How effective is your SIEM Implementation? - CISO Platform<

During the last few penetration testing conducted for certain organizations, we have discovered a surprising fact that almost all the SIEM implementation had gaps on the implementation levels. For example, in certain cases, SIEM did not even detect at all when the internal network was conducted with rigorous penetration testing.

I am not saying that all the SIEM implements are as bad as stated; however, it is mandatory to find out if your SIEM implementation is actually as effective as you perceive it.

Read More: Top 10 'Incident Response & SIEM' talks from RSA Conference 201... )

How to find out if your SIEM implementation is effective?

Following are few steps you can find out if your SIEM implementation is effective.

Ask Right Questions: One of the great ways to figure out effective implementation of SIEM is to ask certain questions to your Security Team. Some of my favorite questions are as follows:

1. Does your SIEM Dashboard have too many non-actionable alerts? If yes, SIEM is either not monitoring right metrics or alerts are not prioritized, or alerts are not linked to actionable tasks.

2. Does your SIEM display and reports critical metrics on Dashboards?

3. Does your SIEM Dashboard support Drill down Functionality? If no, probably your security team is spending too much time on finding out details of critical alerts which are probably false positives.

4. Does your SIEM detect early sign of Attacks on Internal and External Networks? Some of the early signs of attacks are Ping Sweeping, Port Scanning, Service Fingerprinting and Crawling of Web Apps etc.

5. Does your SIEM detect classical internal network attacks like ARP Poisoning, MITM Attacks, Exploitation, and New Devices connecting to network? If no, probably, your internal networks are at high risk of being misused by internal attackers, malwares viruses etc.

( Watch more : Attacks on Smart TV and Connected Smart Devices )

Conduct a Penetration Testing: One of the great ways to verify your SIEM implementation is to conduct a penetration test on your network. In best case, do not notify your SIEM monitoring team and be ready to get few surprises.

3rd Party SIEM Review and Auditing: Get your SIEM implementation (primarily configuration and integrations) reviews and audited either by external vendors or internal different teams.

Finally create actionable plan to bridge any gaps that you have discovered in your SIEM implementation.

Courtesy: iViZ Blog (Author: Jitendra Singh Chauhan)    


What are your tips for SIEM Implementation? Share your thoughts in the comments below. 

Or  Click here to write an article at CISO Platform 

Views: 1629

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform



CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service