Security Orchestration Roadmap

by | Nov 8, 2018 | Case Study | 0 comments

Phase I

Initial assessment and strategy recommendations

Analysis of current SIEM infrastructure to identify or generate:
  • A list of currently used logs sources and extracted fields
  • Completeness of required log sources per logs source type
  • Data exploration analysis and determination of relevant cybersecurity features
  • Customized parsing for field extraction on incorrectly configured log sources
  • Implementation of dashboards to monitor performance of current log sources
SIEM Infrastructure improvements and optimization recommendations, including:
  • How to reduce operational cost by detecting collection of unnecessary logs and data transmission mechanisms.
  • Use cases that align with the cybersecurity strategy by leveraging expertise in both security and data science expertise in combination with available log sources
  • Data collection strategies to improve cybersecurity visibility

Phase II

Strategy implementation

  • Implement optimization recommendations to reduce operational cost
  • Mapping of Splunk (or any SIEM tool) add-ons to data sources
  • Collect asset and identity information for enrichment and correlation
  • Deploy add-ons to forwarders and indexers
  • Data model’s configuration and acceleration search load
  • Implementation of lookup tables for data enrichment
  • Implementation of operational alerts 
  • Implementation of dashboards and alerts for required use cases
  • Implementation of dashboards and reports to visualize security performance metrics.

Phase III

Machine Learning

  • Apply machine learning algorithms for data classification and exploratory analysis, including, cluster analysis, decision trees and PCA
  • Based on findings and business requirements, implement anomaly detection algorithms to identify useful insights from data
  • Reduce number of security alerts by using machine learning algorithms including clustering and automatic classification
  • Implement machine learning to detect anomalies on metrics

Download Our Case Study

* indicates required

Explore Other Resources from Advoqt Technology Group

Martin
Powered by Advoqt

Share This Article

Click below to share on social media