In our fourth post featuring Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint, we summarize why you need to plan your cybersecurity use cases.
Whether you are launching a new cybersecurity program or looking to improve your existing one, a SIEM should play a large part in it’s success. However, it’s important to start small. Don’t get a SIEM in place and simply turn on every dashboard or alert rules on the first day. You’ll quickly become inundated with information. This defeats the purpose of a SIEM. The goal of a SIEM is to take huge amounts of data and condense it down into something digestible.
A better approach is to spend time identifying the use cases that are applicable to your specific business. This, in turn, will provide a manageable list of assets and data for the SIEM to monitor so you can collect the right data.
You’ll be in a much more manageable place by starting small with a number of identified use cases and mapping out an appropriate response for each. For example, say you are looking for accounts that may have been compromised and a cybercriminal is using stolen credentials to access critical data. We suggest developing playbooks that outline how to respond to various incidents when they come up for your identified use cases.
Planning can be the difference between success and failure with your SIEM.