connected-smart-devices">Attacks on Smart TV and Connected Smart Devices</a></span></strong><b> </b><span style="font-family:arial, helvetica, sans-serif;color:#333333;" class="font-size-3">)</span></p><p></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><b>Conduct a Penetration Testing:</b> One of the great ways to verify your SIEM implementation is to conduct a penetration test on your network. In best case, do not notify your SIEM monitoring team and be ready to get few surprises.</span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><b>3rd Party SIEM Review and Auditing:</b> Get your SIEM implementation (primarily configuration and integrations) reviews and audited either by external vendors or internal different teams.</span></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3">Finally create actionable plan to bridge any gaps that you have discovered in your SIEM implementation.</span></p><p></p><p><span style="color:#333333;font-family:arial, helvetica, sans-serif;" class="font-size-3"><strong>Courtesy: iViZ Blog (Author: Jitendra Singh Chauhan) </strong></span></p><p><span style="font-family:arial, helvetica, sans-serif;color:#333333;" class="font-size-3"><strong>Source: <a href="http://www.ivizsecurity.com/blog/penetration-testing/how-effective-is-your-siem-implementation/"><span style="color:#333333;">http://www.ivizsecurity.com/blog/penetration-testing/how-effective-is-your-siem-implementation/</span></a> <br /></strong></span></p><p></p><p><span style="font-family:arial, helvetica, sans-serif;color:#333333;" class="font-size-3"><em>What are your tips for SIEM Implementation? Share your thoughts in the comments below. </em></span></p><p><span style="font-family:arial, helvetica, sans-serif;color:#333333;" class="font-size-3"><em>Or</em> </span><strong><span style="font-family:arial, helvetica, sans-serif;" class="font-size-3"><a href="http://www.cisoplatform.com/profiles/blog/new"></a><a href="http://www.cisoplatform.com/profiles/blog/new">Click here to write an article at CISO Platform</a></span></strong><span style="font-family:arial, helvetica, sans-serif;color:#333333;" class="font-size-3"><b> </b><br /></span></p><p></p></div>