Security Incident and Event Management (SIEM) Overview

9/24/19 4:30 PM  |  by RedLegg Blog

Download Your Co-Managed SIEM Ebook

If you're beginning to research Security Incident and Event Management (SIEM) for your company, you may very well be overwhelmed by the associated cost. So, what does a SIEM deployment entail, and what is part of the cost of a co-managed SIEM service?

Your Baseline

Security Incident and Event Management (SIEM) is one of the first key components of your Security Operations Center (SOC). Although some companies may be small in size, they have customers, partners, and internal security responsibilities. SIEM is a baseline for sound Information Security Programs.

SIEM is only useful if installed correctly with tuned alerts, and then constantly tuned and updated to include managed, current, and documented threats. This full-time job is most efficiently provided through a Managed Security Services provider (MSSP).

Many MSSPs can create packages that truly improve the security posture of every organization. Every company, and situation, requires a unique implementation: using a canned or simplified approach is not RedLegg's methodology, but you may find that approach to be true for other MSSPs. MSSPs can offer different SIEM service models as well, including co-managed SIEM.

A proper implementation is a phased approach involving:

  • Kickoff & onboarding
  • Capability building
  • Baselining
  • Operational tuning
  • Ongoing monitoring
  • Case management & threat analysis

Your Scope

When approaching an MSSP about their SIEM service, the SIEM is scoped based on parameters such as events or messages per second by log source, log source types, and log collection/monitoring agents, as well as infrastructure appliances, host adapters, agent licenses, platform, and support services required.

This scoping exercise is therefore detailed and intense, based on your specific environment and needs, rather than a basic service with add-ons such as onboarding, minimum storage for the Enterprise Security Module, overage, etc. It is an intimate and serious exercise accounting for all elements of the environment, current and future, and completed before deployment has begun.

Who hasn’t found large scoping exercises and engagements overwhelming? Who wouldn’t rather do it themselves and avoid the long meetings and extended timelines? 

But Information Security is different. Your preferred MSSP needs the environment clean and secured to be assured that the deployment is correct and dependable. A detailed scoping exercise is really the only way to get there.

Your SIEM Service Model

Adding SIEM to your company's environment with Managed Security Services provides a professional platform deployment as well as other helpful tools, plus a staff of 20+ experts and analysts to handle your cybersecurity needs. Consider that the cost is not less than the salaries than that of two full-time Information Security professionals, and that the security staff is augmented virtually.

The experience of working with a true Information Security Services company offers many benefits that aren't often available with companies associated with lowest cost. As an example, RedLegg offers the following services:
  • SIEM platform
  • Dedicated lead engineer
  • 24x7 monitoring & management
  • Tuning, parsing & customization
  • Threat investigation & analysis
  • Co-managed SOC
  • vCISO advisory services availability
  • Vulnerability scans, penetration testing, & assessment services availability

Not Just About Cost

SIEM is costly. No doubt about it. But as the critical, necessary foundation to your growing SOC, the MSSP you choose to handle and manage the SIEM may be just as important. 

We'll be rolling out further blogs and resources to help you on the SIEM journey. If you have questions, don't be afraid to reach out. We're here to help!

Download Your Co-Managed SIEM Ebook

Rather not download the big guide to co-managed SIEM? Fair enough. 

Check out how to choose your best SIEM service provider, the effort difference between an in-house and co-managed SIEM team, or the true cost of fully managed vs co-managed SIEM.


Get Blog Updates

Related Articles

How To Operationalize Your SIEM Integration siem

How To Operationalize Your SIEM Integration

Implementing Security Information and Event Management (SIEM) into your organization's infrastructure can be a valuable ...
9 Ways To Improve Your SIEM Security Investigations siem

9 Ways To Improve Your SIEM Security Investigations

SIEM technology helps to provide a much needed window into the logging and alerting activity taking place in your ...
Critical Security Vulnerabilities Bulletin