Cygilant Blog
Cybersecurity Experts Discuss: Plan Your Use Cases

Cybersecurity Experts Discuss: Plan Your Use Cases

Posted by Steve Harrington on Oct 9, 2020

In our fourth post featuring Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint, we summarize why you need to plan your cybersecurity use cases. 

 

Whether you are launching a new cybersecurity program or looking to improve your existing one, a SIEM should play a large part in it’s success. However, it’s important to start small. Don’t get a SIEM in place and simply turn on every dashboard or alert rules on the first day. You’ll quickly become inundated with information. This defeats the purpose of a SIEM. The goal of a SIEM is to take huge amounts of data and condense it down into something digestible. 

 

A better approach is to spend time identifying the use cases that are applicable to your specific business. This, in turn, will provide a manageable list of assets and data for the SIEM to monitor so you can collect the right data. 

 

You’ll be in a much more manageable place by starting small with a number of identified use cases and mapping out an appropriate response for each. For example, say you are looking for accounts that may have been compromised and a cybercriminal is using stolen credentials to access critical data. We suggest developing playbooks that outline how to respond to various incidents when they come up for your identified use cases. 

 

Planning can be the difference between success and failure with your SIEM.

 

Resources

How to Benefit from a modern SOC and SIEM Get the whitepaper

Tags: Security Monitoring, SOC as a Service

Most Recent Posts

Subscribe to the Cygilant Newsletter