This session covers SIEM augmentation importance, benefits, common use cases, architecture stack, evaluation plan & more. Security information and event management (SIEM) solutions and security operations tools in general are not perfect, each with their own blind spots and pitfalls. However, with the addition of a single tool, you can demonstrably improve your team’s ability to detect and respond to threats and at a reduced total cost.
Session Agenda
- SIEM Augmentation - Why & How (using Chronicle and benefits)
- SIEM Augmentation Use Cases (common use cases)
- SIEM Augmentation Architecture (data flow between SIEMS, effect on operations)
- SIEM Augmentation Action Plan (short term and mide term plan to evaluate SOC stack and augmentation)
About Speaker
Sharat is SIEM Head Product Marketing, Google Cloud. Leader with a demonstrated history of working in the information technology and cybersecurity industry. Skilled in Competitive Intelligence, Management, Customer Escalation Management, Information Security, and Technical Product Marketing. Information Security professional with a Master of Science focused in Telecommunications from University of Colorado at Boulder and a Bachelors in Electrical Engineering from Anna University, India.
(Webinar) Recorded
Discussion Highlights
1. Why augment your SIEM:
-More cost saving
-New use cases
-New Telemetry cases
2. How to start augment your SIEM
- Does your SIEM address all current and planned use cases cost-effectively?
- Does your SIEM address current use cases but at an unsustainable cost?
- Does your SIEM address current use cases but future scaling is not assured?
3. SIEM Augmentation Use Cases:
-The "Cover All Your Bases" Use Case
-The :Hoarding is Rewarding" Use Case
-The "Automation Station" Use Case
4. SIEM Augmentation Architectures:
5. What to watch for when Augmenting:
-Data collection pitfalls may materialize
-Split data needed for one use cases
-Multiple workflows add complexity
-Detection content duplication
-Source of record
6. SIEM Augmentation action plan:
- Short term recommendations
- Review your detection and response tools & processes
- Identify gaps in current use case coverage
- Map out collection and retention of telemetry data
- Identify costs and challenges to address
- Medium term recommendations
- Look for cloud scenarios that are not addressed
- Review choices for a joint, augmented architecture
- Evaluate the need for SOAR capabilities
- Run a POC of chronicle for your data
Comments