Trustwave's Co-Managed SOC (Security Operations Center) is a powerful offering that has a tremendous track record of helping organizations maximize the value realized from their SIEM (Security Information and Event Management) investment, reducing alert noise by up to 90%, while maintaining a position of “your SIEM, your content.”
The service has just received a major enhancement with the addition of Trustwave’s one-of-a-kind cybersecurity collaboration platform, Security Colony, which provides instant access to the tools an organization needs to be proactive and improve their security maturity.
The offer is supported by a dedicated Cyber Success Team with decades of SIEM, SOAR, and SOC experience, and extensive certifications.
Investing in a SIEM system is an expensive endeavor for any organization, requiring not only the cost of the technology itself, but also a large and well-trained staff to properly architect, deploy, and operate. Unfortunately, many organizations take the plunge and buy a SIEM without fully understanding the underlying support functions that must be in place for it to operate correctly and deliver on expected outcomes.
This is where Trustwave's Co-Managed SOC comes into play. This service is not a Managed SIEM technology offering but rather a holistic partnership in which Trustwave helps clients with multiple aspects of their SIEM and security operations. Trustwave’s ability to improve a client’s SIEM comes from having decades of experience managing SIEMs and having been involved with some of the most prominent SIEMs currently on the market. For example, Trustwave was one of the first preferred global MSSP partners for Microsoft Sentinel, which means our teams are veterans at properly tuning it for our clients.
SIEMs are incredibly powerful tools that gather information from multiple security sources to provide a variety of use cases, often including powerful analytics, dashboards, customized reports, and the generation of security alerts—all of which require analysis, interpretation and often, action. But one point that many SIEM owners do not adequately understand is that having this capability without the ability to manage and operate it properly can be a liability.
To ensure that a SIEM is properly implemented, managed, and monitored, Trustwave has developed and recently enhanced its Co-Managed SOC offering.
What Sets Trustwave Co-Managed SOC Offering Apart
By starting with the priority of helping clients achieve maximum value realization from their technology investments, we address the most challenging and impactful aspects of SIEM architecture, implementation, management, and operations.
Where many other players in this sector will ingest and monitor whatever alerts the SIEM generates, Trustwave recognizes that this approach is ineffective – because SIEM implementations are so highly customizable, even a great security analyst will be frustrated and ineffective in analyzing use cases that are unpredictable and lacking business context.
To overcome this challenge, Trustwave begins each Co-Managed SOC project with a consulting engagement, performed by highly skilled and experienced SIEM and SOC experts, to ensure that the SIEM is configured according to best practices, enhanced with highly effective use cases from Trustwave’s extensive library, and thoroughly documented for effective downstream operations. This also ensures that client priorities are well understood, and that there is a roadmap to help a client progress towards their medium and long-term goals over time. Trustwave’s extensive use case catalog is based on years of SIEM consulting across hundreds of clients in multiple industry verticals.
This provides both field-proven use cases as well as a foundation for personalized use cases specific to the needs of our clients. SIEM monitoring use cases are generally correlations and playbooks built to aid in the job of detecting, understanding, and responding to cybersecurity threats. For SIEM-detected threats that require human analysis or action, alerts and supporting information are presented to Trustwave and/or client analysts. As both the threat landscape and an organization’s technology infrastructure are constantly changing, the planning, building, and tuning of use cases is required to continuously differentiate noise from real threats.
Trustwave Doesn’t Hold a SIEM Hostage
Unlike many other vendors, Trustwave allows clients to retain these valuable use cases if they move on to another vendor or decide to operate their SOC independently. Not all vendors allow this to happen, many insist on removing the use cases when their agreement with the client ends, creating a vendor lock-in that is often counter to a client’s long-term investment objectives and ideal protection.
The final piece is the inclusion of a named Cyber Success Team advisor that works consistently with the same clients. This direct involvement delivers a level of intimacy that allows Trustwave to deeply understand a client’s business and implementation and continuously optimize the SIEM to deliver the best outcomes.
Trustwave's Co-Managed SOC benefits:
- Maximize investment value through end-to-end expertise
- Extend security teams with tenured SIEM & SOC experts
- Stop active threats with 24x7 real-time SpiderLabs global threat monitoring
- Optimize and tune SIEM use cases constantly for higher-fidelity threat detection
- Avoid alert fatigue and improve the productivity of security operations team
- Retain ownership of all SIEM improvements and use cases
- Mature security operations leveraging enterprise-proven methodologies and processes
- Instant access to cybersecurity tools and insights anytime with Security Colony
Trustwave Co-Managed SOC integrates with the four providers that currently control the majority of the SIEM market: Microsoft Sentinel, LogRhythm, IBM QRadar, and Splunk.
Trustwave Security Colony
Security Colony is a powerful self-service resource for CISOs that gives them direct access to a variety of tools that will allow them to self-diagnose problem. The Security Colony subscription that is included with Trustwave Co-Managed SOC gives the client access to the following Security Colony features:
- The Resource and Video Library
- Maturity Assessment
- Vendor Risk Assessment
- Ransomware Readiness Assessment
- Breach Monitor
- Public and Private Forums
Co-Managed SOC and Managed Detection and Response (MDR)
While a SIEM implementation and Trustwave’s Co-Managed SOC offering help organizations detect threats, having Trustwave’s MDR service in place in parallel, greatly enhances a co-managed SOC’s capabilities. MDR gives security analysts the ability to investigate and respond to threats directly on endpoints and in multiple security controls, conduct more complete threat hunting, and understand a threat more completely including its impact and blast radius, thus allowing the security team to react very quickly and with high confidence.
Implementing Trustwave Co-Managed SOC
Trustwave utilizes a proven approach to onboard new clients, and during the process, Trustwave maintains complete transparency and a clear delineation of responsibilities with processes put in place to avoid any potential redundancies and operational friction during steady state co-management.
Once fully optimized and implemented, Trustwave Co-Managed SOC clients can expect to receive added value for their SIEM investment, backed by a named Cyber Success Team security advisor that will ensure a superior level of direct involvement allowing Trustwave to keep its finger on the client’s pulse and continuously optimize the SIEM to deliver the best outcomes.