Choosing a SIEM solution that is suited to an organisation’s environment involves the consideration of many factors such as scope, size of the organisation, who is going to manage the alerts and how are the incidents going to be actioned. Establishing an ICT Risk Management framework is a fundamental consideration to establishing the requirements to designing and deploying the right solution.
We recommend a security review to analyse the environment and identify the risks and monitoring requirements. Then based on the findings we define the systems and critical infrastructure that needs to be monitored to gain an understanding of the reporting and logging capabilities. The configuration, tuning and ongoing maintenance of the SIEM tool can become overwhelming and if not configured properly with the right processes. These tasks are taken in consideration when deciding on SIEM solution discussed in detail and planned selection and deployment of a solution.
|Review of current monitoring and reporting processes
|Review the current the current environment, obtain the current level of monitoring and reporting, discuss the security requirements. Report on findings and provide feedback and recommendations.
|SIEM Design and Deployment
|Deploy, tune and monitor SIEM solution. Draft associated policies and procedures to provide clear guidance as to how to manage and address the alerts. Document and provide training.