Security Orchestration Roadmap

by | Nov 8, 2018 | Case Study | 0 comments

Phase I

Initial assessment and strategy recommendations

Analysis of current SIEM infrastructure to identify or generate:
  • A list of currently used logs sources and extracted fields
  • Completeness of required log sources per logs source type
  • Data exploration analysis and determination of relevant cybersecurity features
  • Customized parsing for field extraction on incorrectly configured log sources
  • Implementation of dashboards to monitor performance of current log sources
SIEM Infrastructure improvements and optimization recommendations, including:
  • How to reduce operational cost by detecting collection of unnecessary logs and data transmission mechanisms.
  • Use cases that align with the cybersecurity strategy by leveraging expertise in both security and data science expertise in combination with available log sources
  • Data collection strategies to improve cybersecurity visibility

Phase II

Strategy implementation

  • Implement optimization recommendations to reduce operational cost
  • Mapping of Splunk (or any SIEM tool) add-ons to data sources
  • Collect asset and identity information for enrichment and correlation
  • Deploy add-ons to forwarders and indexers
  • Data model’s configuration and acceleration search load
  • Implementation of lookup tables for data enrichment
  • Implementation of operational alerts 
  • Implementation of dashboards and alerts for required use cases
  • Implementation of dashboards and reports to visualize security performance metrics.

Phase III

Machine Learning

  • Apply machine learning algorithms for data classification and exploratory analysis, including, cluster analysis, decision trees and PCA
  • Based on findings and business requirements, implement anomaly detection algorithms to identify useful insights from data
  • Reduce number of security alerts by using machine learning algorithms including clustering and automatic classification
  • Implement machine learning to detect anomalies on metrics

Download Our Case Study

* indicates required

Explore Other Resources from Advoqt Technology Group

SOAR is not just for Mature Organizations

The blog created by Rapid7 concerns security orchestration and automation tools. The blog gives a definition of what these tools do. A SOAR implementation would begin with defining and understanding the security issues being faced by the organization and thinking...

read more

Best SIEM Systems on the Market

Our fifth article is from Buyer’s Guide and is an article by Karen Scarfone of Scarfone Cybersecurity. This article gets into specifics concerning the top security information and event management (SIEM) systems. The tools collect security log data from many sources,...

read more

How to Prepare Your Data for Machine Learning

Our fourth article is a blog by Rostam Dinyari, a strategic cloud engineer, and concerns how an organization needs to gather and prepare data for machine learning deployment. A list of guidelines is presented. The first phase in data collection is to define the types...

read more

Share This Article

Click below to share on social media