This session covers SIEM augmentation importance, benefits, common use cases, architecture stack, evaluation plan & more. Security information and event management (SIEM) solutions and security operations tools in general are not perfect, each with their own blind spots and pitfalls. However, with the addition of a single tool, you can demonstrably improve your team’s ability to detect and respond to threats and at a reduced total cost.

Session Agenda

  • SIEM Augmentation - Why & How (using Chronicle and benefits)
  • SIEM Augmentation Use Cases (common use cases)
  • SIEM Augmentation Architecture (data flow between SIEMS, effect on operations)
  • SIEM Augmentation Action Plan (short term and mide term plan to evaluate SOC stack and augmentation)



About Speaker

Sharat is SIEM Head Product Marketing, Google Cloud. Leader with a demonstrated history of working in the information technology and cybersecurity industry. Skilled in Competitive Intelligence, Management, Customer Escalation Management, Information Security, and Technical Product Marketing. Information Security professional with a Master of Science focused in Telecommunications from University of Colorado at Boulder and a Bachelors in Electrical Engineering from Anna University, India.



(Webinar) Recorded



Discussion Highlights

1. Why augment your SIEM:

-More cost saving

-New use cases

-New Telemetry cases



2. How to start augment your SIEM

  • Does your SIEM address all current and planned use cases cost-effectively?
  • Does your SIEM address current use cases but at an unsustainable cost?
  • Does your SIEM address current use cases but future scaling is not assured?



 3. SIEM Augmentation Use Cases:

-The "Cover All Your Bases" Use Case

-The :Hoarding is Rewarding" Use Case

-The "Automation Station" Use Case




 4. SIEM Augmentation Architectures:




5. What to watch for when Augmenting:

-Data collection pitfalls may materialize

-Split data needed for one use cases

-Multiple workflows add complexity

-Detection content duplication

-Source of record



6. SIEM Augmentation action plan:

- Short term recommendations

  • Review your detection and response tools & processes
  • Identify gaps in current use case coverage
  • Map out collection and retention of telemetry data
  • Identify costs and challenges to address

- Medium term recommendations

  •  Look for cloud scenarios that are not addressed
  • Review choices for a joint, augmented architecture
  • Evaluate the need for SOAR capabilities
  • Run a POC of chronicle for your data



E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)