SIEM Consulting
Have you bought an SIEM product and aren’t getting the results you were hoping for? We’re here to help, as SIEM has been SECUINFRA’s core competence since 2010. Drawing on our years of experience in over 100 SIEM consulting projects, we will get the best out of your SIEM.
When introducing an SIEM solution, it’s not just a matter of installing an SIEM product and connecting a few event sources. If you want make the process of introducing your SIEM solution run smoothly and gain added value from your SIEM system after a short amount of time, then speak to us. Our experience gained from more than 25,000 days of SIEM consulting since 2010 will help you avoid any mistakes.
Various roles with different skills are required to operate an SIEM solution. Using our hybrid, modular and flexible co-managed SIEM approach, you decide which competences you want to develop in-house and which services to purchase from us. Together, we ensure you end up with a first-class SIEM operation.
Why SECUINFRA
EXPERIENCE
COMPREHENSIVE
SUSTAINABILITY
ABILITY TO DELIVER
END-TO-END SIEM USE CASES
Planning SIEM
PT
SIEM workshop
PT
SIEM consulting
Due to our experience gained from more than 25,000 days of SIEM consulting in over 100 SIEM projects, we can give you the best possible advice in the field of SIEM. We address your requirements and expectations and help you develop an SIEM concept that forms the foundation of how your SIEM solution is introduced and operated.
PT
SIEM concept
The SIEM concept is the basis for introducing and subsequently operating the SIEM solution. It’s also perfect for use as an SIEM request for proposal.
Introducing SIEM
Introduce SIEM processes
Operating an SIEM solution requires a clear operating concept with coordinated processes. We help you implement the processes defined in the SIEM concept.
Introduce an SIEM operating concept
Operating an SIEM solution requires a clear operating concept with coordinated processes. We help you implement the defined SIEM operating concept. On request, we can also manage individual operating roles for you.
SIEM training and knowledge transfer
SECUINFRA also supplements the implementation of your SIEM solution with extensive services that facilitate knowledge transfer. In addition to product training, our primary objective is to teach you how to use your SIEM solution for your specific tasks.
Introduce additional detection tools
Standard event sources aren’t adequate for identifying all relevant events, which is why we recommend using additional tools. We help you choose and implement them.
Connect event sources
An SIEM without events is like a sailboat without wind. We integrate all the necessary event sources into your SIEM solution. If they aren’t supported as standard, we develop the necessary connectors.
Audit log policies
Only recognized, logged events can be evaluated by an SIEM solution. We help you define the ideal audit log policies.
SIEM use cases
SIEM use cases enable you to identify relevant incidents within the volumes of data in your SIEM solution. When creating SIEM use cases, we draw on many years of experience and an extensive database of SIEM use cases.
Create SIEM content packages
SIEM use cases enable detection of relevant incidents. Our SIEM content packages provide a manageable overview of them and prepare them for further processing.
Interfaces to other tools
An SIEM solution should be at the core of your cyber defense strategy and offer numerous interfaces to other tools, such as ITSM, asset databases and vulnerability scanners. We help you integrate the SIEM solution into your IT management infrastructure.
Choose an SIEM product
In recent years, we’ve become familiar with the pros and cons of all of the leading SIEM products. We’ll gladly pass along what we’ve learned to you.
Determine the SIEM solution’s design
Based on the SIEM concept laid out during the planning phase, we design the ideal SIEM solution for you.
Implement an SIEM solution
Once the product has been selected and the design is complete, we implement the SIEM solution in your infrastructure.
Before buying an SIEM product, you should at least consider the following points: your SIEM objectives and overall conditions, SIEM use cases, event sources, audit log policies, EPS, GB/day, retention, SIEM roles, SIEM operating models, SIEM processes and works council involvement.
SECUINFRA is here to support you with all of these and other SIEM topics.
You bring with you your SIEM-related expectations and goals, to which we add our many years of experience in the fields of SIEM consulting and operational support.
Before introducing an SIEM solution, we clarify with you all points related to SIEM and set them out in an SIEM concept.
The SIEM concept is the basis for introducing and subsequently operating your SIEM solution. It’s also the perfect framework for an SIEM request for proposal.
Operating SIEM
Various roles with different skills are required to operate an SIEM solution. Using our hybrid, modular and flexible co-managed SIEM approach, you decide which competences you want to develop in-house and which services to purchase from us. Together, we ensure you end up with a first-class SIEM operation.
However you want to operate your SIEM solution, speak to us. We offer you flexible support in the areas where you need our expertise, while everything else stays in-house with you.
Threat hunting
• Log data analysis based on internal or external incidents
• Log data analysis based on newly discovered IOCs and detected attacks on other SECUINFRA clients
• Clear recommendations for the incident response team if and when security incidents occur
Level 1 analysis
• Initial analysis of SIEM alerts
• Elimination of false positives and duplicate notifications
• Escalation of relevant incidents to Level 2 analysis
Level 2 analysis
• Detailed analysis and assessment of relevant incidents
• Consultation with the users and staff affected to clearly assess relevant incidents
• Clear recommendations for the incident response team if and when security incidents occur
Incident response support
• Performance of compromise assessments for identifying compromised IT systems
• Performance of forensic analysis to clarify the course of events and secure evidence
• Incident response support for the fastest possible recovery of IT operations
SIEM content development
• Development, maintenance and continuous optimization of end-to-end SIEM use cases
• Development, maintenance and continuous optimization of other SIEM content
• Development, maintenance and continuous optimization of connections to external systems
SIEM platform operation
• Ensuring a smooth SIEM operation
• Permanent monitoring of the availability and utilization of all SIEM components
• Continuous updating of all SIEM components
Log source monitoring
• Ensuring the quality and availability of connected log data
• Permanent monitoring of the availability and quality of connected log data
• Implementation of the necessary updates if and when changes are made to log sources
With the SECUINFRA co-managed SIEM approach, all SIEM components and data always stay with you. The detection mechanisms (SIEM use cases) are also your intellectual property and belong to you. This means you can easily make adjustments to your SIEM operations at any time.
SIEM Consulting references
- DISCRETION
At SECUINFRA, we don’t publish a client list or references.
Our clients’ right to privacy always trumps our marketing interests. - SUCCESS THROUGH REFERRALS
Since 2010, we’ve focused on SIEM consulting and have managed to gain more SIEM consulting experience than any other company in Europe on 100+ client projects over some 25,000 days of SIEM consulting. Almost all clients were made aware of SECUINFRA through a referral and have went on to recommend us to others in turn. - REFERENCES ON REQUEST
If you’re interested in our services, we’ll happily put you in touch with suitable reference clients.