Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How Co-Managed SOC Helps Derive Maximum Value from Your SIEM Investment

Security information and event management (SIEM) systems are crucial to cyber security, providing a solution for collecting and analyzing alerts from all manner of security tools, network infrastructure, and applications. But simply having a SIEM is not enough because to be truly effective, it must be properly configured, managed, and monitored 24x7.

And there’s the rub: few organizations have enough security expertise in-house to properly configure and manage their SIEM, never mind monitor it around the clock. Without that, you can’t get the full value from your SIEM investment.

A managed SIEM service, such as the Trustwave Co-Managed SOC, provides a solution, as Gartner has made clear.

“Buyers who have invested in SIEM technology use Managed SIEM services to derive more value. They … get assistance with decisions around strategy, architecture, maintenance, development, or support,” Gartner says in its Market Guide for Managed SIEM Services. “This leads to better security operations results.”

SIEMs Explained

Customers need that assistance due to the inherent complexity of SIEMs.

The basic function of a SIEM is to collect security data from various components in your network, including cloud-based and on-premises. But you don’t want to collect every possible piece of data, as that would quickly become overwhelming to monitor, serving only to increase operational costs without effective outcomes.

So, to be effective, a SIEM must be properly configured to your specific environment, targeting the use cases and applications that are most appropriate for your organization and its risk profile. And it’s hardly a “set it and forget it” endeavor. Rather, the SIEM must be continually tuned over time depending on the results it delivers, the health of its data feeds, and to keep up with changes in your environment.

Security professionals must also periodically assess whether the SIEM is generating useful alerts. In fact, a misconfigured SIEM can be more of a liability than a benefit. A never-ending stream of alerts and false positives puts the security organization in constant fire-drill mode, potentially unable to have the resources to investigate or identify truly impactful alerts amid the din.

Managed SIEM Services

As Gartner noted, managed SIEM services can fill the void. To date, such services have generally taken one of two varieties: Managed SIEM and SOC-as-a-Service (SOCaaS). 

Managed SIEM services are much like managed services for firewalls and endpoint detection and response (EDR) tools in that they help customers manage their SIEM. Most will include SIEM deployment, configuration and management, and some may include ongoing optimization. Often, however, managed SIEM offerings do not include 24x7 alert monitoring.

With SOCaaS, your provider assumes ownership of the SIEM infrastructure and product licensing. Think of SOCaaS as an extension of the managed security service provider (MSSP) model, often aimed at smaller organizations that don’t already have a SIEM nor a security operations center (SOC). Instead, companies direct all the data the SIEM produces to their provider, who takes responsibility for correlating alert data and finding actionable alerts amid all the false positives.

Trustwave Co-Managed SOC

Managed SIEM and SOCaaS may indeed be a step forward for companies that don’t have the resources to manage their own SIEM. But the Trustwave Co-Managed SOC approach adds several elements that help companies derive maximum value from their SIEM investments.

Trustwave Co-Managed SOC takes a four-step approach based on proven processes and use cases, along with experience from the Trustwave SpiderLabs team.

The first is “consult and plan,” where security experts assigned to your account create a roadmap specifically for your business. These experts assess your current capabilities and security priorities. They build a transition plan and tune your SIEM based on your priorities, drawing from an extensive library of field-proven and industry aligned use cases, as well as custom use cases specific to your environment. They also provide predictable cost and capacity estimates, so you won’t be subject to the runaway costs that can quickly arise when you simply send all SIEM alerts to your SIEM provider.

Next comes “build and onboard,” following a proven methodology and best practices to get you up and running quickly, accelerating time to value with a dedicated governance team.

The next two phases are ongoing. In the “manage and monitor” phase, Trustwave acts as a true extension of your security team, increasing their productivity and freeing up resources. And of course, Trustwave provides 24x7 incident monitoring and investigations to help you prioritize incidents with actionable recommendations for immediate action, informed by SpiderLabs global threat intelligence.

Finally, your Trustwave named security advisor will continually tune your SIEM for optimal performance for the specific use cases and security policies that are most important to your organization. Trustwave uses an iterative, closed loop method to SIEM management that involves constantly learning from the alerts your SIEM produces and tuning it to become increasingly more effective at homing in on the most important alerts – helping you reduce alert noise by up to 90%.

Adding Managed Detection and Response (MDR)

Trustwave Co-Managed SOC is also a great complement to the Trustwave Managed Detection and Response (MDR) service. With MDR, Trustwave security analysts provide deeper threat investigation, threat hunting, and response at the endpoint. They investigate to understand the full impact of a threat, enabling a more informed response. Running Co-Managed SOC in parallel with MDR means you not only get alerted to your most serious threats on a 24x7 basis but enable Trustwave to respond and contain threats.

Implementing a SIEM is an important part of any cyber security strategy, and a managed service is often a requirement to properly configure, operate, and monitor your SIEM. But don’t settle for a service that doesn’t help you derive maximum value from your SIEM investment and your internal resources.

Learn more about how Trustwave Co-Managed SOC can help: download our new guide, “Get Maximum Value from Your SIEM.”  And to learn more about how MDR fits into the picture, visit our MDR webpage.

Latest Trustwave Blogs

Trustwave’s Observations on the Recent Cyberattack on Aliquippa Water Treatment Plant

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity &...

Read More

How Trustwave Can Assist Tribal Governments Applying for $18 Million in DHS Cybersecurity Grants

Tribal governments are among the most underserved organizations in the US when it comes to cybersecurity preparation, with threat actors striking multiple tribes with a variety of cyberattacks.

Read More

Trustwave Backs New CISA, NCSC Artificial Intelligence Development Guidelines

The U.S. Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC) today jointly released...

Read More