Identify and Prioritize Your Cybersecurity Defenses
Discover and catalog security detection rules for your organization.
Prioritize these security use cases (early maturity/highest value to later maturity).
Analyze and document the data sources required to build those detection rules.
The result is a prescriptive path to mature your organization’s cyber defense program.
Primary Benefits
Security advice providing a roadmap outlining the security events for which to build detections.
Prioritization of these use cases.
Gap analysis based upon the security use cases selected, recognizing gaps in your organization’s security posture.
Recommendations tied to the number of use cases that your security operations center team can realistically respond to.
Log and data sources required to enable these detection rules.
Secondary Benefits
Proper sizing of SIEM licensing, so license acquisition is neither under-scoped nor over-scoped.
Assistance with sizing of the infrastructure required for any Splunk deployment. The required infrastructure is dependent upon the number of correlation searches occurring in your SIEM, which in turn are dependent upon the use cases that feed those correlation searches.
On-point estimation for implementation or expansion of your SIEM. Detailed requirements guide project estimation and vary from organization to organization as determined by:
— The number of detection rules selected
— Data sources that these detection rules are dependent upon
— Amount of custom versus out-of-the-box security use cases
— Several other factors
See How a Security Use Case Workshop Would Benefit Your Organization.