Ben Harrison, Director SOC and Security Services, Cygilant and Jake McCabe, CISSP, Presales Director, LogPoint continue their discussion on modern SOC and SIEM by discussing frameworks.
There are many cybersecurity frameworks examples, including NIST and ISO 27001, which provide a roadmap for organizations to protect themselves and their customers. The majority of these frameworks include SIEM, log management, and security detection.
A modern SIEM solution should map to a framework (or many) to offer dashboards, reports, and alerts. These insights help businesses implement a framework that helps auditors who might be conducting a maturity assessment and also help produce artifacts needed in an audit.
MITRE ATT&CK is another framework funded by the US government for the good of the public. The non-profit organization developed the framework to serve as an encyclopedia for all the known adversarial techniques that an enterprise would come into contact with in the course of its operations and security. It’s a great resource for those looking to bolster their attack and detection capabilities. By using this framework, an organization can see where they are covered to help drive decisions and mature their security program. It can be used to elevate your security game.
Finding a SIEM solution that aligns to the MITRE ATT&CK framework can help you see where you want to have coverage and implement alert rules based on this. By working with a SIEM that aligns to this framework, you will drive mitigation responses, make security improvements and make better decisions to advance the security of your cybersecurity program.
Is there one type of framework we recommend?
The answer is no; there is no one best framework. It really depends on your use case. So before selecting a framework, work out what you need to get from it.